Linux Mint - Free and powerful

Thursday, 29 May 2014

Suspicious TrueCrypt Announcement Declares The Tool Insecure, Development Stopped ~ Web Upd8: Ubuntu / Linux blog

Suspicious TrueCrypt Announcement Declares The Tool Insecure, Development Stopped ~ Web Upd8: Ubuntu / Linux blog:

'via Blog this'

TrueCrypt was an application which could be used to create virtual encrypted disks within a file or encrypt entire partitions or storage devices. I said "was" because Truecrypt's homepage started redirecting to its SourceForge page and a warning is displayed at the top of the page:

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform

And then, the page goes on, explaining how to migrate your data from TrueCrypt to BitLocker.

On a first look, this doesn't seem legit because of the redirection (why not change its homepage?), the message (if there are security issues, why not fix them or at least try to? - also, a recent security audit didn't reveal major issues though more audits were pending) and because of the alternative the page recommends: BitLocker, a proprietary full disk encryption feature included with Windows, which poses quite a few security concerns itself.

The TrueCrypt SourceForge page now hosts a new version of TrueCrypt which contains warnings that the program isn't safe to use. Also, the application was changed so that it allows users to decrypt data but not to create new volumes.

There are various speculations as to what actually happened with TrueCrypt, including scenariosin which the NSA had pressured the developers into doing this or that they've refused to add NSA backdoors. On the other hand, Matthew Green, a professor specializing in cryptography at Johns Hopkins University and one of the people that worked on the TrueCrypt audit, says that he thinks this is legit.

Here are some interesting articles / comments on this topic:


Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers


Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed


Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.