TrueCrypt development ended - now insecure?

[Thylacine]

Cliffs: The Sourceforge project page for Truecrypt updated with notice that Truecrypt should no longer be used as it is not secure. Latest binaries on site are read-only - no new encrypted volumes can be created (you may still read ones you have created in previous versions). Whole thing is a little mysterious and smells fishy.

Speculation in spades, no real answers;

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html

Does anyone have any updated information?

This news is certainly bad for me as my security solution was to store my wallets inside a TrueCrypt container - of which I also have multiple backup copies in the cloud. Although it may seem like asking for trouble to store anything in the cloud - I figure even if there is a bad actor on DropBox's end, it's going to be (effectively) computationally impossible for them to get into the container contents. After which, they would have to still then break through the native encryption on the wallet, so I was reasonably happy with the solution. But given this news, it might be time I create a new wallet and transfer my coins over.

Anyone have any thoughts or good TrueCrypt alternatives? Maybe I'll try Armoury etc..

[Parazyd]

What the actual fuck?

[SirChiko]

Maybe you should look here:
"The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt."

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

[Newar]

http://www.dyne.org/software/tomb/



For possibly more secure cloud storage look into wuala. They claim the files are encrypted on your computer before they are sent to their servers. Of course you still got to trust them that they uphold that promise...
www.wuala.com

[dooglus]

Maybe you should look here:
"The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt."

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

There is a theory that the TrueCrypt developers were approached by a government body and forced to weaken the security of TrueCrypt, and also forced not to tell anyone about it.

And so this would be their way of them telling us about it without actually telling us.

The fact that they recommend we switch to a closed-source Microsoft solution is just laughable.  Their advice for Linux users is "search for some other package".

Something fishy is definitely going on.

[b!z]

Maybe you should look here:
"The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt."

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

There is a theory that the TrueCrypt developers were approached by a government body and forced to weaken the security of TrueCrypt, and also forced not to tell anyone about it.

And so this would be their way of them telling us about it without actually telling us.

The fact that they recommend we switch to a closed-source Microsoft solution is just laughable.  Their advice for Linux users is "search for some other package".

Something fishy is definitely going on.

That is actually very possible in my opinon. Do you think they chose to shut down for the same reason LavaBit did?

This article lists a few possibilities: http://www.coinbuzz.com/2014/06/01/truecrypt/

[Truecoin]

You can still download it here: http://truecrypt.ch/

[BCwinning]

Maybe you should look here:
"The first phase of the TrueCrypt audit found no serious problems with the Windows build of TrueCrypt."

http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

There is a theory that the TrueCrypt developers were approached by a government body and forced to weaken the security of TrueCrypt, and also forced not to tell anyone about it.

And so this would be their way of them telling us about it without actually telling us.

The fact that they recommend we switch to a closed-source Microsoft solution is just laughable.  Their advice for Linux users is "search for some other package".

Something fishy is definitely going on.

This, it's called the canary. aka lavabit.

[dooglus]

Do you think they chose to shut down for the same reason LavaBit did?

That would be my guess.

[Parazyd]

7.1 is still on all of my boxes. Has anyone audited the source?

[BCwinning]

7.1 is still on all of my boxes. Has anyone audited the source?

it was being audited and the results are to be released soon from my understanding.
Nothing major was found. I might have read it wrong too. always check these things for yourself.

[dooglus]

7.1 is still on all of my boxes. Has anyone audited the source?

http://istruecryptauditedyet.com/

[Thylacine]

I was a couple of days late after the TrueCrypt announcement posting this to bitcointalk to begin with, and somewhat surprised no one had posted it before. I guess everyone uses paper wallets/cold storage or whatever, and not that many keep their own encrypted volumes anymore.

I'll be keeping an eye on the audit of 7.1 results, as I kind of liked TrueCrypt. But Tomb seems pretty good too looking at it now...

[Parazyd]

Yeah Tomb seems nice. The entire dyne thing is pretty awesome.

[dooglus]

See https://www.grc.com/misc/truecrypt/truecrypt.htm too.

[Parazyd]

I think I'll continue using v7.1. I don't see why I shouldn't.

[Este Nuno]

The whole 'go use bitlocker' thing is blowing my mind. How could they possibly say that?

I'm on 7.1a but I'm not too happy right now. Honestly I don't have anything really worth protecting since I don't keep btc on it, but still.

I'm not a paranoid person but after seeing that message my imagination starts going off.

Has there been any other unofficial messages from the TC people? The lack of explanation really makes me even more suspicious...like they can't legally talk about or something.

[BCwinning]

The whole 'go use bitlocker' thing is blowing my mind. How could they possibly say that?

I'm on 7.1a but I'm not too happy right now. Honestly I don't have anything really worth protecting since I don't keep btc on it, but still.

I'm not a paranoid person but after seeing that message my imagination starts going off.

Has there been any other unofficial messages from the TC people? The lack of explanation really makes me even more suspicious...like they can't legally talk about or something.

If they have been served a NSL they can't talk about it at all. Not even hint really.

[Este Nuno]

The whole 'go use bitlocker' thing is blowing my mind. How could they possibly say that?

I'm on 7.1a but I'm not too happy right now. Honestly I don't have anything really worth protecting since I don't keep btc on it, but still.

I'm not a paranoid person but after seeing that message my imagination starts going off.

Has there been any other unofficial messages from the TC people? The lack of explanation really makes me even more suspicious...like they can't legally talk about or something.

If they have been served a NSL they can't talk about it at all. Not even hint really.

Would the government consider what they said a hint though? Legally speaking?

[BCwinning]

The whole 'go use bitlocker' thing is blowing my mind. How could they possibly say that?

I'm on 7.1a but I'm not too happy right now. Honestly I don't have anything really worth protecting since I don't keep btc on it, but still.

I'm not a paranoid person but after seeing that message my imagination starts going off.

Has there been any other unofficial messages from the TC people? The lack of explanation really makes me even more suspicious...like they can't legally talk about or something.

If they have been served a NSL they can't talk about it at all. Not even hint really.

Would the government consider what they said a hint though? Legally speaking?

Sure but they have to be able to prove it as well which probably isn't worth that effort alone.
We can't even prove what we "think" it might be. It might be what it is at face value..
The lack of any further information though could be a good indicator they are not at liberty to discuss anything.
I'm taking it as they have been compromised. I'm keeping my old copy and I read it's been forked already.