According to a German researcher, Mattias Schlenker, we are to expect that the reason for TrueCrypt's recent shutdown is not a National Security Letter, but a serious security flaw in how TC container files are created on Windows.
He expects the flaw to become public within a week.
What gives this chap some credibility is that he's one of the developers of "desinfec't", a Knoppix-based live Linux that comes with several virus scanners and is distributed by well-renowned German computer magazine c't (whose mother company/publishing house, Heise, hosts the forum where he made his announcement).
Link to his original German posting: http://www.heise.de/security/news/foren/S-Re-Warum -TrueCrypt-nicht-in-Desinfec-t-enthalten-ist/forum -280432/msg-25289876/read/
See our earlier coverage: TrueCrypt Discontinued, Compromised.
(Score: 2) by Angry Jesus on Saturday May 31 2014, @05:32AM
To over-simplfy: A good seed is just a starting point (that's why its called a seed). For any generator, if you start with the same seed you'll get the same list of pseudo-random numbers out of it. If the generator's algorithms are weak or somehow flawed, then even a purely random seed won't be enough to guarantee that the list of "random" numbers really is random.
Here's an explanation of how a deliberately weakened random number generator can be exploited, you don't really have to follow anything but the most basic math in the explanation to see how the end result is compromised.
http://numberworld.blogspot.com/2013/09/nsas-sp800 -90-dual-ec-prng.html [blogspot.com]
(Score: 2) by Tork on Saturday May 31 2014, @11:08PM
I appreciate it, thank you.
🏳️🌈 Proud Ally 🏳️🌈