Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by edIII on Thursday May 29 2014, @09:16AM

    by edIII (791) Subscriber Badge on Thursday May 29 2014, @09:16AM (#48635)

    NOTHING is impenetrable to brute force

    Properly implemented OTP is mathematically proven to be immune to brute force attacks. You can literally generate ANY plaintext as long as it's the same length as the OTP ciphertext, and have absolutely no way whatsoever of knowing that you guessed the correct key. The key itself is supposed to be high entropy from preferably non-deterministically generated numbers. There is no math involved other than modular addition, and even then, it's a 1:1 relationship between each and every single bit of the plaintext and key. That's it. There is NO relationship between the 2nd bit and the millionth bit. Assuming a truly random key it's impossible to state beyond a reasonable doubt you found the key.

    That's the most dangerous part of OTP. Information bias can lead you to assume that a generated plaintext from your chosen key was what you are looking for.

    What do you want me to have been guilty of? Child pron? Just take any CP image bump it up against the ciphertext, obtain your key, and then claim the extra stuff was padding designed to confuse analysis. Industrial espionage? Same thing. A manifesto saying you are the one responsible for the bombs? Just as easy.

    OTP is perfection as far as the method (maybe a slight addition to prevent stream attacks) is concerned. What is not perfected yet is the key exchange, and the enormously ridiculous requirement that key size be exactly the same length as the plaintext.

    Otherwise, yes, OTP is specifically known to be immune toinfinite processing power.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4