1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News TrueCrypt downed by alleged insecurities

Discussion in 'Article Discussion' started by Gareth Halfacree, 29 May 2014.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,561
    Likes Received:
    1,367
  2. Umbra

    Umbra New Member

    Joined:
    18 Nov 2013
    Posts:
    636
    Likes Received:
    17
    Bitlocker, that's real safe. no back-door access there :rolleyes:
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,561
    Likes Received:
    1,367
    That's one of the clues that might point to an NSL. "Hey, why not use this proprietary software which almost certainly has a back-door in it. IT'S DEFINITELY MORE SECURE THAN THIS ONE. Nudge nudge, wink wink, say no more."

    There's a tactic which relies on a loophole in the law: post a message saying "WE HAVE NOT BEEN SUBJECT TO A NATIONAL SECURITY LETTER." If you get an NSL, take the message down. Technically you're not breaching the gag order: you haven't told anyone you've received an NSL. 'Course, it's not something I'd fancy trying myself - reckon a judge would probably find you've broken the spirit of the law, even if you've abided by its precise wording...
     
  4. Umbra

    Umbra New Member

    Joined:
    18 Nov 2013
    Posts:
    636
    Likes Received:
    17
    It must be very hard to stand up against the likes of the NSA if they have made a multi-pronged attack on you, if the developers have discovered an existing back door, inserted into the code by a government agent pretending to be a valued contributor and the project has been hijacked and finally they received a NSL that's a lot to deal with, I'm only surprised it has not happened before or maybe they ignored previous threats and this time the NSA have ramped up the pressure, and as you say, the law would inevitably come down against you.
     
  5. RTT

    RTT #parp

    Joined:
    12 Mar 2001
    Posts:
    14,120
    Likes Received:
    74
    Indeed, basically this. Those were my first thoughts too. :sigh:
     
  6. forum_user

    forum_user forum_title

    Joined:
    4 Jan 2012
    Posts:
    511
    Likes Received:
    3
    It's ironic that an agency expected to provide people with security and safety is rendering the IT world insecure and unsafe.
     
  7. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    8,952
    Likes Received:
    273
    I'm not so sure about some secret government agency forcing them to shut up shop, it's not like someone couldn't fork TrueCrypt like these guys in Sweden.

    TBH i just think the TrueCrypt guys got fed up with it after 10 years and decided to call it a day.

    EDIT: Not sure how much to trust the source of the following...

    And then the TrueCrypt developers were heard from!
    https://www.grc.com/misc/truecrypt/truecrypt.htm
     
    Last edited: 30 May 2014
  8. brave758

    brave758 New Member

    Joined:
    16 Apr 2009
    Posts:
    1,142
    Likes Received:
    29
    Tinfoil hat at the ready
     
  9. Umbra

    Umbra New Member

    Joined:
    18 Nov 2013
    Posts:
    636
    Likes Received:
    17
    Time to panic?

    No. The TrueCrypt development team's deliberately alarming and unexpected “goodbye and you'd better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we're on our own.

    But that's okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole.

    So, thanks guys . . . we'll take it from here.


    The original devs may not like it but it looks like the code will be forked, the current licensing restrictions removed, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.

    There will be continuity . . . as an interesting new chapter of Internet lore is born.
     

Share This Page