Re: Truecrypt end of life
July 4th, 2014, 6:17
IIUC, we are being told to stop using open source encryption software and to migrate our important data to a Microsoft product. 
Who do we trust -- Edward Snowden or "Microsoft’s Vice President of Trustworthy Computing"?
Microsoft helped NSA, FBI spy on users:
http://www.smh.com.au/it-pro/security-i ... hv0w1.html
Microsoft Encryption Protects User Data From NSA and Other Snoops:
http://www.forbes.com/sites/larrymagid/ ... nt-snoops/
Does a polite request from the NSA or FBI constitute an "appropriate legal process"?
Who do we trust -- Edward Snowden or "Microsoft’s Vice President of Trustworthy Computing"?
Microsoft helped NSA, FBI spy on users:
http://www.smh.com.au/it-pro/security-i ... hv0w1.html
The report comes from more secret documents leaked by Edward Snowden.
Microsoft Encryption Protects User Data From NSA and Other Snoops:
http://www.forbes.com/sites/larrymagid/ ... nt-snoops/
In a not-so-subtle dig at the National Security Agency, Microsoft’s Vice President of Trustworthy Computing, Matt Thomlinson, described the company’s expanded encryption efforts as a way to help “reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data.”
Does a polite request from the NSA or FBI constitute an "appropriate legal process"?
Re: Truecrypt end of life
July 4th, 2014, 7:52
I've been following this for a few weeks now. It has a few interesting attributes.
1. General Public do not know who the developers are, but trust Truecrypt. Even though no formal assessment was made until recently. the Auditors, people you would recognise from the crypto circuit, found some issues in it.
2. They do not want it forked and dev continued on it, for whatever reason.
3. There are alternatives, bitlocker etc, not perfect but If used properly adequate in most cases.
4. There is a final release, you can get your data but not encrypt anything new. They really want this project gone, and no-one publicly admits to know the reason.
5. I did hear of another project, either kind of forked or based on the truecrypt idea, but can remember the specifics.
6 Consiracies abound: Possible hidden Latin warning about NSA in Truecrypt's suicide note
http://boingboing.net/2014/06/17/possible-hidden-latin-warning.html
in any case, time to encrypt your data somehow else!
1. General Public do not know who the developers are, but trust Truecrypt. Even though no formal assessment was made until recently. the Auditors, people you would recognise from the crypto circuit, found some issues in it.
2. They do not want it forked and dev continued on it, for whatever reason.
3. There are alternatives, bitlocker etc, not perfect but If used properly adequate in most cases.
4. There is a final release, you can get your data but not encrypt anything new. They really want this project gone, and no-one publicly admits to know the reason.
5. I did hear of another project, either kind of forked or based on the truecrypt idea, but can remember the specifics.
6 Consiracies abound: Possible hidden Latin warning about NSA in Truecrypt's suicide note
http://boingboing.net/2014/06/17/possible-hidden-latin-warning.html
in any case, time to encrypt your data somehow else!
Re: Truecrypt end of life
July 4th, 2014, 8:39
While on April, 14th everything looked OK: "Phase I of the audit is complete, and report is available. Phase II begins on the formal cryptanalysis. Follow #istruecryptauditedyet on Twitter for updates." - http://istruecryptauditedyet.com/northwind wrote:R.I.P. Truecrypt
The announce appeared at the end of May and I'm trying to follow the story since then.
Suggestion about a warrant canary appears quite realistic, which means something is really happened either with the developers or with the TrueCrypt, but there's no way to tell about that straightforwardly. But this remains a pure speculation.
Some people believe that v7.1a contains malicious code and developers are trying to keep people from using it. There's a strange blog with a single post in it dated Aug 2013: http://truecryptcheck.wordpress.com/
Some think the goal of this act is just to derange the audit and project was compromised long ago.
Besides all that there's a conversation on Twitter: https://twitter.com/stevebarnhart/statu ... 7145597952
[sarcasm]Finally, the official NSA statement: https://twitter.com/NSA_PR/statuses/471780751067738112[/sarcasm]
Re: Truecrypt end of life
July 4th, 2014, 9:54
There is a funny conspiracy theory.
On the site there is this sentence:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"
If you take just the first letter of each word, except the word "WARNING":
"Using TrueCrypt is not secure as it may contain unfixed security issues"
you get this:
"uti nsa im cu si"
It's Latin that roughly means:
"If I want to use the NSA"
http://www.stars21.com/translator/latin_to_english.html
So, the full message seems to be this:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, if I want to use the NSA"
Which is English that roughly means:
"Don't use TrueCrypt because it is under the control of the NSA"
On the site there is this sentence:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"
If you take just the first letter of each word, except the word "WARNING":
"Using TrueCrypt is not secure as it may contain unfixed security issues"
you get this:
"uti nsa im cu si"
It's Latin that roughly means:
"If I want to use the NSA"
http://www.stars21.com/translator/latin_to_english.html
So, the full message seems to be this:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, if I want to use the NSA"
Which is English that roughly means:
"Don't use TrueCrypt because it is under the control of the NSA"
Re: Truecrypt end of life
July 4th, 2014, 10:15
Yes, my number 6 point above. I don't know, seems very weird. Very daVinci Code 
Re: Truecrypt end of life
July 4th, 2014, 10:18
Conspiracy, conspiracy...
They just don't want to support it any longer, neither update it, simple as that.
It's still safe to use.
If they were with the NSA they would not remove the software and do a version that only decrypt.
If they were with the NSA and got fed up with it they would expose the sittuation instead.
They just grew older and don't want to work on the truecrypt project any longer, so the abandon it and any future bug that can be found will not be fixed.
They don't want as well to add support for the new partition types.
All the rest is just BS.
They just don't want to support it any longer, neither update it, simple as that.
It's still safe to use.
If they were with the NSA they would not remove the software and do a version that only decrypt.
If they were with the NSA and got fed up with it they would expose the sittuation instead.
They just grew older and don't want to work on the truecrypt project any longer, so the abandon it and any future bug that can be found will not be fixed.
They don't want as well to add support for the new partition types.
All the rest is just BS.
Re: Truecrypt end of life
July 4th, 2014, 12:52
HaQue wrote:Yes, my number 6 point above. I don't know, seems very weird. Very daVinci Code
Ha, sorry I missed that.
Yeah, conspiracy theories. Same as after 9/11. I heard all crazy stories those days, and I'm in the other side of the planet..
Powered by phpBB © phpBB Group.