ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    TrueCrypt compromised by ?????

    IT Discussion
    9
    42
    6.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • alexntgA
      alexntg @technobabble
      last edited by

      @technobabble said:

      Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

      That makes sense, as Windows has the same functionality built-in.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • alexntgA
        alexntg @StrongBad
        last edited by

        @StrongBad said:

        Not sure that that clears anything up. If the site was hacked that would explain this. Something is very fishy. And what about non-Windows users. XP retirement would mean nothing for them.

        OS X has had disk encryption for years.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @alexntg
          last edited by

          @alexntg said:

          @technobabble said:

          Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

          That makes sense, as Windows has the same functionality built-in.

          Sure, but it's closed source.. so it's really not trustworthy!

          alexntgA 1 Reply Last reply Reply Quote 1
          • alexntgA
            alexntg @Dashrender
            last edited by

            @Dashrender said:

            @alexntg said:

            @technobabble said:

            Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

            That makes sense, as Windows has the same functionality built-in.

            Sure, but it's closed source.. so it's really not trustworthy!

            Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch
              last edited by

              This seems too coordinated for a hack IMO. There are way too many pieces being changed at the same time. Yeah if it was just the website or just the source code, but the way back machine has no info? That is abnormal. The new executable being signed with the correct but recently reissued key? Unusual.

              This is a lot of stuff to change and would be an unprecedented public hack.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @alexntg
                last edited by

                @alexntg said:

                @Dashrender said:

                @alexntg said:

                @technobabble said:

                Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                That makes sense, as Windows has the same functionality built-in.

                Sure, but it's closed source.. so it's really not trustworthy!

                Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

                No one published an audit. Doesn't imply that it wasn't audited.

                alexntgA 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @JaredBusch
                  last edited by

                  @JaredBusch said:

                  This seems too coordinated for a hack IMO. There are way too many pieces being changed at the same time. Yeah if it was just the website or just the source code, but the way back machine has no info? That is abnormal. The new executable being signed with the correct but recently reissued key? Unusual.

                  This is a lot of stuff to change and would be an unprecedented public hack.

                  True it is seemingly more and more likely to be legit.

                  It's not really a needed product anymore across any platform. But still very odd.

                  1 Reply Last reply Reply Quote 0
                  • alexntgA
                    alexntg @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    @alexntg said:

                    @Dashrender said:

                    @alexntg said:

                    @technobabble said:

                    Well everyones talking about it on twitter and other websites. Here's what PC World is saying: http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html

                    That makes sense, as Windows has the same functionality built-in.

                    Sure, but it's closed source.. so it's really not trustworthy!

                    Until recently, no one had actually audited TrueCrypt's code, so for a very long time, it could have had massive backdoors that no one cared to look for. Whether it's open source or close source, it doesn't really matter. On one side, you hope the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. On the other hand, you hope that the folks that wrote it were trustworthy and that if there were any issues, they or an associate caught it. Unless you're manually auditing the code yourself, what does it matter?

                    No one published an audit. Doesn't imply that it wasn't audited.

                    Nor does it imply that it was audited.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                      alexntgA 1 Reply Last reply Reply Quote 0
                      • T
                        technobabble
                        last edited by

                        Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

                        alexntgA scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • alexntgA
                          alexntg @technobabble
                          last edited by

                          @technobabble said:

                          Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

                          BitLocker's available with 8.1 Pro.

                          T 1 Reply Last reply Reply Quote 0
                          • alexntgA
                            alexntg @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                            Have you used TrueCrypt before?

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @technobabble
                              last edited by

                              @technobabble said:

                              Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

                              And requires different tools on different platforms.

                              alexntgA 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @alexntg
                                last edited by

                                @alexntg said:

                                @scottalanmiller said:

                                No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                                Have you used TrueCrypt before?

                                Long ago just a little. Use LUKS now.

                                alexntgA 1 Reply Last reply Reply Quote 0
                                • alexntgA
                                  alexntg @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @alexntg said:

                                  @scottalanmiller said:

                                  No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                                  Have you used TrueCrypt before?

                                  Long ago just a little. Use LUKS now.

                                  Did you audit TrueCrypt?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @alexntg
                                    last edited by

                                    @alexntg said:

                                    @scottalanmiller said:

                                    @alexntg said:

                                    @scottalanmiller said:

                                    No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                                    Have you used TrueCrypt before?

                                    Long ago just a little. Use LUKS now.

                                    Did you audit TrueCrypt?

                                    Not relevant. I'm not and was not on the security team. That's redirection.

                                    Companies that I've worked at did code audits, certainly.

                                    alexntgA 1 Reply Last reply Reply Quote 0
                                    • T
                                      technobabble @alexntg
                                      last edited by

                                      @alexntg Good to know, thanks!

                                      1 Reply Last reply Reply Quote 1
                                      • alexntgA
                                        alexntg @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        @alexntg said:

                                        @scottalanmiller said:

                                        @alexntg said:

                                        @scottalanmiller said:

                                        No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

                                        Have you used TrueCrypt before?

                                        Long ago just a little. Use LUKS now.

                                        Did you audit TrueCrypt?

                                        Not relevant. I'm not and was not on the security team. That's redirection.

                                        Companies that I've worked at did code audits, certainly.

                                        Completely relevant! Did the company you were working for when you used TrueCrypt audit the source code for it? If they did, great. If not, there's no difference from using a closed source product, in that you assumed/trusted that it was secure.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • alexntgA
                                          alexntg @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          @technobabble said:

                                          Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

                                          And requires different tools on different platforms.

                                          For Windows 8/8.1, all it requires is a computer running Windows Pro or better. Windows 7 required a computer running Windows Enterprise and either a TPM or thumb drive.

                                          NicN 1 Reply Last reply Reply Quote 0
                                          • NicN
                                            Nic @alexntg
                                            last edited by

                                            Looks like someone might pick up the torch on TrueCrypt: https://au.news.yahoo.com/thewest/business/technology/a/23969633/

                                            scottalanmillerS 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post