Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday May 29 2014, @04:27AM

    by Anonymous Coward on Thursday May 29 2014, @04:27AM (#48556)

    Maybe they found bugs they can't fix. Sometimes inherent design flaws cause entire projects to be abandoned. At least there's an announcement.

  • (Score: 0) by Anonymous Coward on Thursday May 29 2014, @04:30AM

    by Anonymous Coward on Thursday May 29 2014, @04:30AM (#48557)

    Ya, they should have just abandoned it and let it rot.

  • (Score: 3, Insightful) by Anonymous Coward on Thursday May 29 2014, @06:29AM

    by Anonymous Coward on Thursday May 29 2014, @06:29AM (#48591)

    Right. And then they go on to recommend fucking BitLocker, proprietary software that is quite probably backdoored by the NSA given how Microsoft seems so cosy with them. Inherent design flaws my ass.

    • (Score: 3, Insightful) by maxwell demon on Thursday May 29 2014, @11:15AM

      by maxwell demon (1608) Subscriber Badge on Thursday May 29 2014, @11:15AM (#48673) Journal

      If you don't trust Microsoft, you don't access your secret data under Windows. Because no matter whether you use BitLocker, TrueCrypt or anything else, as soon as you access the data under Windows, Windows will have access to it. So given that Windows and BitLocker are both made by Microsoft, there's no security difference between BitLocker under Windows and TrueCrypt under Windows. Indeed, you could argue that BitLocker under Windows is more secure, since you only have to trust Microsoft, while with TrueCrypt under Windows you have to trust both Microsoft and the TrueCrypt developers.

      And no, that TrueCrypt's source code is available doesn't help you in this case, since Windows' source code isn't.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2) by ancientt on Thursday May 29 2014, @09:53PM

        by ancientt (40) <ancientt@yahoo.com> on Thursday May 29 2014, @09:53PM (#48930) Homepage Journal

        since Windows' source code isn't.

        Not to you or me certainly, but it is to some people [windowsitpro.com]. I don't really know how talented their security reviewers are or what NDAs they're bound by, but it isn't fair to say that nobody has access to it.

        --
        This post brought to you by Database Barbie
  • (Score: 5, Informative) by coolgopher on Thursday May 29 2014, @07:13AM

    by coolgopher (1157) Subscriber Badge on Thursday May 29 2014, @07:13AM (#48608)

    I see the Wayback Machine for truecrypt.org says:

        Sorry.

        This URL has been excluded from the Wayback Machine.

    https://web.archive.org/web/http://truecrypt.org/ [archive.org]

    Sounds like more than just an abandoned project to me. I might have to go find that tinfoil hat again.

    • (Score: 2, Interesting) by acharax on Thursday May 29 2014, @09:17AM

      by acharax (4264) on Thursday May 29 2014, @09:17AM (#48636)

      Archive.org retroactively respects robots.txt, anybody could take over a domain and get it excluded from archive.org more or less on the fly.

      • (Score: 1) by coolgopher on Thursday May 29 2014, @09:35AM

        by coolgopher (1157) Subscriber Badge on Thursday May 29 2014, @09:35AM (#48644)

        Huh, I wasn't aware of that. That seems like a misfeature to me, but oh well. Might not need the hat after all then!

        • (Score: 2) by egcagrac0 on Thursday May 29 2014, @12:04PM

          by egcagrac0 (2705) on Thursday May 29 2014, @12:04PM (#48690)

          It seems like a misfeature, but it's the way they've decided to do takedown requests for people who left sensitive information secured only by obscurity.

      • (Score: 1) by iWantToKeepAnon on Thursday May 29 2014, @01:26PM

        by iWantToKeepAnon (686) Subscriber Badge on Thursday May 29 2014, @01:26PM (#48717) Homepage Journal
        Simple, just use archive.org to look back at archive.org before the robots.txt change!
        --
        "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
      • (Score: 2) by sgleysti on Thursday May 29 2014, @03:43PM

        by sgleysti (56) on Thursday May 29 2014, @03:43PM (#48791)

        I've done this. I think I also had to e-mail them to delete the older versions before I changed robots.txt to deny all.

    • (Score: 0) by Anonymous Coward on Thursday May 29 2014, @10:40AM

      by Anonymous Coward on Thursday May 29 2014, @10:40AM (#48663)

      i like:

      https://www.archive.is/ [archive.is]