Support for decade-old crypto program pulled, touching off Internet firestorm.
by Dan Goodin - May 28 2014, 9:48pm GMTST
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
Full Article
“TrueCrypt is not secure,” official SourceForge page abruptly warns
Userlevel 7
+54
Userlevel 7
+56
That is pretty scary, especially the confusion over whether it is official or not. I think people would much rather use an open source tool than a prioprietary one in this situation.
Userlevel 7
+54
There is quite a bit of a buzz about this one starting now, with one report stating that users are recommended to drop its product and shift to Microsoft's Bitlocker. I would expect things will become clearer soon once the breach has been investigated.
Userlevel 7
+56
Some good detail from a reddit thread:
http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
Userlevel 7
+62
😃 I'll be back Im going to follow the link..;)
Userlevel 7
Tried it and did not like it...over hyped if you ask me. I have been using Axcrypt which does a very good job for what it is...and is still being developed. Check it out.
Baldrick
Baldrick
Userlevel 7
+62
:S @ :I have been using Axcrypt which does a very good job for what it is...and is still being developed. Check it out.
Alrighty, you know me. Checking it out...Have anything for the MAC? HAHAHA;)
Alrighty, you know me. Checking it out...Have anything for the MAC? HAHAHA;)
Userlevel 7
+54
EXCERPT:
.
.
.
Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.
What’s more, the last version of TrueCrypt uploaded to the site on May 27 (still available at this link) shows that the key used to sign the executable installer file is the same one that was used to sign the program back in January 2014 (hat tip to @runasand and @pyllyukko). Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired.
That was the same conclusion reached by Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute and a longtime skeptic of TrueCrypt — which has been developed for the past 10 years by a team of anonymous coders who appear to have worked diligently to keep their identities hidden.
“I think the TrueCrypt team did this,” Green said in a phone interview. “They decided to quit and this is their signature way of doing it.”
Full Article
.
.
.
Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. But a cursory review of the site’s historic hosting, WHOIS and DNS records shows no substantive changes recently.
What’s more, the last version of TrueCrypt uploaded to the site on May 27 (still available at this link) shows that the key used to sign the executable installer file is the same one that was used to sign the program back in January 2014 (hat tip to @runasand and @pyllyukko). Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired.
That was the same conclusion reached by Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute and a longtime skeptic of TrueCrypt — which has been developed for the past 10 years by a team of anonymous coders who appear to have worked diligently to keep their identities hidden.
“I think the TrueCrypt team did this,” Green said in a phone interview. “They decided to quit and this is their signature way of doing it.”
Full Article
Userlevel 7
+54
By Joseph Menn
SAN FRANCISCO (Reuters) - A team of security experts may seek to restore and improve a popular computer encryption system after its developers mysteriously shut it down, claiming "unfixed security issues," a leader of the effort told Reuters on Thursday.
TrueCrypt, one of a number of programs that encrypt all of a user’s hard drive, had gained popularity after fugitive former National Security Agency contractor Edward Snowden praised it and law enforcement officials complained of their inability to crack it.
Full Article
SAN FRANCISCO (Reuters) - A team of security experts may seek to restore and improve a popular computer encryption system after its developers mysteriously shut it down, claiming "unfixed security issues," a leader of the effort told Reuters on Thursday.
TrueCrypt, one of a number of programs that encrypt all of a user’s hard drive, had gained popularity after fugitive former National Security Agency contractor Edward Snowden praised it and law enforcement officials complained of their inability to crack it.
Full Article
Userlevel 7
Thanks Jasper!
Userlevel 7
+56
That would be cool if someone took up the torch on this one.
Userlevel 7
+54
Thorough cryptanalysis will search for backdoors and crippling weaknesses.
by Dan Goodin - May 30 2014TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandonedby its anonymous developers two days ago.
Phase II of the security audit was already scheduled to commence when Wednesday's bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for.
"We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday's circumstances," Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. "We don't want there to remain all sorts of questions or scenarios or what ifs in people's minds. TrueCrypt has been around for 10 years and it's never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis."
Full Article
Userlevel 7
The following is a update on the trouble Truecrypt
=================================================================================================
"Update" Troubled Truecrypt the ONLY OPTION for S3, but Amazon stays silent
By Darren Pauli, 11 Jun 2014
Summary/
Amazon Web Services (AWS) has kept mum on whether it will dump the troubled TrueCrypt platform used to encrypt data data imported and exported to its Simple Storage Service (S3).
The popular crypto platform recently became a pariah after its shadowy developers posted a note to the official website claiming it was compromised and users should adopt rival Microsoft Bitlocker.
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/06/11/troubled_truecrypt_the_only_option_for_s3_but_amazon_stays_silent/
=================================================================================================
"Update" Troubled Truecrypt the ONLY OPTION for S3, but Amazon stays silent
By Darren Pauli, 11 Jun 2014
Summary/
Amazon Web Services (AWS) has kept mum on whether it will dump the troubled TrueCrypt platform used to encrypt data data imported and exported to its Simple Storage Service (S3).
The popular crypto platform recently became a pariah after its shadowy developers posted a note to the official website claiming it was compromised and users should adopt rival Microsoft Bitlocker.
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/06/11/troubled_truecrypt_the_only_option_for_s3_but_amazon_stays_silent/
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.