In an update to the speculation that TrueCrypt development was officially discontinued as a response to efforts by US intelligence agencies to compromise the project, the TrueCrypt web site seems to contain a secret message warning potential users of NSA interference in the integrity of the software. The apparent message, "Don't use TrueCrypt because it is under the control of the NSA" is read as an acrostic in Latin, contained in the message announcing developer cessation of the project on SouceForge. Two independent analytical exercises, conducted independently, arrive at the same conclusion. User "Badon" at the Live Business Chat message board has a detailed exegesis including screenshots and footnotes.
[EDITOR'S NOTE: I have cross checked this on some Latin specific sites, and the consensus seems to be that it is nonsensical from a perspective of proper Latin grammar and syntax. However, Google Translation does reproduce these results. I can certainly believe that a warning might have been composed using G.T. rather than by consulting a classicist. --ED]
(Score: 5, Insightful) by Lagg on Tuesday June 17 2014, @11:19AM
Now let me make one thing perfectly clear. I do not underestimate the NSA. I'm as disgusted in them as the next person and I will hate them until either I die or they do (and I don't just mean the organization itself). But come on. Really? This is just getting more and more unbelievable and making me dislike truecrypt's maintainers as time goes on. For one thing there are less ambiguous ways of embedding a warning and for another thing truecrypt is open source. I don't know why this is such a hard thing to grasp right now and not only is it open source but there was a successful first pass audit of the code and said audit is still ongoing. Or at least I hope so and the people who organized it and are being hired with that funding money aren't going to be called corrupt or something.
This is just... Unethical. Even if this was completely true these authors are the biggest jackasses in both the world of code and cryptography alike. You don't go "This is compromised. Better use this proprietary tool instead. It's probably not compromised since you can't see the code". Schrodinger's programming. The best kind of programming.
http://lagg.me [lagg.me] 🗿
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @11:32AM
I think the developer(s) are just fucking with everyone, and the ones who see the NSA behind every tree are eating this shit up. Or, the developers are worse than the people who see the NSA behind every tree and they've decided that their tinfoil hats are no longer effective.
Next they'll come out and say that they saw "NSA agents" peeping into their girlfriend's bedroom window.
(Score: 2, Informative) by Horse With Stripes on Tuesday June 17 2014, @12:44PM
Either way - true or just seeing ghosts - I'm not using TrueCrypt anymore.
(Score: 2) by Rune of Doom on Tuesday June 17 2014, @01:50PM
Which, to go further down the rabbit hole, could also be the point.
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @03:18PM
Indeed. The whole thing reminds me of a haunted house horror movie... at some point, the characters hear a spooky voice saying "Geeettttt ouuuuuuttttttt...." Do they get out? No, no they don't -- and the horror part begins.
For some reason yet unknown for sure, the TrueCrypt folks flat out told everyone: "Geeettttt ouuuuuuttttttt.... (ahem) stop using this." Y'all can sit around and wonder why, but I'm getting out.
(Score: 1) by q.kontinuum on Tuesday June 17 2014, @11:33AM
So is openssl in BSD [theregister.co.uk], and they do a lot of reviews as well...
To me this was a clear hint that TrueCrypt is not only un-maintained, but most likely really has or will have some backdoor. I will not use bitlocker (as it isn't available for the systems I usually use ;-)), but this advice emphasized to me that they really want to discourage me to use TrueCrypt for some probably sound reason they don't want to spell out loud.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 4, Insightful) by Darth Turbogeek on Tuesday June 17 2014, @12:35PM
IF TrueCrypt was compromised by the NSA, do you really think they would be able to say it directly? This is about as good a canary as they could do.
And really, why is anyone doubting the project is compromised by a TLA? Do we need a slideshow from Snowden to get the doubters to see reality? I view it as properly ethical to undermine a compromised encryption project.
(Score: 2) by HiThere on Tuesday June 17 2014, @07:35PM
The thing is, you don't need to assume it was compromised by (specific group). All you need to assume is that it's compromised. Maybe it's the Russian Mafia. Maybe it's the NSA. Maybe it's (what's that British group?). Doesn't really matter by who. Not for this purpose.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by sjames on Tuesday June 17 2014, @06:41PM
I would like to see the audit completed on the current version, but it's not likely the problem. The most plausible scenario involving the NSA is that they were attempting to use some sort of pseudo-legal process to force the release of a corrupt future version complete with a gag order. Their actions would be an excellent response to that assuming they didn't want to go to jail.