Truecrypt

This is for all discussions related to IT and technology. Hardware, software, programming, it all goes here.
Post Reply
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Truecrypt

#1

Post by Rakuen Growlithe »

I haven't seen it mentioned here before but it was something I was using. I'd actually been given my first copy of Truecrypt by another fur and created a small partition for keeping things safe. Then shortly after the whole NSA thing happened I used Truecrypt for to do 256 bit full disk encryption. When I went to update it, I saw the programme had been pulled.

The developers said it was because Microsoft stopped support of Windows XP so there was no need for encryption software any more as the other versions have it already. That's a bad reason, partly because so few people would've been using Truecrypt on XP and partly because only the expensive versions of Windows provide encryption. It's disabled on the standard versions. So no one believes that and think it's something like:
-The developers got a letter from the NSA and rather shut down the software than put in a backdoor.
-There were weaknesses in the software that would be revealed when it got audited.

I had been planning to fully encrypt my external drives when I learned it had been pulled so I held off on that but I'm still wondering what to do about data security now. It doesn't look like any other programme has the same versatility and can easily switch between Windows and Linux. My laptop uses Ubuntu's own encryption for the harddrive but I would need to read external files as well.

The Truecrypt audit is still continuing, as far as I know, so we'll find out if it secure eventually. Was anyone else using Truecrypt? Have alternatives or thoughts on what happened?
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Truecrypt

#2

Post by Fluke »

It's been compromised and is no longer secure.

I really dont have anything to hide, and if I did? I'd just run what all the dodgey people of the deep web run and that's RAID 0 software flash drives in Tails OS and then keep hammers nearby.

But honestly, I don't like people snooping. But I don't need to go to that level to protect nothing. It's just added wear and tear.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Truecrypt

#3

Post by Rakuen Growlithe »

Fluke wrote:It's been compromised and is no longer secure.
Is that just suspicion or has that been confirmed? I heard it had passed the first stage of the audit and the only problems were common to similar tools and could be overcome by following their recommendations.
Fluke wrote:But honestly, I don't like people snooping. But I don't need to go to that level to protect nothing. It's just added wear and tear.
It's one extra password on startup. Compared to home security where people put locks on their doors and security gates and alarms and electric fences and whatever else it barely even registers.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Truecrypt

#4

Post by Fluke »

It's been confirmed.

And I don't want anything that will increase the wear and tear of my RAID0 SSDs.
No one other than me uses my PC anyways.

You could use bitlocker if you want to, for now.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Truecrypt

#5

Post by Rakuen Growlithe »

Got a link?

Bitlocker is only available with Ultimate and Enterprise versions of Widows. Because why try make a decent product when you can break it up and charge extra for all the features that should've been included in the first place.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
Leeward
Recalcitrant Ruminant
Posts: 7036
Joined: Wed Mar 19, 2014 10:23 pm

Re: Truecrypt

#6

Post by Leeward »

Rakuen Growlithe wrote:Because why try make a decent product when you can break it up and charge extra for all the features that should've been included in the first place.
Because profit.
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Truecrypt

#7

Post by Valerion »

Fluke wrote:It's been confirmed.

And I don't want anything that will increase the wear and tear of my RAID0 SSDs.
No one other than me uses my PC anyways.

You could use bitlocker if you want to, for now.
The compromise has only been rumour based on a version that has been posted to the SourceForge page, supposedly by the authors when they commited a version that can only decrypt. This was signed by the official TC key as well. All in all, it seems to have been drama. Perhaps a fallout between the devs.

https://www.grc.com/misc/truecrypt/truecrypt.htm
http://www.theregister.co.uk/2014/05/29 ... _analysis/

However, at this point I won't trust that codebase at all, of course. Things may have been injected.

Alternatives are listed on the Wikipedia page, several of which are based on TC.

User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Truecrypt

#8

Post by Valerion »

I know this is an old topic, but new information are always valuable. The TrueCrypt code have been completely audited and no real major issues were found. Certainly no deliberate backdoors. Some issues are for example related to reliance on the the Windows crypto API (a subject that came to light not too long ago). This leaves the open question - why did the devs disappear so suddenly? Perhaps a warrant canary?

http://blog.cryptographyengineering.com ... eport.html

http://www.theregister.co.uk/2015/04/02 ... ity_audit/

https://opencryptoaudit.org/reports/Tru ... _final.pdf (Original document, 21-page PDF)
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Truecrypt

#9

Post by Rakuen Growlithe »

That was interesting. Pretty confirmed my thoughts. I've been on the side that thinks the software was always secure but that the US put them under a lot of pressure and the best solution was to abandon it. I guess then there's no need to worry about other forks and stuff. It's more secure than I'd probably ever need and I've got the installs for Windows and Linux.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Xanduin
Posts: 300
Joined: Sat Oct 01, 2011 10:03 am
Gender: Male
Sexual preference: Gay
Species: Dog
Region: Gauteng
Location: Joburg

Re: Truecrypt

#10

Post by Xanduin »

Will it work in windows 8?
Post Reply