Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"TrueCrypt critical flaws revealed: It's time to jump ship", via ZDNet


  • Please log in to reply
9 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 30 September 2015 - 02:52 PM

Serious security flaws have been discovered in TrueCrypt, placing users who insist on using the legacy encryption system at risk.

The system encryption service, axed last year after Microsoft terminated support for Windows XP, was canned without warning due to "unresolved security issues" in May 2014.

TrueCrypt is still available for download -- but is recommended only if you are migrating data on drives encrypted by TrueCrypt. Instead, PC users who wish to encrypt their hard drives and virtual disk images are asked to download the spin-off Veracrypt or use Microsoft's BitLocker instead.

The need to move on from Truecrypt is now more pressing thanks to the discovery of two severe security flaws in the program by James Forshaw, a member of Google's Project Zero security team.


Source: http://www.zdnet.com/article/truecrypt-critical-flaws-revealed-its-time-to-jump-ship/

Time to make the move from TrueCrypt to VeraCrypt (which isn't that bad anyway since the GUI is the same with a few tweaks). Thanks to Pranav (blueelvis) for sharing an article related to that on my Facebook! :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,426 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 01 October 2015 - 10:15 AM

I transferred files from a TrueCrypt container to a new Veracrypt container and the one thing I noticed is Veracrypt takes some time to mount the container where TrueCrypt would do it instantly.



#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:05:53 AM

Posted 05 December 2015 - 04:36 PM

I'm fixing to encrypt using Bitlocker, ... especially after I found out aboutt this, and considering the company I work for requires personal laptops to be encrypted when accessing their resources.


The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 GoFigure

GoFigure

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olney, Illinois
  • Local time:03:53 AM

Posted 06 December 2015 - 04:08 PM

Truecrypt was audited in two stages, the last one being finished in March of this year.  Those audits found that though there are flaws they don't impact the security.  There are no backdoors or other flaws that would affect security.  Additionally it was found, that though they may be mitigated to an extent, there is no way to absolutely fix the 'flaws' in available forks (Veracrypt).  One of the flaws is related to Microsofts crypto API. If you wanted to stay absolutely secure you need to stay away from anything that uses that API.  This means you would have to buy a third party package that is developed using a proprietary crypto API.  I saw a program on the internet last week that is guaranteed to break Bitlocker and it is free.



#5 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 07 December 2015 - 05:25 AM

Clickbait Title...

 

If you read the article (and "flaws") carrefull, TrueCrypt is as safe as it was (encryption-wise).

 

Greets!


Edited by GNULINUX, 07 December 2015 - 05:31 AM.


#6 GRCScorpion

GRCScorpion

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 08:05 AM

It's kinda like this with encryption it's only as good as the person who is handling it. Encryption is one of the many tools you can use to secure your data and transfer it safely. Anything that is man made can be reversed or broken just depends on the time and funds you have at your disposal. 

 

Same goes for the person who is securing it and the techincal ability of the person using the technology and their understand of how it works.

 

End of the day as long as you use multiple methods to secure your data and computer via strong passwords, strong firewalls, safe surfing, User Access Control, safe email policies, then you should be fine with most encryption tools that are widely used as if someone cannot steal the data in the first place then it won't matter how secure encryption is.

 

As long as you make it as difficult as you can then you have done what you can. I guess what I am trying to get accross there is no silver bullet and multiple policies should be used to protect data. Including Encryption.

 

Scorpion :tophat:



#7 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 AM

Posted 10 December 2015 - 09:31 PM

Clickbait Title...
 
If you read the article (and "flaws") carrefull, TrueCrypt is as safe as it was (encryption-wise).
 
Greets!


This is an old article. There's another one where Security Researchers explains the flaws in TrueCrypt and says that they aren't that dangerous, and that the attack vector is really small.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2015 - 04:59 AM

Aura: Thanks for the clarification!  B)

 

Greets!



#9 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 11 December 2015 - 07:47 AM

No problem, here's the link to the thread where I posted the news about TrueCrypt not being as insecure as people said (if it interests you).

http://www.bleepingcomputer.com/forums/t/597399/truecrypt-is-safer-than-previously-reported-detailed-analysis-concludes-arst/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2015 - 02:24 PM

Thanks for pointing me to the thread!  :thumbup2:

 

Indeed, that second article is much more nuanced and "real life" oriented...

 

Greets!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users