Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday May 29 2014, @04:03AM   Printer-friendly
from the Another-one-bites-the-dust dept.

The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by stormwyrm on Thursday May 29 2014, @01:15PM

    by stormwyrm (717) Subscriber Badge on Thursday May 29 2014, @01:15PM (#48714) Journal

    Just had to make a few simplifying assumptions. Cryptosystems are complicated beasts, as you evidently understand as well as I do, and any vulnerability in any one area can and probably will eventually be discovered and exploited if someone cares to do so. The OP I replied to was talking about brute force attacks, and was saying how those would all eventually become feasible given advances in computing power, and speculated that that could be one reason why TrueCrypt was abandoned, just when an auditing project has gone underway that is intended to ensure that the code is solid. I didn't buy it, and considered the OP's other two speculations to be far more likely, because a simple brute force attack on the underlying block ciphers is infeasible with our current knowledge of mathematics and physics. That was all I was trying to argue, and you had to go and muddy the waters with all this talk about other components of cryptosystems that might be the source of vulnerability. :) I was not trying to argue the about the security or lack thereof of TrueCrypt as a whole.

    Note that I never disputed the assertion that there might be vulnerabilities in TrueCrypt that result in its being insecure. This is actually highly probable, as the codebase is complicated and has not been fully audited as of this writing, and the true authors are anonymous. But the fact that these vulnerabilities probably exist doesn't sound to me like a reason for the maintainers of TrueCrypt to completely abandon their work the way they have, which is the real topic of the discussion. Something smells very fishy here, and what's happened to their site makes something like an NSL or its equivalent a more likely explanation.

    And you were asking for a citation for why I say quantum mechanics can probably only cut the key search space in half. Here it is: Bennett C.H., Bernstein E., Brassard G., Vazirani U., The strengths and weaknesses of quantum computation. [arxiv.org] SIAM Journal on Computing 26(5): 1510-1523 (1997).

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by edIII on Thursday May 29 2014, @06:47PM

    by edIII (791) Subscriber Badge on Thursday May 29 2014, @06:47PM (#48872)

    I didn't buy it, and considered the OP's other two speculations to be far more likely, because a simple brute force attack on the underlying block ciphers is infeasible with our current knowledge of mathematics and physics. That was all I was trying to argue, and you had to go and muddy the waters with all this talk about other components of cryptosystems that might be the source of vulnerability. :)

    Well, I do agree that right now attempting the entire keyspace without any shortcuts is highly likely precluded by physics. That's what has provided all the momentum to work against the other components.

    I just to tend to disagree with the assertions that we should rest on our laurels so to speak and concentrate all of our efforts on shoring up implementations. To be completely honest, it just smells fishy and full of hubris. I'm suspicious and skeptical by nature and any time somebody seems to be saying something is near perfect and astronomical I tend to immediately wonder why it's being said, not that it was said. I have to muddy things up :)

    Something smells very fishy here, and what's happened to their site makes something like an NSL or its equivalent a more likely explanation.

    Now on that, we agree completely. It's far more likely IMO, that government got involved at a low level to attack implementation or other components and backdoor it, as we are talking about spying, logistics, and human behavior, not mathematics.

    Thank you very much for the citation. I got some reading to do...

    --
    Technically, lunchtime is at any moment. It's just a wave function.