LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Sourceforge project page: TrueCrypt stops in 5/2014 (http://www.linuxquestions.org/questions/slackware-14/sourceforge-project-page-truecrypt-stops-in-5-2014-a-4175506320/)

jamesf 05-28-2014 05:18 PM

Sourceforge project page: TrueCrypt stops in 5/2014
 
I know this isn't a Slackware-only issue, but thought the news was important given that so many Linuxers use TrueCrypt.

From ArsTechnica.com:

“TrueCrypt is not secure,” official SourceForge page abruptly warns
http://arstechnica.com/security/2014...bruptly-warns/

EDITS BELOW:
Replacements (may not be cross-platform) gathered from this thread (ongoing work):
aescrypt is mentioned here
FreeOTFE is mentioned here
zuluCrypt is mentioned here
ScramDisk/sd4l is mentioned here
truecrypt.ch fork is mentioned here
cryptsetup is mentioned briefly here
EDS / EDS Lite for Android is mentioned here
* zuluCrypt current maintainer mhogomchungu talks about zuluCrypt and tc-play here
ciphershed truecrypt fork is mentioned here

GazL 05-28-2014 05:28 PM

Yep, I was just reading that. All of a sudden it's "not secure", but no details as to why. Very peculiar.

Not that it affects me, I use dm-crypt and/or pgp.

jamesf 05-28-2014 05:33 PM

I think that is simply a statement that is true both now and forevermore (since support is stopped).

There _may_ be unfixed security holes now, either known or unknown. In a year that will still be true. So, The Statement That Never Requires Change(TM) is invoked.

Thanks for the dm-crypt reminder. I never got around to implementing truecrypt and now I never will. ;vD

metaschima 05-28-2014 07:17 PM

I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.

jamesf 05-28-2014 07:55 PM

You could certainly be right, metaschima. If it is true then the time to change over is now. If it isn't, well, at least that will be known, too.

I considered the 'hacked' possibility, but it sure was detailed with accurate-seeming instructions for removal.

NSA-conspiracy theory, anyone? ;vD

Edit: Interestingly enough, www.truecrypt.org redirects to the sourceforge page, too. Now off to whois...

moisespedro 05-28-2014 08:01 PM

Quote:

Originally Posted by metaschima (Post 5178355)
I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.

Quote:

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers.
Only time will tell

metaschima 05-28-2014 08:06 PM

Quote:

Originally Posted by jamesf (Post 5178376)
NSA-conspiracy theory, anyone? ;vD

Certainly, but it's too soon to tell.

rknichols 05-28-2014 09:51 PM

Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP. :eek:

ponce 05-29-2014 04:14 AM

more on The Register (via Chess).

Darth Vader 05-29-2014 05:04 AM

Quote:

Originally Posted by rknichols (Post 5178440)
Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP. :eek:

Or maybe just a friendly vise pressing of the TrueCrypt developers balls, made by the old Snowden's bosses?

Something innocent like:

Guys, you just want to really have a Russian passport?

Habitual 05-29-2014 12:16 PM

Dear Edward Snowden:

Stay off television.

Everything you touch or mention turns to shit.

dunric 05-29-2014 01:02 PM

It's strange they even managed to wipe pages cache: Google cache

One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.

ponce 05-29-2014 01:06 PM

Don't believe the hype.

jprzybylski 05-29-2014 01:35 PM

BREAKING NEWS:
Edward Snowden confesses to drinking soda. All soda manufacturers shut down in attempt to make Snowden thirsty. News at 11.

PS: Jokes aside, this is quite weird.

metaschima 05-29-2014 03:15 PM

Quote:

Originally Posted by dunric (Post 5178855)
One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.

That is true and BitLocker is NOT open-source and may have a backdoor:
http://mcpmag.com/articles/2013/09/1...-backdoor.aspx


All times are GMT -5. The time now is 03:28 AM.