FBI Withholds 69 Pages of TrueCrypt-Related Documents, Most Of Which Can Already Be Found Online

Discussion in 'privacy technology' started by lotuseclat79, Jul 12, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    FBI Withholds 69 Pages of TrueCrypt-Related Documents, Most Of Which Can Already Be Found Online

    -- Tom
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    No doubt they are activly trying to exploit Truecrypt users as we speak. By now everyone should have moved onto Veracrypt so it's not a big deal I think.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I don't see how withholding information that is already public means that the FBI somehow managed to break TrueCrypt...
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Have you looked at that code? Have you ever gone over to the VeraCrypt forum and tried reading around and examining what support (if any) is available? I am not wanting to slam the thing, just point out the expertise level of forum activity is lacking - to me. Disregarding the one main developer, how many folks stand out to you as "pro/coder" level?

    That said; I may grab the VeraCrypt code in the coming months and sift through it. Compiling TC was tougher than VeraCrypt looks to be.

    Wondering if anyone here is running a modified VC code, and how the driver signing was being handled if so?
     
  5. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    No I haven't looked at the code yet but I will. Yes I have gone to the VeraCrypt forum and the main developer does awnser a lot of questions asked by people

    To answer your question there are very few people I trust who are "Pro coders". Moxie Marlinspike is one and Linus from the Linux Kernal is the other.

    VeraCrypt is simply a fork of Truecrypt. It borrows a lot of code I will bet but has huge security improvements addressing the TrueCrypt audit findings.

    Plus the VeraCrypt main developer is not hiding. His name is known and he comes from France. The whole project is pretty transparent if you ask me.
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Given the fact that the audit didn't find any "huge" security problems, I don't see any reason to use VeraCrypt instead of old TrueCrypt.
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    FUD.

    I'm actually not looking for a direct replacement for TC, because what I want is the ability to individually encrypt files and open them with assurance of physical presence with two-factor. Something like a separate USB crypto-smart drive with a Yubikey or something.

    The problem I have with all FDE and container encryption is that once the passphrase has been entered, all the files are available to all processes (without other protections). With current remote threats being most concerning, and with the ability of malware to exfiltrate without escalation, that's a problem for all TC class of protection.
     
  8. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    Well it has improved and fixed the issues that came out in the audit. Bruteforce is less likely and you can mount TrueCrypt volumes with VeraCrypt.

    Plus TrueCrypt is end of life. Do you want to be using software that has security issues and will never get them fixed?
     
Loading...