Stories
Slash Boxes
Comments

SoylentNews is people

TrueCrypt: Flaw in Container Creation Suspected

posted by martyb on Friday May 30 2014, @08:45PM   Printer-friendly
from the some-settling-of-contents-may-have-occurred dept.

Anonymous Coward writes:

According to a German researcher, Mattias Schlenker, we are to expect that the reason for TrueCrypt's recent shutdown is not a National Security Letter, but a serious security flaw in how TC container files are created on Windows.

He expects the flaw to become public within a week.

What gives this chap some credibility is that he's one of the developers of "desinfec't", a Knoppix-based live Linux that comes with several virus scanners and is distributed by well-renowned German computer magazine c't (whose mother company/publishing house, Heise, hosts the forum where he made his announcement).

Link to his original German posting: http://www.heise.de/security/news/foren/S-Re-Warum -TrueCrypt-nicht-in-Desinfec-t-enthalten-ist/forum -280432/msg-25289876/read/

See our earlier coverage: TrueCrypt Discontinued, Compromised.

 
This discussion has been archived. No new comments can be posted.
TrueCrypt: Flaw in Container Creation Suspected | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by stormwyrm on Friday May 30 2014, @10:17PM

    by stormwyrm (717) on Friday May 30 2014, @10:17PM (#49331) Journal

    Your link doesn't seem to say that Schneier is advocating Symantec Drive Encryption or any other product in lieu of TrueCrypt. It's just a summary page with links to other coverage of the event. Schneier's only personal comment on that page is to respond to why his name appears in the credits of TrueCrypt, and he denies knowing any of the authors.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by AnonTechie on Saturday May 31 2014, @10:35AM

    by AnonTechie (2275) on Saturday May 31 2014, @10:35AM (#49521) Journal

    Sorry for not linking the correct article. I read about Schneier here:

    TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead.
    The TrueCrypt project abruptly imploded on Wednesday - leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on his blog. "Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we'll have to wait and see what develops."
    http://www.theregister.co.uk/2014/05/29/truecrypt_ analysis/ [theregister.co.uk]

    --
    Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."