German Government audits TrueCrypt

Discussion in 'privacy technology' started by Minimalist, Nov 20, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    https://threatpost.com/german-government-audits-truecrypt
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Its a great product and was the absolute leader during its "reign". The few blemishes discovered have been corrected in cousin "VeraCrypt", which is also very nice. For offline nothing beats these two.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  4. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Good to know. I mainly use Veracrypt nowadays though.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,151
    Location:
    UK
    I felt that the vulnerabilities were no worse than any other escalation of any other program. Once you've opened a TC container, it's available for any program, including malware that's present through ANY route of attack.

    Anyone heard what the audit position/plan of VeraCrypt is?
     
  6. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    It's a good idea to have Veracrypt audited. Meanwhile, I use Bitlocker for OS drive full disk encryption, and Veracrypt for file encryption.
     
  7. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    If Verycrypt would support FDE of the OS drive under UEFI secure boot, then sure I'll use Veracrypt over Bitlocker any day. However...
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I don't believe anyone with any money has ever started a project to examine VC at this time. Of course its casually discussed. Almost everyone hopes that ANY open source project gets a complete "examination". In the real world there just isn't enough money. The source code (Windows and Linux) is available and I can tell you the linux build is pretty easy and reliably built if you are so inclined.

    Regretfully I cannot expand/comment on the Windows version of VC because I no longer use Windows encryption for security. Because I literally don't want to take the time to compile VC Windows, I have stayed with my personally compiled TC for my FAMILY windows machines. These are basic privacy needs and not 3 letter agency stuff. For at rest data encryption its VeraCrypt, especially external usb drives 500+ GB ------ > 2 TB.

    Oliverjia -- I wouldn't hesitate to use Bitlocker for a business need or something OTHER than a 3 letter agency where UEFI is concerned.
     
  9. Lagaa

    Lagaa Registered Member

    Joined:
    Dec 30, 2014
    Posts:
    5
    VeraCrypt people come across as really sloppy poor programmers for some reason. I won't trust them. I am using TrueCrypt and waiting for Ciphershed clone.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I find the VC linux code to be solid. Its 95% tweaked TC linux code. It builds reliably and performs excellently without fail. Can you help me/them/us by citing where the code looks sloppy?

    Feel free to PM me if you don't want to put the code flaws here in public.

    I do not use Windows for any system disk encryption (where security is paramount) so I can no longer responsibly comment on the VC/TC windows code. I answer basic questions on occasion in the encryption forum but I purposefully limit the technical expertise displayed there. Especially when failure to use safety recovery tools (header backups, rescue disk, etc.) have been neglected - followed by screams for help.
     
Loading...