Truecrypt No Longer Supported

Discussion in 'privacy technology' started by anon_private, Jul 4, 2014.

Thread Status:
Not open for further replies.
  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Hi,

    I have some volumes (including hidden volumes) encrypted in TC .

    I would now like to migrate to a new programme that is being supported and updated regarding security patches.

    I have read a page that advises users to migrate to Bitlocker, but this is only available to Vista Ultimate users. I uses Vista Home Premium, 32 bit.

    Can someone recommend a good free encryption programme that will open, etc. my TC volumes.

    If they can't be opened, etc advice please.

    Thanks

    A

    Ps. On finding a good alternative, I will then uninstall TC

    What do you think of Axcrypt? Evidently, it uses something called an OpenCandy installer which I believe installs programmes I probably don't want. But I think I can deny these - I will.
     
    Last edited: Jul 4, 2014
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I would stick with Truecrypt.
     
  3. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    But its no longer supported. There are no further security updates.

    So far, I have found Axcrypt; veracrypt; Diskcryptor

    Still looking
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Unless you have some sort of proof that TC is compromised, I don't see why you should abandon it. If it works now and it is relatively bug-free why shouldn't it work in the future too?
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
  7. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Thank you for responding.

    What concerns me regarding TC is that it is at the end of its life, and there will be no further security patches. Hence, it might be a security risk
     
  8. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    You can try running the installer from a command prompt using the /NOCANDY switch. I haven't run any OpenCandy bundled apps in awhile, but it seemed to work on the few I've run in the past.

    Veracrypt seems like a good replacement. I tried the Linux version on some encrypted containers and it worked as expected. They've joined forces with the TCNext project. IMHO DiskCryptor is a better alternative to TC. It's what I was using to encrypt my internal disks before I left Windows. If you have an SSD drive, you will find that it is faster. Have you thought about switching to Linux? dmcrypt/LUKS is working well for me.
     
  9. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    There appear to be signs that TC may be resurrected
     
  10. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Thats what i thought i read some where.

    Might as well stick with it for now unless any flaws are exposed or a year goes by and no activity on an update.
     
  11. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    I am coming to the same conclusion.

    People do not seem to be concerned about possible future exploits.

    I am a little surprised that TC seems so much better than other encryption programmes - judging by the discussion.

    If you would like to know where TC is going have a look at: https://truecrypt.ch/

    Best wishes
     
  12. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
  13. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,281
  14. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Yes, CipherShed is taking over Truecrypt.

    I haven't managed to establish how this is going to work. For example, are TC users expected to download CipherShed, and will this programme automatically update (security patches). Or will CipherShed somehow update (security) TC that users currently have installed?

    Best wishes.

    Ps. Syobon. You are staying with TC, like most users. Have you not been tempted to change?
     
  15. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    No, current Truecrypt 7.1a code went through extensive auditing and no critical vulnerabilities were found, plus volumes created are compatible on any platform, System encryption works even on Windows 8.1, and will work on Windows 7 forever.
     
  16. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,281
    As I see it, CipherShed will be a different program, just based in TC. As development advances, it will differ more from TC. Even the storage format may be incompatible with TC´s.
     
  17. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Thank you
     
  18. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    There seems to me to two possibilities.

    !. There are no vulnerabilities in TC and hence it is safe to use.

    2. There are no vulnerabilities that have been detected at present, but with advancing hacking capabilities and new technologies TC may, or will, become vulnerable eventually. Hence, sooner or later TC users will have to change because there are no future security patches.
     
  19. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    TC uses AES, there were no vulnerabilities in the implementation of it, intentional or not, but if AES has vulnerabilities we'll have more to worry than just Truecrypt.
     
  20. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    Since the original TC dev team has outright stated that TC has security issues, I must assume that they at least want everyone to think about what these could be. Yes, very aggravating that they refused to list even a single one of these issues so my imagination has to be let loose to consider all possibilities. Putting on my tin foil hat, my assumption is that even the TC dev team members are not above suspicion so I must include intentional backdoors in the source code.
    Here is my list:

    AES, Twofish, Serpent implementations contains subtle flaws that result in reduced cryptographic strength.
    Not very likely as test vectors can be constructed independently from TrueCrypt that can verify with high degree of confidence this is not the case.

    Random number generator does not generate high entropy data during volume creation.
    Audit should be able to verify this and, in any case, new TrueCrypt forks should rewrite this code just to make sure.

    Source code contains subtle convolutions that result in master keys being copied into non-secure locations.
    This one seems to be the most serious. If this sort of thing existed intentionally, it would be designed to scatter and/or scramble the key so that a simple disk search or memory scan would not find it.

    Source code is "clean" but compilers have bugs. Binary code contains one or more of the above security issues.
    Also very serious. If source code was designed to take advantage of subtle bugs in a compiler, how would this be discovered? Audit must ultimately perform analysis of compiled binaries to at least look for such things.

    Compilers have been compromised to add backdoors when TrueCrypt is compiled.
    This is a wildcard. The TC devs used a bunch of outdated compilers. Was this to try and avoid such a possibility? Any future TC forks should consider that the compiler adds backdoors when compiling encryption codeo_O

    Windows operating systems contain code that captures and saves master keys to non-secure locations.
    Totally out of scope of the TrueCrypt audit but still a real concern. The NSA surely has some degree of influence of Window’s update packages. Windows Malicious Software Removal Tool, for example, could also contain instructions to quietly find, store, and even transmit master keys.
     
  21. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    @brians08, well said, NSA capturing the keys at OS level is the most horrifying imo, I would not doubt it one bit we have such thing on Windows 8 already, that OS is full of backdoor and even China banned it on gov computers.
     
Loading...
Thread Status:
Not open for further replies.