LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 05-28-2014, 06:18 PM   #1
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Rep: Reputation: 51
Sourceforge project page: TrueCrypt stops in 5/2014


I know this isn't a Slackware-only issue, but thought the news was important given that so many Linuxers use TrueCrypt.

From ArsTechnica.com:

“TrueCrypt is not secure,” official SourceForge page abruptly warns
http://arstechnica.com/security/2014...bruptly-warns/

EDITS BELOW:
Replacements (may not be cross-platform) gathered from this thread (ongoing work):
aescrypt is mentioned here
FreeOTFE is mentioned here
zuluCrypt is mentioned here
ScramDisk/sd4l is mentioned here
truecrypt.ch fork is mentioned here
cryptsetup is mentioned briefly here
EDS / EDS Lite for Android is mentioned here
* zuluCrypt current maintainer mhogomchungu talks about zuluCrypt and tc-play here
ciphershed truecrypt fork is mentioned here

Last edited by jamesf; 06-07-2014 at 01:45 AM.
 
Old 05-28-2014, 06:28 PM   #2
GazL
Senior Member
 
Registered: May 2008
Posts: 3,502

Rep: Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024
Yep, I was just reading that. All of a sudden it's "not secure", but no details as to why. Very peculiar.

Not that it affects me, I use dm-crypt and/or pgp.
 
Old 05-28-2014, 06:33 PM   #3
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Original Poster
Rep: Reputation: 51
I think that is simply a statement that is true both now and forevermore (since support is stopped).

There _may_ be unfixed security holes now, either known or unknown. In a year that will still be true. So, The Statement That Never Requires Change(TM) is invoked.

Thanks for the dm-crypt reminder. I never got around to implementing truecrypt and now I never will. ;vD
 
Old 05-28-2014, 08:17 PM   #4
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,521

Rep: Reputation: Disabled
I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.
 
Old 05-28-2014, 08:55 PM   #5
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Original Poster
Rep: Reputation: 51
You could certainly be right, metaschima. If it is true then the time to change over is now. If it isn't, well, at least that will be known, too.

I considered the 'hacked' possibility, but it sure was detailed with accurate-seeming instructions for removal.

NSA-conspiracy theory, anyone? ;vD

Edit: Interestingly enough, www.truecrypt.org redirects to the sourceforge page, too. Now off to whois...

Last edited by jamesf; 05-28-2014 at 08:58 PM.
 
Old 05-28-2014, 09:01 PM   #6
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,138

Rep: Reputation: 151Reputation: 151
Quote:
Originally Posted by metaschima View Post
I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.
Quote:
Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers.
Only time will tell
 
Old 05-28-2014, 09:06 PM   #7
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,521

Rep: Reputation: Disabled
Quote:
Originally Posted by jamesf View Post
NSA-conspiracy theory, anyone? ;vD
Certainly, but it's too soon to tell.
 
Old 05-28-2014, 10:51 PM   #8
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,603

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP.
 
Old 05-29-2014, 05:14 AM   #9
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,496

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
more on The Register (via Chess).
 
Old 05-29-2014, 06:04 AM   #10
Darth Vader
Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 659

Rep: Reputation: 138Reputation: 138
Quote:
Originally Posted by rknichols View Post
Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP.
Or maybe just a friendly vise pressing of the TrueCrypt developers balls, made by the old Snowden's bosses?

Something innocent like:

Guys, you just want to really have a Russian passport?
 
Old 05-29-2014, 01:16 PM   #11
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,618
Blog Entries: 1

Rep: Reputation: Disabled
Dear Edward Snowden:

Stay off television.

Everything you touch or mention turns to shit.
 
Old 05-29-2014, 02:02 PM   #12
dunric
Member
 
Registered: Jul 2004
Distribution: Slackware, FreeBSD
Posts: 483

Rep: Reputation: 92
It's strange they even managed to wipe pages cache: Google cache

One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.
 
Old 05-29-2014, 02:06 PM   #13
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,496

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
Don't believe the hype.
 
Old 05-29-2014, 02:35 PM   #14
jprzybylski
Member
 
Registered: Apr 2011
Location: Canada
Distribution: Slackware
Posts: 98

Rep: Reputation: 23
BREAKING NEWS:
Edward Snowden confesses to drinking soda. All soda manufacturers shut down in attempt to make Snowden thirsty. News at 11.

PS: Jokes aside, this is quite weird.
 
Old 05-29-2014, 04:15 PM   #15
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,521

Rep: Reputation: Disabled
Quote:
Originally Posted by dunric View Post
One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.
That is true and BitLocker is NOT open-source and may have a backdoor:
http://mcpmag.com/articles/2013/09/1...-backdoor.aspx
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mac4Lin Project on Sourceforge.net infra_red_dude Linux - News 51 09-12-2010 04:24 PM
Wassup w/ this sourceforge project...? Alexvader Linux - General 2 04-08-2010 04:14 PM
Sourceforge.net project confusion montylee Programming 15 10-22-2007 09:01 AM
LXer: Rosegarden is SourceForge Project of the Month LXer Syndicated Linux News 0 01-20-2007 12:12 AM
Upload webpages/project to SourceForge Genjix General 4 03-21-2004 10:51 AM


All times are GMT -5. The time now is 07:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration