TrueCrypt forum gone? (TrueCrypt either stopped development or was hacked?)

Discussion in 'privacy technology' started by Palancar, May 28, 2014.

  1. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A prearranged signal that someone else knows the meaning of. For something like this, a banner, image, bit of text, etc that has to be manually added to a regularly updated site. If the banner or image disappears, something has happened.
     
  2. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Important Information If You Use TrueCrypt

    If you are currently using TrueCrypt, here's what you need to do:

    1.Continue using it as normal for the time being.
    2.Do NOT download the newly-released version. It can't be trusted for now.
    3.Don't consider switching to alternative encryption software for the moment. Your
    existing TrueCrypt installation will suffice, until the facts are known.

    http://www.techsupportalert.com/content/important-information-if-you-use-truecrypt.htm

    Is this good or bad advice on # 1 and # 3?




    Phase 1 audit of TrueCrypt was completed and focused on TrueCrypt bootloader and Windows
    kernel driver.

    Phase II was to begin to examine the implementation of encryption suites, random number
    generators and critical key algorithms.

    I would like them to continue the audit.
     
  3. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    @noone_particular
    How do we know they didn't? ;)

    Anyway I don't really think it matters. As I said earlier in this thread, if I had to guess, I'd lean toward a Lavabit type of thing (and actually even touched on the kind of coded messaging you describe). But most people seem to be latching on to the "well they must have gotten tired of maintaining it" theory. That doesn't add up in my view, considering all the facts (not the least of which is Green's last communication with the devs.) But either way, I think at this point the evidence adds up to it being legit (i.e. not a hoax) and they're walking away (either voluntarily or coerced.)

    But with the current climate ripe in demand for privacy and security tools, I don't think will be much of a shortage of community support in creating something even better. And again, this is something the evidence suggests:

    -The audit will continue, meaning we'll get a good foundation for determining not only how secure TC is, but also the codebase in general (meaning a good grounding for forks).

    -OpenCryptoAudit is also saying they are "considering several scenarios, including potentially supporting a fork under appropriate free license, w/ a fully reproducible build."

    -There's all the alternatives mentioned here

    -And of course there's a community that's doing stuff like this: http://truecrypt.ch/
     
    Last edited: May 31, 2014
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I would consider that sound advice for TrueCrypt users. We don't know anything for certain right now. If there is a fatal flaw in TrueCrypt, it's been there for a while and you've been vulnerable all this time. A little longer won't matter unless you've been specifically targeted in the last few months. We also have no way of knowing if the alternatives are any more secure or if the fault (if there is one) is in the encryption software itself or in the operating systems they run on.
     
  5. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    By suggesting that the thread title should be changed, I didn't mean any disrespect to you :).
     
  7. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    From Steve Gibson taken from twitter replies from dev. team

    https://www.grc.com/misc/truecrypt/truecrypt.htm

    .......And then the TrueCrypt developers were heard from!
    Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):

    TrueCrypt Developer “David”: “We were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever.”
    From

    Steven Barnhart: (Paraphrasing) Developer “personally” feels that fork is harmful: “The source is still available as a reference though.”
    Steven Barnhart: “I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.”
    Steven Barnhart: “Also said no government contact except one time inquiring about a ‘support contract.’ ”
    TrueCrypt Developer “David”: Said “Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ ”
    Quoting TrueCrypt Developer David: “There is no longer interest.”.....
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I looked @ the iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf & realised that a number of vulnerabilities could be easily circumvented by disabling your Paging/Swap file ;) I've done this since 98SE days with NO problems. If you have enough RAM it's fine, & Much better for privacy too :)

    @ mirimir

    Thanx for the Schneier info :thumb:
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  10. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    So clearing the pagefile at shutdown won't cut it? How about moving the pagefile to a separate drive?
    (not on same HD as the OS) What's the least amount of ram one could use?
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    This assumes that you'll have the opportunity and the time. If someone kicks in your door, you've got a few seconds at most. If they cut your power, even that may be gone. If the user has taken the time to set up voice control and used it to implement batch files, it could buy more than enough time.
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    So, if it's over, can we begin the speculation on who the TC developer(s) was? I've had my opinion since spring of 2004 and everything since then seemed to confirm it. This "ending" follows a very similar script in the history from my top "benevolent suspect." (And thanks to you for all of your work over the past decade.)

    I still feel safe with 7.1 (and will continue to use it) until I feel better about something else we don't know about yet.
     
    Last edited: May 30, 2014
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    If the code is maintained by the opensource community then anyone will be able to look through the code for malicious code. I'm not talking about the site at all. Its too early to say anything at this point.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think user's will be safe to continue to use TC version 7.1a since nothing malicious has been found with the audit. The audit only reenforces my decision to continue to use TrueCrypt. I don't need an upgraded version of TC. It would be nice if it's development was continued though in the opensource community.
     
  15. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    @S.B.
    Sounds like @Randcal was pretty much right.
     
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Just tried to view http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure but my browser attempted to redirect me to my ISP !

    block.png


    So i tried via Anonymouse which is only HTTP = same again ?

    block2.png

    I was able to view it with https://ixquick-proxy.com

    I found this interesting post after i managed to view it.

    Could be just a coincidence, or coIntel

    I disconnected from the internet & closed FF & waited about 10 mins before reconnecting. I looked up IWF & it means Internet Watch Foundation !

    iwf.png

    So my ISP was/is blocking anything Truecrypt related, pretending it's pron = WTF !
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ Compu KTed

    NO

    No as you still have one.

    Look @ Task Manager and/or Process Explorer, & compare your RAM usage with how much Actual RAM you have installed. If your usage keeps say 500 Mb or more below your installed, you should be fine.
     
  18. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
  19. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Still going to use it. Other than the devs just not wanting to continue (granted, in a very weird, even for non-native English speakers, if true, way) next on my list would be disinfo by an agency. A "crack" is way down on my personal list. To each their own. Glad Mr.Green is going to finish the audit.
     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Their site redirects to the sourceforge page now.
     
  21. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
  22. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The scope of alterations is too wide to be blackhats. They couldn't remove it from the Wayback Machine. Neither could the developers. The child porn claim seals it. Claim or plant the worst kind of evidence in order to discredit them.
     
  23. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    ? Isn't that what started this thread?

    False. The TrueCrypt website has never been on the Wayback Machine for as long as I can remember.
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I didn't get a redirect warning the last time I visited it. Unless I missed it and my browser failed to alert to it, I was viewing Truecrypt.org.

    I wasn't aware that they'd opted out of the Wayback Machine. Thanks.
     
  25. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    If anybody is looking for 7.1a packages, GRC got them. A new site seems to take initiative for reviving TrueCrypt.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.