Truecrypt site hacked?
Michael Butash
michael at butash.net
Wed May 28 22:08:36 MST 2014
I saw that, thought mostly the same, don't think it's a scam, probably
just more hassle than it was worth to fend of legal aspects of giving
free and *actual* secure crypto, it it ever was. I saw someone paid
Schneier to audit it, and he found it fairly robust, but with some flaw
as well, but relatively minor all in all. I only used it on usb keys as
I didn't think luks volumes mounted under windoze, but found that they
actually might, or at least truecrypt gave a link to something that
seemed to be a windoze app to mount them. Link was dead, but I plan on
looking to see.
I'd love to see a real audit of luks too, as the last one standing for
the most part for any kind of open whole disk encryption versatile
enough to handle lower and higher level disk i/o adequately under linux.
Truecrypt seemed decent, but only as a medium between linux, windoze,
and even occasionally mac systems that I needed to mount them on. Sadly
it really is asking a lot that there be some sort of standard around
this cross-platform, with each systems' unique flaws and potentials for
making the environments insecure for everyone around them a "feature".
I think there is more bad reason than good these methods don't exist in
a complete secure fashion, as presumably most governments, corporations,
and just about any profit center wants the options open for full
exploitability of their choosing should they desire to see what anyone
has. I doubt it's a debatable option even at this point that on all
levels, all things remain exploitable to some extent through purpose or
simple error, but either way generally still exist.
Layers... I use full encryption on all my personal systems now, but its
impossible to trust everything. I don't do ecryptfs atop luks, as I'd
like some reasonable expectation of performance and not overkilling my
SSD's. I'd love to otherwise.
Someone comes and heists every computer, tablet, or phone in your house
with a warrant in a "crime" with law enforcement officers, your data is
forfeit by and large, encrypted or not. Scary part is what occurs when
they don't bother to come physically, or tell you.
-mb
On 05/28/2014 09:33 PM, Bryan O'Neal wrote:
> WTF!!! No! Say it is not so!
> If it was actually insecure where are the exploits? Bitlocker has had
> cracked and is known to be flawed. I have heard that the US government
> has been putting pressure on true crypt to provide a dedicated back
> door for some time but I thought that was just smoke. I love true
> crypt and move encrypted disks freely between windows, mac, and linux.
>
> I is sad :(
>
> On Wed, May 28, 2014 at 5:39 PM, Derek Trotter <expat.arizonan at gmail.com> wrote:
>> Today I read at The Register that the truecrypt site redirects to their
>> sourceforge page, and that has a statement saying development has been
>> discontinued. I checked and saw for myself.
>>
>> I'm wondering if this is for real or if the truecrypt people have been
>> hacked.
>>
>> http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
>>
>> If this is for real, are there any alternatives?
>>
>> --
>> "I get my copy of the daily paper, look at the obituaries page, and if I’m
>> not there, I carry on as usual."
>>
>> Patrick Moore
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list