TrueCrypt NOT secure?!?

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

TrueCrypt NOT secure?!?

Postby Lars » Sun Jun 01, 2014 3:35 am

TrueCrypt is not secure - and the World is left hanging!!!
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: TrueCrypt NOT secure?!?

Postby jonat » Mon Jun 02, 2014 12:59 pm

There's no evidence that TrueCrypt 7.1a is not secure. It is true that it is no longer being maintained. There are alternatives, but none quite as nice (or as free.)
jonat
 
Posts: 2198
Joined: Thu Dec 09, 2010 8:42 pm

Re: TrueCrypt NOT secure?!?

Postby Lars » Tue Jun 03, 2014 1:11 am

When the folks maintaining TrueCrypt (or used to maintain it) says it's not secure, I think we need to pay serious attention to it. It has after all not been updated for about 2 years!!!
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: TrueCrypt NOT secure?!?

Postby jonat » Tue Jun 03, 2014 12:18 pm

I have been closely following the discussions on this. The current thinking is that the recent announcement was a "warrant canary", indicating that the developers were told by a government to do something they didn't want to. An independent audit of TrueCrypt is ongoing, but no issues have been found so far.

Yes, it hasn't been updated in two years and doesn't work with GPT disks or UEFI firmware, and that's a problem, but if you're currently using version 7.1a, as I am, there's no urgency in changing. I probably will look for alternatives, though. There aren't many.
jonat
 
Posts: 2198
Joined: Thu Dec 09, 2010 8:42 pm

Re: TrueCrypt NOT secure?!?

Postby Lars » Tue Jun 03, 2014 1:38 pm

Due to this recent event, you have to assume it's not safe - at least until the audit is completely done.
It is by the way, a staggering amount of money they raised for the audit.. :)

I am always completely up to date on all my security software, and I will continue to use TrueCrypt 7.1a, as I really do not have anything that secret. If any 3-letter agency wants my information, I shall gladly send it to them in clear-text. My main reason for encrypting data, is to thwart identity thieves and the likes.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: TrueCrypt NOT secure?!?

Postby jpenny84 » Tue Jun 03, 2014 4:39 pm

As an aside, I find it funny that some individuals fault LastPass for not making the source for their proprietary components open source, when there have been vulnerabilities found recently in Linux that have been there for years and now the question marks with TrueCrypt.
jpenny84
 
Posts: 8679
Joined: Tue Mar 06, 2012 9:10 pm

Re: TrueCrypt NOT secure?!?

Postby Lars » Tue Jun 03, 2014 5:15 pm

Use OpenBSD if you want a secure *nix flavor.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: TrueCrypt NOT secure?!?

Postby jonat » Wed Jun 04, 2014 11:45 am

Really? That would be one of my last choices. But who was asking about *nix?
jonat
 
Posts: 2198
Joined: Thu Dec 09, 2010 8:42 pm

Re: TrueCrypt NOT secure?!?

Postby Lars » Wed Jun 04, 2014 11:51 am

jonat Wrote:Really? That would be one of my last choices. But who was asking about *nix?
jpenney84 was in the posting right before mine :)

Yes, OpenBSD would most definitely be in the "most secure" end of the scale.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: TrueCrypt NOT secure?!?

Postby ponfilo3220 » Mon Jul 28, 2014 7:23 pm

Steve Gibson and Leo Laporte covered this topic about Truecrypt in a recent SecurityNow podcast - and the recent issue of LP not opening up their source code. The topic spilled over into their latest podcast, entitled iOS Surveillance? (emphasis on the question mark) He basically summed it up that the code has been audited as best as it could be by a product that isn't open source, and he doesn't see ANY evidence (both for LP and iOS) that either company is doing anything funny. Reputations are on the line here. But for the ultra paranoid (and this goes for the truecrypt product) some will say that if we can't audit the code then it's not trustworthy - in which Steve says (and I agree), "unless you code it yourself - heck, who knows if Intel chips don't have back doors in it, so, go down to the beach, get some sand, make your own silicon..." see where I'm going? Personally, as far as Truecrypt goes, we don't even know who the creators are, that's something to be concerned about (at least Leo thought so), I have no dog in this fight, I don't use Truecrypt but I know a lot of folks who do - and they don't plan on stopping their use of TC, unless the audit by Matt Green's team says differently. That's just my two cents....Oh btw,
ponfilo3220
 
Posts: 4
Joined: Mon Jul 28, 2014 6:39 pm


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 2 guests