Discussion in 'Article Discussion' started by Gareth Halfacree, 29 May 2014.
Snowden's favourite holed.
Bitlocker, that's real safe. no back-door access there
That's one of the clues that might point to an NSL. "Hey, why not use this proprietary software which almost certainly has a back-door in it. IT'S DEFINITELY MORE SECURE THAN THIS ONE. Nudge nudge, wink wink, say no more."
There's a tactic which relies on a loophole in the law: post a message saying "WE HAVE NOT BEEN SUBJECT TO A NATIONAL SECURITY LETTER." If you get an NSL, take the message down. Technically you're not breaching the gag order: you haven't told anyone you've received an NSL. 'Course, it's not something I'd fancy trying myself - reckon a judge would probably find you've broken the spirit of the law, even if you've abided by its precise wording...
It must be very hard to stand up against the likes of the NSA if they have made a multi-pronged attack on you, if the developers have discovered an existing back door, inserted into the code by a government agent pretending to be a valued contributor and the project has been hijacked and finally they received a NSL that's a lot to deal with, I'm only surprised it has not happened before or maybe they ignored previous threats and this time the NSA have ramped up the pressure, and as you say, the law would inevitably come down against you.
Indeed, basically this. Those were my first thoughts too.
It's ironic that an agency expected to provide people with security and safety is rendering the IT world insecure and unsafe.
I'm not so sure about some secret government agency forcing them to shut up shop, it's not like someone couldn't fork TrueCrypt like these guys in Sweden.
TBH i just think the TrueCrypt guys got fed up with it after 10 years and decided to call it a day.
EDIT: Not sure how much to trust the source of the following...
And then the TrueCrypt developers were heard from!
Tinfoil hat at the ready
Time to panic?
No. The TrueCrypt development team's deliberately alarming and unexpected “goodbye and you'd better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we're on our own.
But that's okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole.
So, thanks guys . . . we'll take it from here.
The original devs may not like it but it looks like the code will be forked, the current licensing restrictions removed, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.
There will be continuity . . . as an interesting new chapter of Internet lore is born.
Separate names with a comma.