Bitcoin Forum

https://i.imgur.com/kcGt6iB.png

http://lifehacker.com/truecrypts-web-site-updates-with-ominous-warning-detai-1582879439?utm_campaign=socialflow_lifehacker_twitter&utm_source=lifehacker_twitter&utm_medium=socialflow

http://truecrypt.sourceforge.net/

I think this is Lavabit all over again.
Hence the instructions for Bitlocker on their page. Bitlocker being a patentary closed source encryption tool developed by Microsoft.

With closed-source software, the failures are always bigger and more costly.

Yep. Apparently, the key used to sign version 7.2 on the site (the modified, declared-insecure, decrypt-only version) is the same as that used to sign previous versions, so barring an even bigger issue, this is the same folks.

Them recommending Bitlocker (ha!) is their way of letting us know they've been coerced into stopping (or scared of impending exposure, which I guess is pretty much the same thing... I wouldn't want to be a publicly-known member of the TrueCrypt development team in a post-911 world.)

Considering the nature of this shutdown, and the lack of any real alternative, I personally have every intention of continuing to use earlier versions of the software, albeit with an extra precaution or two taken.

Have you tried to download an old version to see what happen?  Hmmm

https://bitcointalk.org/index.php?topic=629807.0

I may have spoken too soon regarding there being no real alternatives.

Investigating DiskCryptor (http://en.wikipedia.org/wiki/DiskCryptor) right now. It's Windows-only, but at least it's compatible with TrueCrypt....

EDIT: *sigh* Yes, I understand Windows itself is insecure, but it's still used by many folks, and having secure data on a Windows system is of use to many people.

EDIT: Never mind

Possibilities:

- UEFI was to much of a pain to overcome.
- NSA Security letter received.
- Other

Questions are:

Why wasn't it just passed to the community?
Why force people to stop using it?

Apparently it is unrelated to the audit that was being carried out. But it seems odd that the devs are advocating Bitlocker. Did money change hands?

Why would Microsoft's end-of-life date for Windows XP affect it?

Very, very odd.

I can only guess telling people to use bitlocker, a program that is closed source and only running on Windows machine is a way to say covertly that nothing is really safe anymore?

Thank you for your thread link.

You must not believe those awful rumors, TC project was intercepted by NSA and now they control it.
DO NOT USE 7.2 BECAUSE IT IS A COMPROMISED VERSION.
Use 7.1a from the original author, you can find it here:

http://cyberside.net.ee/truecrypt/

Always verify the sha1 and md5 checksums!

I'm almost ready to say "Adios forum". My health hasn't been this great in years. Almost time to move on to the next big thing (NBT).

And what did I warn you about TrueCrypt just a couple of weeks ago ;)

I don't know you obviously but I hope you will get better..
Can you link me to that warning?

So let me get this straight - and forgive me , because I'm no expert on tech issues - TrueCrypt is/was open source and was maintained by (anonymous) volunteers. To make double sure of the integrity of its encryption (?) it raised enough funds to have an independant "audit" that would give the program a "stress test" - or am I completely off track here ?

     Half way through the "audit" (which had thus far been going well) the open source volunteers agree unanimously to cease continuation/support for the Truecrypt project. Is this correct ?

    Truecrypt is no longer fit for purpose ?? Sounds very odd to me.

And if its open source can't others take up the challenge ?

   I use 7.0a - is this vulnerable ?


No - I think he meant that he is doing very well health wise, on the basis that he is an absolutely unprecedented genius and that he "told you so", Wilikon.


Is that a promise ?

No - I think he meant that he is doing very well health wise, on the basis that he is an absolutely unprecedented genius and that he "told you so", Wilikon.

Yep. I knew that. Next time I will add a  ::)

The last version I know of is 7.1a.

I hope his health to remain as it is now!
No, I'm not wishing him ill, read the part about his health again :)
I'll be frank, at first that's how I read it too.

EDIT: Ah! Had the Leave a reply window open for some time now and forgot to click... someone beat me to it.
EDIT2: Looked for that warning in the last 15 pages of his posts, couldn't find 'Truecrypt', except for the current thread.

It was a private warning and those who received it know who they are and what the quoted message above was intended to signal is almost ready. ;)

Do i stop using TrueCrypt  ???

I have a Windows 7 laptop that is Truecrypted, I don't intend to change that. For Windows 8, I do use Bitlocker - if you're running 7 or earlier, you're probably OK to keep using it.

I've been using TrueCrypt since its first releases and this is really bad news. Luckily, every time a new version was released, I downloaded it for all available OS's - even though I'm on XP 64 - and stored the installers in multiple places.

There is a very nice open source alternative called DiskCryptor, which I used for a while and is even better than TrueCrypt in some aspects. For example, on XP systems TrueCrypt never allowed for non-system partitions to be encrypted or decrypted on the fly - you need to encrypt and format the partition with TrueCrypt and only then copy data to it. Both DiskCryptor and the popular commercial software DriveCrypt Plus Pack have always been able to encrypt and decrypt any type of partition on the fly on XP.

Another drawback with TrueCrypt is that the program never allowed for swap files to reside anywhere outside the encrypted system partition. Before I started encrypting all my stuff, I used to have partitions on 2 or 3 different drives exclusively for swap files, which ended up working as a kind of RAID 0 for paged memory. Of course keeping a swap file on an unencrypted partition would be a huge security hole, but TC won't let you create swap files on other partitions even if they are encrypted. Again, both DiskCryptor and DriveCrypt Plus Pack place no restrictions on how many swap files you create and where. TC's approach to this has always seemed pointless to me, since if you're encrypting your stuff you're supposed to be careful enough not to place swap files on unencrypted partitions.

The only reasons I don't use DriveCryptor instead of TrueCrypt are because it's only available for Windows and I like to keep open the possibility of accessing my encrypted data from Linux, and also it doesn't feature container based encryption.

http://www.diskcryptor.net/wiki/Main_Page (http://www.diskcryptor.net/wiki/Main_Page)

"DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. The fact of openess goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data.

Originally DiskCryptor was developed as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). However the current aim of the project is to create the best product in its category. Moreover, in the future, considerable effort will be devoted to the creation of detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security."

So you're the guy using XP x64!!

Best Microsoft OS ever, my friend. Built on the Server 2003 codebase, extremely stable and compatible with everything except 16-bit programs. My current install is over 4 years old and I keep my PC on for weeks without needing to reboot. Actually most of the time I only need to restart my machine when I install something like new video drivers which require a restart.

I'm a developer and used to work for Microsoft, and yes, XP's brilliance was what crippled Vista, and to a lesser extent 7. But come on, let it die :)

Errr... no. ;)

Well, OK, remove everything metro-related from the 8th abomination and give me back the CLASSIC start menu (like the one on 98 SE) without me needing to install any 3rd party software and I might consider your offer...

XP x64 is the only post Win2k platform I don't test for. You're only the second user I have ever come across. It would be a kindness to gently format that drive.

OK, last off-topic post on this subject. If you look around these very forums you're gonna find quite a few XP 64 users. Last but not least, gently insert whatever later Windows OS you might use up your ass.

 :o

I am using XP 64 only because these shitty win7/8 have removed the intelligent, fast and advanced XP search, where i am able to search around a file contents, defining a file extension and size limits without installing any third-party software

"Everything" is one of my favorite little utility for 8.1 for searching on NTFS volumes. (http://youtu.be/tMHBEIdzwzI)


http://www.voidtools.com/

Later OS's, like 7, do have advanced search functions. I did a bit of work with Windows Search, or WDS as it was then.

http://windows.microsoft.com/en-gb/windows7/advanced-tips-for-searching-in-windows

Screw VistaTrash, 7Garbage (oops! they forgot the "up one level" button on the shitty Windows Explorer) and the 8th abomination. Can we go back on topic now?

Sure....

https://i.imgur.com/aQx5tYG.png

http://arstechnica.com/security/2014/05/truecrypt-security-audit-presses-on-despite-developers-jumping-ship/

This is unreal. A project this important, this old just up and vanishes one day. No explanation, just some rumors in its wake.
I'm sure there will be an other open source solution like it, but it would be really important to know what happened to this one.

Welcome to the fledgling fascism which will grow ever worse as we slide into a Dark Age:

https://bitcointalk.org/index.php?topic=495527.msg7064961#msg7064961

Can think of a few possibilities:
1 - the dev team might have just given up and decided to pull the plug from lack of support, and as a final fuck you all, recommended people go to microshits NSA unlocked...
2 - they might have sold out and decided to make a pay only version of TC
3 - I doubt its a NSL due to who the dev team are, they are no Lavabit, they of all people would be more likely to publish such an attempt to suppress them. If its state interference, it would more likely be more direct action against them that could trigger a reaction like this one.
4 - perhaps there actually is a bad enough security flaw in XP that makes TC vulnerable to attack, that ms is now refusing to fix due to it no longer supporting XP.

Brute force wise, Truecrypt has never been that resistant to a determined and resourced attacker. It does not employ either BCrypt or SCRYPT - its key stretching, rounds implementation are pretty crap. Elcomsoft say their forensic disk decryptor has the ability to recover keys from TrueCrypt volumes/partitions if a computer has been in hibernation while a container or partition had been loaded. And of course, it is also according to them, vulnerable to cold boot attacks and recovering keys from ram dumps.

see their ad here: http://www.elcomsoft.com/efdd.html

But the more important thing is, Bitlocker is apparently just as vulnerable to these types of attacks. Even in saying that, I am going to go with number 4 for this reason. The timing of them quitting the scene and the fact that phase two of the Truecrypt audit had just kicked off focussing very much on implementation http://istruecryptauditedyet.com/ The timing of the dev team quitting and phase one having just been completed and phase two of this audit kicking off I think somewhere in that is the missing clue to why.

XP rocks! I'm using it right now. ;D

Anyway, back on topic...

The Truecrypt code is open source so it could always be forked. However, my guess is that it wouldn't exactly be easy because of how messily and confusingly the code was written and the fact that any new developer(s) would lack the level of familiarity with the code that the original developers had. In case anyone is interested, there's already a new website out there with a .ch extension (as opposed to .org) which aims to take over the project but I'm not sure if they (or anyone else for that matter) have the technical know-how to implement the features that Truecrypt 7.2 was supposed to have (e.g. UEFI support, full Windows 8 compatibility). After all, writing encryption software isn't easy.