Jump to content
The Corroboree
Sign in to follow this  
Followers 0
at0m

Warning: Truecrypt

By at0m, in News & Notices

Recommended Posts

at0m   

at0m
Posted

The truecrypt website has been taken moved to http://truecrypt.sourceforge.net/ and there is now a rather ominous warning.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

It's not really known what's happened yet, it's very sudden and without explanation.

Here's what we do know:

  • The binary currently on the website (7.2) is decrypt only.
  • It's signed with the keys previously used to sign TC binaries
  • It's really strange.

What we don't know is why... Some theories include:

  • Hacked. Their website & keys somehow got compromised. This is pretty big if it is.
  • Canary. This is their way of saying "We're in trouble. Stop using our stuff".
  • Dead Man's Switch. Similar to the above but could also happen in-case of death/arrest.
  • Internal issues with the team. Power struggle, rouge, psychological issues.
  • Huge implementation issue/vulnerability/bug. Only option was to pull the plug so they don't have to disclose it to the public/LEO and put everyone at risk (they were recently privately audited so this is plausible)

I'll try keep you guys up to date if anything else comes to light.

  • Like 2

Share this post

Link to post
Share on other sites

-RC-   

-RC-
Posted

Um, what is Truecrypt? :huh::blush:

Share this post

Link to post
Share on other sites

at0m   

at0m
Posted

Truecrypt is/was the most commonly used drive/container encryption program out there. Make storage devices (USBs, external hard drives, etc) or 'containers' (virtual drives) completely unreadable to anyone that doesn't have the password/key.

https://en.wikipedia.org/wiki/TrueCrypt

  • Like 2

Share this post

Link to post
Share on other sites

Auxin   

Auxin
Posted

The not secure warning is meant as a long term one.

The devs have stopped developing truecrypt and so no new security updates will come in the future.

Theres no shortage of guesses as to why they stopped, but my gut says those guys spent a decade giving us a wonderfully high quality product, theyre tired of doing it, and they dont want to hand it over to others who might ruin it.

So far theres no evidence it was compromised.

7.1a will probably last us a good long while as we wait for a equally good and safe replacement.

  • Like 2

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing News & Notices
×