TrueCrypt's Disappearance

[carnageX]

So I'm surprised this hasn't been brought up. TrueCrypt's developer's nerfed the 7.2 update to only be able to read data, and is suggesting to move to another encryption solution.

Nobody is exactly sure why yet they've abandoned the project, but here's some links:

“TrueCrypt is not secure,” official SourceForge page abruptly warns | Ars Technica

Steve Gibson of the Gibson Research Corp. made some good points as well, and reassures that TrueCrypt 7.1a is alright to stay on:
https://www.grc.com/misc/truecrypt/truecrypt.htm

Steve included download links to all versions/source code for all platforms for TC 7.1a at the bottom of the page as well.

 

[Joe C]

the developers feel that True Crypt has been compromised

 

[carnageX]

Doesn't matter to much anymore; it's been forked and a full-on audit is going on to fix any vulnerabilities found. It'll then be re-branded as something other than TrueCrypt and released with a new license.

 

[Reapt]

Doesn't matter to much anymore; it's been forked and a full-on audit is going on to fix any vulnerabilities found. It'll then be re-branded as something other than TrueCrypt and released with a new license.

Pretty Sure true crypt is still fairly safe. Just make sure the PW to lock the drive cant be bruteforced, and please for the love of all that is holy dont save the key somewhere accessible. /facepalm

 

[carnageX]

Pretty Sure true crypt is still fairly safe. Just make sure the PW to lock the drive cant be bruteforced, and please for the love of all that is holy dont save the key somewhere accessible. /facepalm

This.

Although, all encryptions can be broken - it's just a matter of the timetable that it can actually be brute forced. If the time it takes to be cracked exceeds the lifespan of the person cracking it... it's generally well encrypted.

But yes, I agree; pretty sure TC is still safe to use (7.1a that is)... and even if Steven Gibson thinks so, I'd think it's safe to assume that's true.

 

[Reapt]

This.

Although, all encryptions can be broken - it's just a matter of the timetable that it can actually be brute forced. If the time it takes to be cracked exceeds the lifespan of the person cracking it... it's generally well encrypted.

But yes, I agree; pretty sure TC is still safe to use (7.1a that is)... and even if Steven Gibson thinks so, I'd think it's safe to assume that's true.

Yup exactly. Well you can hypothetically brute force anything if you have a few hundred-thousand years to spare on todays boxes lol

 

[steve10765]

NSA probably already has a backdoor...

 

[Joe C]

NSA probably already has a backdoor...

Yup...it's been cracked so the developers are cutting True Crypt loose and I imagine as carnageX suggested, they'll be working on something better

 

[carnageX]

Yup...it's been cracked so the developers are cutting True Crypt loose and I imagine as carnageX suggested, they'll be working on something better

Or they went the Lavabit route and nuked the entire application because they were asked to put a backdoor.

But it sounds like they just got bored and didn't want to maintain it anymore really, so they nuked it and said "using this is insecure because it's not supported anymore" which is a good idea to do if you're a security application developer.

Either way, it's doesn't sound like it's the original dev's working on the forked TrueCrypt anymore, which is why it's going to be called something else once bugs get fixed / re-licensed.

 

[Joe C]

yup yup yup...

The latest Snowden-supplied bombshell shook the technology world to its core on Thursday: The NSA can crack many of the encryption technologies in place today, using a mixture of backdoors baked into software at the government's behest, a $250 million per year budget to encourage commercial software vendors to make its security “exploitable,” and sheer computer-cracking technological prowess.

Here's how to best secure your data now that the NSA can crack almost any encryption | PCWorld