Truecrypt may be COMPROMISED

7 replies [Last post]
ahj
ahj

I am a member!

Offline
Joined: 06/03/2012

From the TrueCrypt website:

__________________

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
___________________

This is very suspicious. Not only have they changed their website to promote a proprietary encryption program, but they've also released a new version of TrueCrypt, with commits that are uncomfortably odd. I think it's unlikely that it's some rogue cracker, as they would need the GPG keys for the compilation of the new 7.2 version.

My money is on this being a warrant-canary. Someone or some group is forcing TrueCrypt to install a backdoor, and this is the developers' way of warning everyone. We could be observing another Lavabit 2.0 in slow motion. And it is yet another reason to only use FSF-certified free software licenses.

Some interesting discussion here:

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

http://www.reddit.com/r/linux/comments/26qe9f/truecrypt_is_not_secure_official_sourceforge_page/

axgb
Offline
Joined: 09/22/2013

But TrueCrypt has never been free.
I am sure you are right. But how can TrueCrypt be FORCED to put a backdoor in?
But it does say on Wikipedia that TrueCyrpt was unsuccesfully cracked by the FBI, so unless that is false, wound't it be safe to use an older version?
The encryption that may come with Windows is obviously not secure. Only a fool would use it if they genuinley needed their files to be encrypted. Its just something a teenager would use to keep his stupid friends from going through his files.

Michał Masłowski

I am a member!

I am a translator!

Offline
Joined: 05/15/2010

Yes, developers of nonfree programs normally recommend other nonfree
programs. Use cryptsetup or ecryptfs. They are free, integrated and
since 1.6 (in Belenos) cryptsetup can access existing TrueCrypt volumes.

lammi87

I am a member!

Offline
Joined: 07/27/2012

You can also use Tomb: http://www.dyne.org/software/tomb/

Jodiendo
Offline
Joined: 01/09/2013

At home I use both GNU/Linux and Windowz, my favorite one is Trisquel but for other stuff, my spouse likes to use that dammed Windowz.

The question is, What other programs besides GNU/LINUX, that are a secure for encryption under windowz 7, I could use?

Sorry If I'm a bit off topic.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

To encrypt files and emails (but not partitions), Windows' victims can use Gpg4win: http://www.gpg4win.org

alimiracle
Offline
Joined: 01/18/2014

To encrypt partitions
you can use
losetup

http://www.tldp.org/HOWTO/pdf/Cryptoloop-HOWTO.pdf

axgb
Offline
Joined: 09/22/2013

I do not believe that they ended it because of Windows XP support ending at least because they did not end it on the actual day that it happened (april 5th i think), they did it 2 months later, which seems pointless, and if that was the real reason, they would give warning, tell people that it is going to stop. SO clearly there is a less nice reason than seeing no need for it.