Truecrypt site hacked?

Michael Butash michael at butash.net
Wed May 28 22:08:36 MST 2014 

I saw that, thought mostly the same, don't think it's a scam, probably 
just more hassle than it was worth to fend of legal aspects of giving 
free and *actual* secure crypto, it it ever was.  I saw someone paid 
Schneier to audit it, and he found it fairly robust, but with some flaw 
as well, but relatively minor all in all.  I only used it on usb keys as 
I didn't think luks volumes mounted under windoze, but found that they 
actually might, or at least truecrypt gave a link to something that 
seemed to be a windoze app to mount them.  Link was dead, but I plan on 
looking to see.

I'd love to see a real audit of luks too, as the last one standing for 
the most part for any kind of open whole disk encryption versatile 
enough to handle lower and higher level disk i/o adequately under linux.

Truecrypt seemed decent, but only as a medium between linux, windoze, 
and even occasionally mac systems that I needed to mount them on.  Sadly 
it really is asking a lot that there be some sort of standard around 
this cross-platform, with each systems' unique flaws and potentials for 
making the environments insecure for everyone around them a "feature".

I think there is more bad reason than good these methods don't exist in 
a complete secure fashion, as presumably most governments, corporations, 
and just about any profit center wants the options open for full 
exploitability of their choosing should they desire to see what anyone 
has.  I doubt it's a debatable option even at this point that on all 
levels, all things remain exploitable to some extent through purpose or 
simple error, but either way generally still exist.

Layers... I use full encryption on all my personal systems now, but its 
impossible to trust everything.  I don't do ecryptfs atop luks, as I'd 
like some reasonable expectation of performance and not overkilling my 
SSD's.  I'd love to otherwise.

Someone comes and heists every computer, tablet, or phone in your house 
with a warrant in a "crime" with law enforcement officers, your data is 
forfeit by and large, encrypted or not.  Scary part is what occurs when 
they don't bother to come physically, or tell you.

-mb


On 05/28/2014 09:33 PM, Bryan O'Neal wrote:
> WTF!!! No! Say it is not so!
> If it was actually insecure where are the exploits? Bitlocker has had
> cracked and is known to be flawed. I have heard that the US government
> has been putting pressure on true crypt to provide a dedicated back
> door for some time but I thought that was just smoke. I love true
> crypt and move encrypted disks freely between windows, mac, and linux.
>
> I is sad :(
>
> On Wed, May 28, 2014 at 5:39 PM, Derek Trotter <expat.arizonan at gmail.com> wrote:
>> Today I read at The Register that the truecrypt site redirects to their
>> sourceforge page, and that has a statement saying development has been
>> discontinued.  I checked and saw for myself.
>>
>> I'm wondering if this is for real or if the truecrypt people have been
>> hacked.
>>
>> http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
>>
>> If this is for real, are there any alternatives?
>>
>> --
>> "I get my copy of the daily paper, look at the obituaries page, and if I’m
>> not there, I carry on as usual."
>>
>> Patrick Moore
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list