Truecrypt site hacked?

Eric Cope eric.cope at gmail.com
Wed May 28 22:11:52 MST 2014 

Truecrypt 7.1 from 3 years ago: https://github.com/syglug/truecrypt

Eric


On Wed, May 28, 2014 at 10:09 PM, Eric Cope <eric.cope at gmail.com> wrote:

> Here are checksums for it from a security audit...
> https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
>
> My money is a Lavabit type of response to an NSL or equivalent...
>
> Eric
>
>
> On Wed, May 28, 2014 at 10:08 PM, Michael Butash <michael at butash.net>
> wrote:
>
>> I saw that, thought mostly the same, don't think it's a scam, probably
>> just more hassle than it was worth to fend of legal aspects of giving free
>> and *actual* secure crypto, it it ever was.  I saw someone paid Schneier to
>> audit it, and he found it fairly robust, but with some flaw as well, but
>> relatively minor all in all.  I only used it on usb keys as I didn't think
>> luks volumes mounted under windoze, but found that they actually might, or
>> at least truecrypt gave a link to something that seemed to be a windoze app
>> to mount them.  Link was dead, but I plan on looking to see.
>>
>> I'd love to see a real audit of luks too, as the last one standing for
>> the most part for any kind of open whole disk encryption versatile enough
>> to handle lower and higher level disk i/o adequately under linux.
>>
>> Truecrypt seemed decent, but only as a medium between linux, windoze, and
>> even occasionally mac systems that I needed to mount them on.  Sadly it
>> really is asking a lot that there be some sort of standard around this
>> cross-platform, with each systems' unique flaws and potentials for making
>> the environments insecure for everyone around them a "feature".
>>
>> I think there is more bad reason than good these methods don't exist in a
>> complete secure fashion, as presumably most governments, corporations, and
>> just about any profit center wants the options open for full exploitability
>> of their choosing should they desire to see what anyone has.  I doubt it's
>> a debatable option even at this point that on all levels, all things remain
>> exploitable to some extent through purpose or simple error, but either way
>> generally still exist.
>>
>> Layers... I use full encryption on all my personal systems now, but its
>> impossible to trust everything.  I don't do ecryptfs atop luks, as I'd like
>> some reasonable expectation of performance and not overkilling my SSD's.
>>  I'd love to otherwise.
>>
>> Someone comes and heists every computer, tablet, or phone in your house
>> with a warrant in a "crime" with law enforcement officers, your data is
>> forfeit by and large, encrypted or not.  Scary part is what occurs when
>> they don't bother to come physically, or tell you.
>>
>> -mb
>>
>>
>> On 05/28/2014 09:33 PM, Bryan O'Neal wrote:
>>
>>> WTF!!! No! Say it is not so!
>>> If it was actually insecure where are the exploits? Bitlocker has had
>>> cracked and is known to be flawed. I have heard that the US government
>>> has been putting pressure on true crypt to provide a dedicated back
>>> door for some time but I thought that was just smoke. I love true
>>> crypt and move encrypted disks freely between windows, mac, and linux.
>>>
>>> I is sad :(
>>>
>>>
>>> On Wed, May 28, 2014 at 5:39 PM, Derek Trotter <expat.arizonan at gmail.com>
>>> wrote:
>>>
>>>> Today I read at The Register that the truecrypt site redirects to their
>>>> sourceforge page, and that has a statement saying development has been
>>>> discontinued.  I checked and saw for myself.
>>>>
>>>> I'm wondering if this is for real or if the truecrypt people have been
>>>> hacked.
>>>>
>>>> http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
>>>>
>>>> If this is for real, are there any alternatives?
>>>>
>>>> --
>>>> "I get my copy of the daily paper, look at the obituaries page, and if
>>>> I’m
>>>> not there, I carry on as usual."
>>>>
>>>> Patrick Moore
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140528/2b32f783/attachment.html>

More information about the PLUG-discuss mailing list