Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrueCrypt is not secure, official SourceForge page abruptly warns


  • Please log in to reply
30 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:31 PM

Posted 28 May 2014 - 10:52 PM

 

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/

 

 

 

 

Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images.

And I would trust that WHY?

 

Encrypted by M$ is like security by M$ :hysterical:


Edited by NickAu1, 28 May 2014 - 11:59 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 28 May 2014 - 11:34 PM

====================================
Here are a few alternative to Truecrypt.  I've only experimented with one of them.  Use them at your own risk.
====================================
Axcrypt
------------------------------------
It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. Features Password Protect any number of files using strong encryption. Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows. Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected.
------------------------------------
WEBSITE: http://www.axantum.com/axCrypt/
------------------------------------
MY COMMENTS: I experimented with this in 2014_04, and it encrypts and password protects on a file-by-file basis.
------------------------------------
COUNTRY OF ORIGIN: Sweden
====================================
GnuPG
------------------------------------
GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.
------------------------------------
WEBSITE: https://www.gnupg.org/
------------------------------------
MY COMMENTS: Haven't tested it out.
------------------------------------
COUNTRY OF ORIGIN: Germany
====================================
AES Crypt
------------------------------------
AES Crypt is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files.

You do not need to be an expert to use AES Crypt, nor do you need to understand cryptography. When using Windows, the only thing you need to do is right-click on a file, select AES Encrypt or AES Decrypt, enter a password, and AES Crypt will do the rest. On a Mac, you can drag a file to the AES Crypt program and provide the required password. On the command line, one can execute the "aescrypt" command with name of the file and password to use to encrypt or decrypt. For Java and C# developers, there is also a Java and C# library available that can read and write AES-encrypted files from within your application.
------------------------------------
WEBSITE: http://www.aescrypt.com/
------------------------------------
MY COMMENTS: Haven't tested it out.  Per the site, it protects on a file-by-file basis.
------------------------------------
COUNTRY OF ORIGIN: USA
====================================
 


Edited by scotty_ncc1701, 28 May 2014 - 11:35 PM.


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:31 PM

Posted 29 May 2014 - 12:23 AM

A small part of me died, hearing about this project coming to an end...



#4 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 10:45 AM

Right? Over on Krebs they're saying

The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.


#5 JohnC_21

JohnC_21

  • Members
  • 23,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 29 May 2014 - 11:40 AM

And yet they are still continuing with the audit? I will be looking at DiskCrypt but I really liked the container aspect of Truecrypt.

 

comparison of different disk encryption software



#6 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 11:43 AM

Yep, even Edward Snowden used, trusted and advised using TrueCrypt.



#7 JohnC_21

JohnC_21

  • Members
  • 23,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 29 May 2014 - 12:02 PM

What is kind of suspicious is the fact they say it is not longer secure because Windows XP no longer is supported which makes no sense to me as TrueCrypt also has versions for MAC and Linux. What does Windows XP end of Life have anything to do with a program that encrypts the Disk?



#8 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 12:11 PM

Don't know yet. Like ZDNet says, "This would all be a lot clearer if only it were April 1." :)



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:31 PM

Posted 29 May 2014 - 03:11 PM

The site reads to me like Micro$oft bought them.

 

"Shut down your project guys, and advise everyone to use BitLocker. Here's a few million dollars..."



#10 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 03:38 PM

How? No one knows who "them" are. (The TrueCrpyt dvelopers are anonymous).



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:31 PM

Posted 29 May 2014 - 03:43 PM

Anonymous to you and I maybe, but maybe not as anonymous to the richest companies in the world.



#12 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 03:56 PM

I see. Got a link?



#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:31 PM

Posted 29 May 2014 - 04:01 PM

It's purely speculation...

"This isn't based on any known facts. It's not even a rumor.
- Perhaps USA intelligence demanded access. (not the first time)
- Principled developers quit rather than concede. (not the first time)
- Perhaps TrueCrypt isn't legally allowed to explain their actions. (not the first time)"

 

here's another great article...

 

http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/



#14 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 May 2014 - 04:19 PM

Whither TrueCrypt?

We know NOTHING about the developers behind TrueCrypt.
...
- The anonymous Truecrypt dev team, from their submarine hideout. I emailed. No response. Takes a while for email to reach the sub.

...
So, given the scant evidence, I think it’s much more likely that the TrueCrypt team – whomever they are – legitimately created this updated Windows executable and other files which would imply that they also took down their long-running TrueCrypt site.

Which, of course, leaves us asking why?  We don’t know because we don’t know anything about them or their motives. They might be in Russia or China where Windows XP is still a big deal (with a more than 50% share) and personally annoyed with Microsoft for cutting off support for Windows XP.  Or anything else.

What’s creepy is that we may never know.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:31 AM

Posted 29 May 2014 - 05:37 PM

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users