Open Side Menu Go to the Top
TrueCrypt shuts down, warns insecure
$25m Guaranteed WPM on CoinPoker
Join the action now
TrueCrypt shuts down, warns insecure
FAQ Today's Posts Search Twitter Discord
TrueCrypt shuts down, warns insecure
$25m Guaranteed WPM on CoinPoker
Join the action now
TrueCrypt shuts down, warns insecure
Register
TrueCrypt shuts down, warns insecure TrueCrypt shuts down, warns insecure
Post Reply Subscribe
...
05-29-2014 , 07:49 AM
#1
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
http://arstechnica.com/security/2014...bruptly-warns/
Quote:
“TrueCrypt is not secure,” official SourceForge page abruptly warns

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

The advisory, which Ars couldn't immediately confirm was authentic, touched off a tsunami of comments on Twitter and other social media sites. For more than a decade, the open source and freely available TrueCrypt has been the program of choice of many security-minded people for encrypting sensitive files and even entire hard drives. Last year, amid revelations that the NSA can decode large swaths of the Internet's encrypted data, supporters ponied up large sums of money to audit TrueCrypt. Results from phase one of the audit released last month revealed no evidence of any backdoors. Additional audits were pending.
Quote:
The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis, appears to contain changes warning that the program isn't safe to use. Curiously, the new release also appeared to let users decrypt encrypted data but not create new volumes.

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers





this is baaad
TrueCrypt shuts down, warns insecure Quote
TrueCrypt shuts down, warns insecure
$25m Guaranteed WPM on CoinPoker
Join the action now
Daily Rewards • Splash Pots • CoinRaces
TrueCrypt shuts down, warns insecure
05-29-2014 , 10:37 AM
#2
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,724
interesting news, thanks

I've been using truecrypt for some things as well
I guess it is still safe against 99% of villains.
TrueCrypt shuts down, warns insecure Quote
05-29-2014 , 10:41 AM
#3
Doc T River's Avatar
Doc T River
View Profile Send Message Find Posts By Doc T River Find Threads By Doc T River
Master of the Edit Line
Join Date: Sep 2007 Posts: 13,059
Does this affect the average computer user?
TrueCrypt shuts down, warns insecure Quote
05-29-2014 , 04:12 PM
#4
thunderbolts's Avatar
thunderbolts
View Profile Send Message Find Posts By thunderbolts Find Threads By thunderbolts
Pooh-Bah
Join Date: Aug 2008 Posts: 3,596
Wow. That is interesting.

Quote:
Originally Posted by Doc T River
Does this affect the average computer user?
Not unless you use TrueCrypt. If you don't know if you do, then you don't.
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 04:23 AM
#5
Joseph Hewes
View Profile Find Posts By Joseph Hewes Find Threads By Joseph Hewes
self-banned
Join Date: Aug 2007 Posts: 2,466
holy cow. see this thread:

http://www.reddit.com/r/netsec/comme..._ended_052814/
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 07:43 AM
#6
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,724
Quote:
Originally Posted by Joseph Hewes
holy cow. see this thread:

http://www.reddit.com/r/netsec/comme..._ended_052814/
Not gonna read all that

Anyone can provide cliffs?
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 08:19 AM
#7
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
Quote:
Originally Posted by Doc T River
Does this affect the average computer user?


Yes, this actually .does affect every computer user., @s it is part of a larger theme that is coming to light after all the recent developments.


Spoiler:

How do you know the software you are using is secure?
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 08:24 AM
#8
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
Quote:
Originally Posted by Gabethebabe
Not gonna read all that

Anyone can provide cliffs?


some possibilities:

- software development enviornment or compiler is out dated and project cannot safely continue
- developers were displeased in some way with recent security audit of TrueCrypt code and decided to quit the project
- developers were being compelled in some way by a government to insert a backdoor so they quit instead of complying, similar to the lavabit case.
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 11:24 AM
#9
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,724
http://www.techsupportalert.com/cont...-truecrypt.htm

Quote:
TrueCrypt has been the freeware encryption software of choice for millions of users for more than a decade. However, some time yesterday, the TrueCrypt web site which hosts the download was replaced with a page warning that TrueCrypt is no longer secure, that development has ceased, and that you should stop using it.

A new version of the software was also released, which no longer supports encryption. It simply allows you to read your current encrypted files so that you can switch to alternative software.

At present, the reasons for the abrupt ending of TrueCrypt development are not known. Various rumours persist, including NSA involvement, the web site being hacked, a spat among the developers, and more besides.

If you are currently using TrueCrypt, here's what you need to do:

1. Continue using it as normal for the time being.
2. Do NOT download the newly-released version. It can't be trusted for now.
3. Don't consider switching to alternative encryption software for the moment. Your existing TrueCrypt installation will suffice, until the facts are known.
TrueCrypt shuts down, warns insecure Quote
05-30-2014 , 10:34 PM
#10
Attempto!!
View Profile Send Message Find Posts By Attempto!! Find Threads By Attempto!!
newbie
Join Date: May 2012 Posts: 15
Quote:
Originally Posted by catsec

How do you know the software you are using is secure?
http://cm.bell-labs.com/who/ken/trust.html

Quote:
Moral

The moral is obvious. You can't trust code that you did not totally create yourself.
Last edited by Attempto!!; 05-30-2014 at 10:40 PM. Reason: we're doomed :D
TrueCrypt shuts down, warns insecure Quote
05-31-2014 , 03:31 AM
#11
catsec's Avatar
catsec
View Profile Send Message Find Posts By catsec Find Threads By catsec
centurion
Join Date: Apr 2014 Posts: 178
Quote:
Originally Posted by Attempto!!
http://cm.bell-labs.com/who/ken/trust.html



Nice read! Cheers!
TrueCrypt shuts down, warns insecure Quote
05-31-2014 , 10:50 AM
#12
thunderbolts's Avatar
thunderbolts
View Profile Send Message Find Posts By thunderbolts Find Threads By thunderbolts
Pooh-Bah
Join Date: Aug 2008 Posts: 3,596
Quote:
Originally Posted by catsec
Yes, this actually .does affect every computer user., @s it is part of a larger theme that is coming to light after all the recent developments.


Spoiler:

How do you know the software you are using is secure?
Obviously there are questions about backdoors etc in all software: that certainly is a theme (but it has been for many years).

For the benefit of the average visitor who comes to CTH looking for help, I reiterate that this particular announcement relating to TrueCrypt does not affect every computer user. If you don't use TrueCrypt you can safely ignore it.

If you do use TrueCrypt, current advice appears to be that you can continue to do so, although you should certainly not download the new version (while it may come to light that the previous version(s) were compromised, that's not currently believed to be the case).
TrueCrypt shuts down, warns insecure Quote
06-10-2014 , 10:04 PM
#14
jokerthief's Avatar
jokerthief
View Profile Send Message Find Posts By jokerthief Find Threads By jokerthief
No reason to get excited
Join Date: May 2004 Posts: 4,768
Why do people encrypt files?
TrueCrypt shuts down, warns insecure Quote
06-11-2014 , 04:38 AM
#15
mahnahmahnah
View Profile Send Message Find Posts By mahnahmahnah Find Threads By mahnahmahnah
adept
Join Date: Apr 2013 Posts: 805
Multitude of reasons...

Mainly, to keep them safe from others. I keep my personal files (bank account history, finance agreements, etc.) as well as some business documents (company firewall configurations, etc.) that are on my laptop - if my laptop were ever to be stolen, there would be no chance they can get any of this sensitive data.

Another simple example would be this thread here http://forumserver.twoplustwo.com/29...ojans-1369171/

If Jens had used encryption, and a few other security measures, his laptop would have been completely useless to the attackers - They wouldn't have been able to install anything on his laptop.

Also, using an encrypted truecrypt container for your files would prevent something like cryptolocker from attacking them.
TrueCrypt shuts down, warns insecure Quote
06-11-2014 , 04:43 AM
#16
mahnahmahnah
View Profile Send Message Find Posts By mahnahmahnah Find Threads By mahnahmahnah
adept
Join Date: Apr 2013 Posts: 805
I think the question should be more... "Why DON'T people encrypt their files?"
TrueCrypt shuts down, warns insecure Quote
06-11-2014 , 12:40 PM
#17
Gabethebabe's Avatar
Gabethebabe
View Profile Send Message Find Posts By Gabethebabe Find Threads By Gabethebabe
Malware Jedi
Join Date: Oct 2007 Posts: 27,724
Quote:
Originally Posted by mahnahmahnah
I think the question should be more... "Why DON'T people encrypt their files?"
Because they forget their own passwords
TrueCrypt shuts down, warns insecure Quote
TrueCrypt shuts down, warns insecure
$25m Guaranteed WPM on CoinPoker
Join the action now
Daily Rewards • Splash Pots • CoinRaces
TrueCrypt shuts down, warns insecure
Post Reply Subscribe
...
      
Feedback is used for internal purposes. LEARN MORE
Contact Us Privacy Statement TOS
Top
Powered by:  Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD
m