TrueCrypt's Web Site Updates with Ominous Warning, Details Unknown

[Wilikon]

http://lifehacker.com/truecrypts-web-site-updates-with-ominous-warning-detai-1582879439?utm_campaign=socialflow_lifehacker_twitter&utm_source=lifehacker_twitter&utm_medium=socialflow

http://truecrypt.sourceforge.net/

[Mikez]

I think this is Lavabit all over again.
Hence the instructions for Bitlocker on their page. Bitlocker being a patentary closed source encryption tool developed by Microsoft.

[Charlie Prime]

With closed-source software, the failures are always bigger and more costly.

[westkybitcoins]

I think this is Lavabit all over again.
Hence the instructions for Bitlocker on their page. Bitlocker being a patentary closed source encryption tool developed by Microsoft.

Yep. Apparently, the key used to sign version 7.2 on the site (the modified, declared-insecure, decrypt-only version) is the same as that used to sign previous versions, so barring an even bigger issue, this is the same folks.

Them recommending Bitlocker (ha!) is their way of letting us know they've been coerced into stopping (or scared of impending exposure, which I guess is pretty much the same thing... I wouldn't want to be a publicly-known member of the TrueCrypt development team in a post-911 world.)

Considering the nature of this shutdown, and the lack of any real alternative, I personally have every intention of continuing to use earlier versions of the software, albeit with an extra precaution or two taken.

[Wilikon]

https://github.com/DrWhax/truecrypt-archive

Have you tried to download an old version to see what happen?  Hmmm

[5flags]

https://bitcointalk.org/index.php?topic=629807.0

[westkybitcoins]

I may have spoken too soon regarding there being no real alternatives.

Investigating DiskCryptor right now. It's Windows-only, but at least it's compatible with TrueCrypt....

EDIT: *sigh* Yes, I understand Windows itself is insecure, but it's still used by many folks, and having secure data on a Windows system is of use to many people.

EDIT: Never mind

[5flags]

Possibilities:

- UEFI was to much of a pain to overcome.
- NSA Security letter received.
- Other

Questions are:

Why wasn't it just passed to the community?
Why force people to stop using it?

Apparently it is unrelated to the audit that was being carried out. But it seems odd that the devs are advocating Bitlocker. Did money change hands?

Why would Microsoft's end-of-life date for Windows XP affect it?

Very, very odd.

[Wilikon]

Possibilities:

- UEFI was to much of a pain to overcome.
- NSA Security letter received.
- Other

Questions are:

Why wasn't it just passed to the community?
Why force people to stop using it?

Apparently it is unrelated to the audit that was being carried out. But it seems odd that the devs are advocating Bitlocker. Did money change hands?

Why would Microsoft's end-of-life date for Windows XP affect it?

Very, very odd.

I can only guess telling people to use bitlocker, a program that is closed source and only running on Windows machine is a way to say covertly that nothing is really safe anymore?

Thank you for your thread link.

[PrivacyIsImportant]

You must not believe those awful rumors, TC project was intercepted by NSA and now they control it.
DO NOT USE 7.2 BECAUSE IT IS A COMPROMISED VERSION.
Use 7.1a from the original author, you can find it here:

http://cyberside.net.ee/truecrypt/

Always verify the sha1 and md5 checksums!

[AnonyMint]

I'm almost ready to say "Adios forum". My health hasn't been this great in years. Almost time to move on to the next big thing (NBT).

And what did I warn you about TrueCrypt just a couple of weeks ago

[Wilikon]

I'm almost ready to say "Adios forum". My health hasn't been this great in years. Almost time to move on to the next big thing (NBT).

And what did I warn you about TrueCrypt just a couple of weeks ago

I don't know you obviously but I hope you will get better..
Can you link me to that warning?

[practicaldreamer]

So let me get this straight - and forgive me , because I'm no expert on tech issues - TrueCrypt is/was open source and was maintained by (anonymous) volunteers. To make double sure of the integrity of its encryption (?) it raised enough funds to have an independant "audit" that would give the program a "stress test" - or am I completely off track here ?

     Half way through the "audit" (which had thus far been going well) the open source volunteers agree unanimously to cease continuation/support for the Truecrypt project. Is this correct ?

    Truecrypt is no longer fit for purpose ?? Sounds very odd to me.

And if its open source can't others take up the challenge ?

   I use 7.0a - is this vulnerable ?

I don't know you obviously but I hope you will get better..

No - I think he meant that he is doing very well health wise, on the basis that he is an absolutely unprecedented genius and that he "told you so", Wilikon.

I'm almost ready to say "Adios forum".

Is that a promise ?

[Wilikon]

So let me get this straight - and forgive me , because I'm no expert on tech issues - TrueCrypt is/was open source and was maintained by (anonymous) volunteers. To make double sure of the integrity of its encryption (?) it raised enough funds to have an independant "audit" that would give the program a "stress test" - or am I completely off track here ?

     Half way through the "audit" (which had thus far been going well) the open source volunteers agree unanimously to cease continuation/support for the Truecrypt project. Is this correct ?

    Truecrypt is no longer fit for purpose ?? Sounds very odd to me.

And if its open source can't others take up the challenge ?

   I use 7.0a - is this vulnerable ?

I don't know you obviously but I hope you will get better..

No - I think he meant that he is doing very well health wise, on the basis that he is an absolutely unprecedented genius and that he "told you so", Wilikon.

I'm almost ready to say "Adios forum".

Is that a promise ?

No - I think he meant that he is doing very well health wise, on the basis that he is an absolutely unprecedented genius and that he "told you so", Wilikon.

Yep. I knew that. Next time I will add a  

The last version I know of is 7.1a.

[Mikez]

I'm almost ready to say "Adios forum". My health hasn't been this great in years. Almost time to move on to the next big thing (NBT).

And what did I warn you about TrueCrypt just a couple of weeks ago

I don't know you obviously but I hope you will get better..
Can you link me to that warning?

I hope his health to remain as it is now!
No, I'm not wishing him ill, read the part about his health again
I'll be frank, at first that's how I read it too.

EDIT: Ah! Had the Leave a reply window open for some time now and forgot to click... someone beat me to it.
EDIT2: Looked for that warning in the last 15 pages of his posts, couldn't find 'Truecrypt', except for the current thread.

[AnonyMint]

I'm almost ready to say "Adios forum". My health hasn't been this great in years. Almost time to move on to the next big thing (NBT).

And what did I warn you about TrueCrypt just a couple of weeks ago

I don't know you obviously but I hope you will get better..
Can you link me to that warning?

I hope his health to remain as it is now!
No, I'm not wishing him ill, read the part about his health again
I'll be frank, at first that's how I read it too.

EDIT: Ah! Had the Leave a reply window open for some time now and forgot to click... someone beat me to it.
EDIT2: Looked for that warning in the last 15 pages of his posts, couldn't find 'Truecrypt', except for the current thread.

It was a private warning and those who received it know who they are and what the quoted message above was intended to signal is almost ready.

[OhMyCoin]

Do i stop using TrueCrypt 

[5flags]

Do i stop using TrueCrypt 

I have a Windows 7 laptop that is Truecrypted, I don't intend to change that. For Windows 8, I do use Bitlocker - if you're running 7 or earlier, you're probably OK to keep using it.

[TheIrishman]

I've been using TrueCrypt since its first releases and this is really bad news. Luckily, every time a new version was released, I downloaded it for all available OS's - even though I'm on XP 64 - and stored the installers in multiple places.

There is a very nice open source alternative called DiskCryptor, which I used for a while and is even better than TrueCrypt in some aspects. For example, on XP systems TrueCrypt never allowed for non-system partitions to be encrypted or decrypted on the fly - you need to encrypt and format the partition with TrueCrypt and only then copy data to it. Both DiskCryptor and the popular commercial software DriveCrypt Plus Pack have always been able to encrypt and decrypt any type of partition on the fly on XP.

Another drawback with TrueCrypt is that the program never allowed for swap files to reside anywhere outside the encrypted system partition. Before I started encrypting all my stuff, I used to have partitions on 2 or 3 different drives exclusively for swap files, which ended up working as a kind of RAID 0 for paged memory. Of course keeping a swap file on an unencrypted partition would be a huge security hole, but TC won't let you create swap files on other partitions even if they are encrypted. Again, both DiskCryptor and DriveCrypt Plus Pack place no restrictions on how many swap files you create and where. TC's approach to this has always seemed pointless to me, since if you're encrypting your stuff you're supposed to be careful enough not to place swap files on unencrypted partitions.

The only reasons I don't use DriveCryptor instead of TrueCrypt are because it's only available for Windows and I like to keep open the possibility of accessing my encrypted data from Linux, and also it doesn't feature container based encryption.

http://www.diskcryptor.net/wiki/Main_Page

"DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. The fact of openess goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data.

Originally DiskCryptor was developed as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). However the current aim of the project is to create the best product in its category. Moreover, in the future, considerable effort will be devoted to the creation of detailed documentation, explaining the internal mechanics of the program, which would be the best confirmation and demonstration of its security."

[5flags]

...even though I'm on XP 64...

So you're the guy using XP x64!!