TrueCrypt's Disappearance

[steve10765]

yup yup yup...

Here's how to best secure your data now that the NSA can crack almost any encryption | PCWorld

its funny how the web page wont load for me, the NSA doesn't want me getting any ideas lol

let me guess how it is though, go strait to the manufacturer for your comp(NSA cant intercept it) and never go online.

I read somewhere that if you try to keep your stuff private, the CIA can legally break into your house and plant bugs, so you really cant do anything...

 

[Joe C]

its funny how the web page wont load for me, the NSA doesn't want me getting any ideas lol

let me guess how it is though, go strait to the manufacturer for your comp(NSA cant intercept it) and never go online.

I read somewhere that if you try to keep your stuff private, the CIA can legally break into your house and plant bugs, so you really cant do anything...

They are quick!


hey...There's a couple big black suv's out in front of my home.....

 

[steve10765]

They are quick!


hey...There's a couple big black suv's out in front of my home.....

well it was nice knowing you Joe C!

 

[C0RR0SIVE]

The only secure system, is one that doesn't exist IMO.

 

[Joe C]

What good is an encryption program if it has been cracked?
I'm thinking that's the reason they gave it up

 

[carnageX]

What good is an encryption program if it has been cracked?
I'm thinking that's the reason they gave it up

Every encryption can be cracked; it wasn't designed to be "uncrackable" - that's not the point. It's just a "time game". Encryption is good if it can basically outlast the lifetime of the person trying to crack it. Even 2048 encryption can be cracked... it'll just take a VERY VERY VERY looooooong time to do it, which means outlasting the life of the person trying to crack it.

IMO, they either got bored with developing it and didn't want to do it anymore (possible), or the gov (NSA or some other body) asked them to put some kind of back door in (like what happened with Lavabit), and they refused, so they decided to nuke the app.

 

[Joe C]

I can't agree.... Back in '08 there is this:

Operation Satyagraha
In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.

United States v. John Doe
In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives. The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making him or her do so

James DeSilva
In February 2014, IT department employee James DeSilva was arrested on charges of sexual exploitation of a minor through the sharing of explicit images over the Internet. His computer, encrypted with TrueCrypt, was seized, and DeSilva refused to reveal the password. Forensics detectives from the Maricopa County Sheriff's Office were unable to gain access to his stored files

As you can see, most likely governments had an issue with True Crypt and it was probably high on their list of something to break.
Now that it has been cracked, it's no longer secure like it was before

Source:
http://en.wikipedia.org/wiki/TrueCrypt

 

[carnageX]

I can't agree.... Back in '08 there is this:
As you can see, most likely governments had an issue with True Crypt and it was probably high on their list of something to break.
Now that it has been cracked, it's no longer secure like it was before

Source:
TrueCrypt - Wikipedia, the free encyclopedia

The only way to crack the encryption is to do what was already tried (unless a backdoor was found): brute-force attack the encryption, which can take hundreds of years, depending on the encryption level. Which is exactly what I was saying before: good encryption doesn't have to be uncrackable: it just has to outlive the person trying to crack the encryption. Plus, their code was even audited earlier this year it seems (and is being audited again for the re-write and re-release of TC under a different name/license).

Steve of Gibson Research Co. even says TrueCrypt 7.1a is still safe to use:
https://www.grc.com/misc/truecrypt/truecrypt.htm

Quoted from that page:

And then the TrueCrypt developers were heard from . . .
Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):
TrueCrypt Developer “David”: “We were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever.”
Steven Barnhart (Paraphrasing): Developer “personally” feels that fork is harmful: “The source is still available as a reference though.”
Steven Barnhart: “I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.”
Steven Barnhart: “Also said no government contact except one time inquiring about a ‘support contract.' ”
TrueCrypt Developer “David” said: “Bitlocker is ‘good enough' and Windows was original ‘goal of the project.' ”
Quoting TrueCrypt Developer David: “There is no longer interest.”

So according to tweets and such from the developers.... they got bored with it. Of course they're going to call their own product "insecure" because they're not supporting it anymore, and are basically saying "we can't be held liable if there is a bug found because we don't support it anymore, therefore we are calling it insecure and recommend using software that is still maintained."

 

[office politics]

I swear gpus can run millions of passwords a second. I went looking for the article but came up with something different instead.

here's an interesting way to crack them

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data.

Researchers crack the world's toughest encryption by listening to the tiny sounds made by your computer's CPU | ExtremeTech


currently, the best data I found on brute forcing with gpus



GPU-Based Cracking: AMD Vs. Nvidia In Brute-Force Attack Performance - Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud

 

[Joe C]

By Andrew Ku August 14, 2011 10:00 PM

Kinda old data by today's standards

Here's something that's more up to date:

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volumes. It works on Linux and it is optimized for Nvidia Cuda technology.

The execution time of TrueCrack for a dictionary attack is (average word length 10 characters):

https://code.google.com/p/truecrack/