Sourceforge project page: TrueCrypt stops in 5/2014

jamesf · 05-28-2014, 05:18 PM

I know this isn't a Slackware-only issue, but thought the news was important given that so many Linuxers use TrueCrypt.

From ArsTechnica.com:

“TrueCrypt is not secure,” official SourceForge page abruptly warns
http://arstechnica.com/security/2014...bruptly-warns/

EDITS BELOW:
Replacements (may not be cross-platform) gathered from this thread (ongoing work):
aescrypt is mentioned here
FreeOTFE is mentioned here
zuluCrypt is mentioned here
ScramDisk/sd4l is mentioned here
truecrypt.ch fork is mentioned here
cryptsetup is mentioned briefly here
EDS / EDS Lite for Android is mentioned here
* zuluCrypt current maintainer mhogomchungu talks about zuluCrypt and tc-play here
ciphershed truecrypt fork is mentioned here

GazL · 05-28-2014, 05:28 PM

Yep, I was just reading that. All of a sudden it's "not secure", but no details as to why. Very peculiar.

Not that it affects me, I use dm-crypt and/or pgp.

jamesf · 05-28-2014, 05:33 PM

I think that is simply a statement that is true both now and forevermore (since support is stopped).

There _may_ be unfixed security holes now, either known or unknown. In a year that will still be true. So, The Statement That Never Requires Change(TM) is invoked.

Thanks for the dm-crypt reminder. I never got around to implementing truecrypt and now I never will. ;vD

metaschima · 05-28-2014, 07:17 PM

I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.

jamesf · 05-28-2014, 07:55 PM

You could certainly be right, metaschima. If it is true then the time to change over is now. If it isn't, well, at least that will be known, too.

I considered the 'hacked' possibility, but it sure was detailed with accurate-seeming instructions for removal.

NSA-conspiracy theory, anyone? ;vD

Edit: Interestingly enough, www.truecrypt.org redirects to the sourceforge page, too. Now off to whois...

moisespedro · 05-28-2014, 08:01 PM

Quote:

Originally Posted by metaschima

I have a strong feeling that the site may be hacked, so don't trust it just yet. I mean why would they suddenly remove all previous truecrypt versions, and why right after the audit, which wasn't free.

Quote:

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers.

Only time will tell

metaschima · 05-28-2014, 08:06 PM

Quote:

Originally Posted by jamesf

NSA-conspiracy theory, anyone? ;vD

Certainly, but it's too soon to tell.

rknichols · 05-28-2014, 09:51 PM

Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP.

ponce · 05-29-2014, 04:14 AM

more on The Register (via Chess).

Darth Vader · 05-29-2014, 05:04 AM

Quote:

Originally Posted by rknichols

Perhaps an "offer you can't refuse" from M$ in a continuing effort to push people off of Windows XP.

Or maybe just a friendly vise pressing of the TrueCrypt developers balls, made by the old Snowden's bosses?

Something innocent like:

Guys, you just want to really have a Russian passport?

Habitual · 05-29-2014, 12:16 PM

Dear Edward Snowden:

Stay off television.

Everything you touch or mention turns to shit.

dunric · 05-29-2014, 01:02 PM

It's strange they even managed to wipe pages cache: Google cache

One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.

ponce · 05-29-2014, 01:06 PM

Don't believe the hype.

jprzybylski · 05-29-2014, 01:35 PM

BREAKING NEWS:
Edward Snowden confesses to drinking soda. All soda manufacturers shut down in attempt to make Snowden thirsty. News at 11.

PS: Jokes aside, this is quite weird.

metaschima · 05-29-2014, 03:15 PM

Quote:

Originally Posted by dunric

One thing is almost sure - TC devs would never recommend BitLocker. It's in clear opposition to their comments in the past.

That is true and BitLocker is NOT open-source and may have a backdoor:
http://mcpmag.com/articles/2013/09/1...-backdoor.aspx