SoylentNews is people
SoylentNews
from the some-settling-of-contents-may-have-occurred dept.
According to a German researcher, Mattias Schlenker, we are to expect that the reason for TrueCrypt's recent shutdown is not a National Security Letter, but a serious security flaw in how TC container files are created on Windows.
He expects the flaw to become public within a week.
What gives this chap some credibility is that he's one of the developers of "desinfec't", a Knoppix-based live Linux that comes with several virus scanners and is distributed by well-renowned German computer magazine c't (whose mother company/publishing house, Heise, hosts the forum where he made his announcement).
Link to his original German posting: http://www.heise.de/security/news/foren/S-Re-Warum -TrueCrypt-nicht-in-Desinfec-t-enthalten-ist/forum -280432/msg-25289876/read/
See our earlier coverage: TrueCrypt Discontinued, Compromised.
(Score: 1) by AnonTechie on Friday May 30 2014, @09:08PM
It is indeed sad that TrueCrypt, which was trusted by millions to keep their data safe, is no longer secure. I do hope that as good an alternative is made available by the contributors to Open Source software. I understand that Bruce Schneier is now advocating using Symantec Drive Encryption (based on PGP) https://www.schneier.com/blog/archives/2014/05/tru ecrypt_wtf.html [schneier.com]
What would you use instead of TrueCrypt ??
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 4, Insightful) by Ethanol-fueled on Friday May 30 2014, @09:15PM
> Trusting Symantec
> 2014
LOL
(Score: 1) by Horse With Stripes on Friday May 30 2014, @11:00PM
25 years of LOL [soylentnews.org] and it's still apt in this scenario.
(Score: 4, Insightful) by wonkey_monkey on Friday May 30 2014, @09:33PM
was never secure.
systemd is Roko's Basilisk
(Score: 2) by frojack on Saturday May 31 2014, @01:15AM
That may or may not be true, we don't know when this error slipped in.
To date, I'm not aware of anyone successfully breaking into it, nor of any exploits in the wild.
What makes this story sound suspicious, is that the normal response would be to Warn of the issue, so users could take extra care, fix the problem and publish a method of re-creating your encrypted containers.
Instead, they throw up their hands and walk away. !!!
Is it THAT broken? Did life get in the way, new jobs, new wife, just pissed off?
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by stormwyrm on Friday May 30 2014, @10:17PM
Your link doesn't seem to say that Schneier is advocating Symantec Drive Encryption or any other product in lieu of TrueCrypt. It's just a summary page with links to other coverage of the event. Schneier's only personal comment on that page is to respond to why his name appears in the credits of TrueCrypt, and he denies knowing any of the authors.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by AnonTechie on Saturday May 31 2014, @10:35AM
Sorry for not linking the correct article. I read about Schneier here:
TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead._ analysis/ [theregister.co.uk]
The TrueCrypt project abruptly imploded on Wednesday - leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on his blog. "Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we'll have to wait and see what develops."
http://www.theregister.co.uk/2014/05/29/truecrypt
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 2, Insightful) by bryan on Friday May 30 2014, @10:40PM
LUKS encrypted file systems have been natively supported in most Linux distros for 5+ years. These encrypted file systems can be easily created on the command line or with a GUI tool like "gnome-disks". If you, for example, insert a thumb drive formated as a LUKS, the desktop environment pops up a password dialog to automatically mount the file system for you.
TrueCrypt mainly catered to Windows users. Also, the TrueCrypt license was incompatible with both the free-software and the Open Source Initiative philosophies.
(Score: 2, Interesting) by cykros on Saturday May 31 2014, @04:06PM
LUKS is great for crypto, but afaik, it doesn't do the plausible deniability hidden containers thing. Nor does anything else I know of. THIS is what always set Truecrypt apart to me, and is why it seemed relevant even on Linux systems. I'd love for someone to suggest something else that has this functionality, but haven't had any luck there yet.
/me waits for a fork.
(Score: 0) by Anonymous Coward on Sunday June 01 2014, @12:37PM
This is an alternative, compatible implementation of truecrypt for Linux and BSD. I'm surprised it is not more widely known and supported.
https://github.com/bwalex/tc-play [github.com] [github.com]
Also, for Linux, cryptsetup-LUKS can now mount truecrypt containers.