Truecrypt site hacked?

Eric Cope eric.cope at gmail.com
Wed May 28 22:09:40 MST 2014 

Here are checksums for it from a security audit...
https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

My money is a Lavabit type of response to an NSL or equivalent...

Eric


On Wed, May 28, 2014 at 10:08 PM, Michael Butash <michael at butash.net> wrote:

> I saw that, thought mostly the same, don't think it's a scam, probably
> just more hassle than it was worth to fend of legal aspects of giving free
> and *actual* secure crypto, it it ever was.  I saw someone paid Schneier to
> audit it, and he found it fairly robust, but with some flaw as well, but
> relatively minor all in all.  I only used it on usb keys as I didn't think
> luks volumes mounted under windoze, but found that they actually might, or
> at least truecrypt gave a link to something that seemed to be a windoze app
> to mount them.  Link was dead, but I plan on looking to see.
>
> I'd love to see a real audit of luks too, as the last one standing for the
> most part for any kind of open whole disk encryption versatile enough to
> handle lower and higher level disk i/o adequately under linux.
>
> Truecrypt seemed decent, but only as a medium between linux, windoze, and
> even occasionally mac systems that I needed to mount them on.  Sadly it
> really is asking a lot that there be some sort of standard around this
> cross-platform, with each systems' unique flaws and potentials for making
> the environments insecure for everyone around them a "feature".
>
> I think there is more bad reason than good these methods don't exist in a
> complete secure fashion, as presumably most governments, corporations, and
> just about any profit center wants the options open for full exploitability
> of their choosing should they desire to see what anyone has.  I doubt it's
> a debatable option even at this point that on all levels, all things remain
> exploitable to some extent through purpose or simple error, but either way
> generally still exist.
>
> Layers... I use full encryption on all my personal systems now, but its
> impossible to trust everything.  I don't do ecryptfs atop luks, as I'd like
> some reasonable expectation of performance and not overkilling my SSD's.
>  I'd love to otherwise.
>
> Someone comes and heists every computer, tablet, or phone in your house
> with a warrant in a "crime" with law enforcement officers, your data is
> forfeit by and large, encrypted or not.  Scary part is what occurs when
> they don't bother to come physically, or tell you.
>
> -mb
>
>
> On 05/28/2014 09:33 PM, Bryan O'Neal wrote:
>
>> WTF!!! No! Say it is not so!
>> If it was actually insecure where are the exploits? Bitlocker has had
>> cracked and is known to be flawed. I have heard that the US government
>> has been putting pressure on true crypt to provide a dedicated back
>> door for some time but I thought that was just smoke. I love true
>> crypt and move encrypted disks freely between windows, mac, and linux.
>>
>> I is sad :(
>>
>>
>> On Wed, May 28, 2014 at 5:39 PM, Derek Trotter <expat.arizonan at gmail.com>
>> wrote:
>>
>>> Today I read at The Register that the truecrypt site redirects to their
>>> sourceforge page, and that has a statement saying development has been
>>> discontinued.  I checked and saw for myself.
>>>
>>> I'm wondering if this is for real or if the truecrypt people have been
>>> hacked.
>>>
>>> http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
>>>
>>> If this is for real, are there any alternatives?
>>>
>>> --
>>> "I get my copy of the daily paper, look at the obituaries page, and if
>>> I’m
>>> not there, I carry on as usual."
>>>
>>> Patrick Moore
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140528/735d9769/attachment.html>

More information about the PLUG-discuss mailing list