Stories
Slash Boxes
Comments

SoylentNews is people

TrueCrypt Discontinued, Compromised?

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

J053 writes:

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

 
This discussion has been archived. No new comments can be posted.
TrueCrypt Discontinued, Compromised? | Log In/Create an Account | Top | 91 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by stormwyrm on Thursday May 29 2014, @09:04AM

    by stormwyrm (717) on Thursday May 29 2014, @09:04AM (#48629) Journal

    So where's the supernova you can harness for the energy needed to break a 256-bit key? Or can you wait until the heat death of the universe? The theoretical minimum amount of energy based on arguments for computing using the known laws of physics requires at least that much energy to brute force a 256-bit symmetric key. Perhaps it might be feasible for a Kardashev Type 3 civilisation, but for us puny type 0 civilisations it is far beyond the realm of feasibility. As Bruce Schneier [schneier.com] put it:

    These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

    Sure, anything can be brute forced. It just isn't practical to do so, which makes it practically bullshit to even try.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Interesting) by edIII on Thursday May 29 2014, @09:27AM

    by edIII (791) on Thursday May 29 2014, @09:27AM (#48642)

    Sure, anything can be brute forced. It just isn't practical to do so, which makes it practically bullshit to even try.

    That's just it though. You're missing the bigger point. Nobody is even trying to brute force anything .

    At least not anymore. Once the permutations so strongly exceeded total processing power, attackers simply had no choice but to stop. They didn't even brute force Enigma the way you allude to. Take a deeper look at how Enigma was attacked. They had enough processing power during WWII to brute force Enigma *AFTER* they first reduced the keyspace with nifty mathematical analysis.

    The real game, and real attack surfaces, are sophisticated analysis of the gestalt view of the ciphertext. It's a known process by which probabilities are understood, and the effective keyspace is reduced to a more viable level that can be brute forced in time periods acceptable to governments and LEO.

    --
    Technically, lunchtime is at any moment. It's just a wave function.