TrueCrypt shuts down due to alleged 'security issues'

[FiB3R]

TrueCrypt, leading encryption software touted and used by no less than Edward Snowden and Glenn Greenwald, now appears to be dead, according to its recently updated website, but no one seems to know why?or if the program's ominous warning is legitimate.

 

?WARNING,? the site reads in large red letters. ?Using TrueCrypt is not secure as it may contain unfixed security issues.?

 

A 10-year-old application, TrueCrypt has long been used for encrypting hard drives and USB sticks on Windows, Linux, and Macs.

 

The open source program was developed by the pseudonymous TrueCrypt team, who have made no public comment since the program?s site changed drastically, leaving many to wonder if the website was hacked or if the warning is legitimate.

 

However, the newest version of TrueCrypt 7.2 has the same ominous warning message now showing to users, suggesting that this isn?t simply a website-related issue.

 

More...

[Osiris]

Well only one way to be secure now

/microwaves hdds, put on tin foil hat

[DrJohnSmitherson]

Wth? This is weird! What other options are there?

[i_was_here]

I hope there is some cross-platform alternative to TrueCrypt. I would at least like something I can use on both Windows and Linux.

[FiB3R]

Wth? This is weird! What other options are there?

Well, according to TrueCrypts own page on SourceForge, another option is BitLocker. Which may be fair enough, but makes this seem all the more strange.

[DrJohnSmitherson]

Apparently it's been infected with malware or something

[Max Norris]

Wth? This is weird! What other options are there?

Built in BitLocker with any supported version of Windows, OSX has FileVault, there's a fair number of alternatives too, for an example list:

http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

[neufuse Veteran]

I think truecrypt shut down years ago, it was on 7.1 forever...

 

but bitlocker? not every computer has a TPM chip in it

Well, according to TrueCrypts own page on SourceForge, another option is BitLocker. Which may be fair enough, but makes this seem all the more strange.

yeah I found it odd also, Bitlocker is an odd suggestion from a 3rd party security point of view

[Max Norris]

but bitlocker? not every computer has a TPM chip in it

It's not a set-in-stone requirement, you can bypass the restriction via group policy.

[Aergan]

????

[neufuse Veteran]

It's not a set-in-stone requirement, you can bypass the restriction via group policy.

you shouldn't have to bypass anything

[Max Norris]

you shouldn't have to bypass anything

It's just a setting, one among hundreds... by default it's set to the more secure configuration. Would you prefer they didn't give you the option or have it less secure out of the box?

[neufuse Veteran]

also a little odd that version 7.2 which they just put out is smaller by a good bit than 7.1a

[BoondockSaint]

Since TrueCrypt had an official code review, I guess they decided fixing the issues was not feasible.

 

I'm still using 7.1a on Windows 8.1, and I am not having any issues, so for the time being will continue to do so. But at the same time, I will do some research into BitLocker as well.

[neufuse Veteran]

ok, something is seriously wrong with the 7.2 code, installed it in a protected VM environment and it's doing some odd things network wise... I don't think file that is begin served right now is legit... I've never had truecrypt try to make network connections in the past

[i_was_here]

I am hoping this is just a hoax now:

 

https://gist.github.com/ValdikSS/c13a82ca4a2d8b7e87ff

[Toysoldier]

ok, something is seriously wrong with the 7.2 code, installed it in a protected VM environment and it's doing some odd things network wise... I don't think file that is begin served right now is legit... I've never had truecrypt try to make network connections in the past

 

I wouldn't be surprised if the site was hacked and you have just installed an infected boot/root kit.

 

Lucky you used a VM.

[neufuse Veteran]

I wouldn't be surprised if the site was hacked and you have just installed an infected boot/root kit.

 

Lucky you used a VM.

that's why I did it in a VM...... we never trust security software until we audit it first

[123456789A]

Wth? This is weird! What other options are there?

 

ROT-13 or 1024-bit NSAKey

[timster]

ROT-13 or 1024-bit NSAKey

lol NSAKey :shiftyninja:

[Gerowen]

Still my favorite method of sanitizing hard drives.  This hard drive was beginning to fail, so I sanitized it before trashing it.

[neufuse Veteran]

Still my favorite method of sanitizing hard drives.  This hard drive was beginning to fail, so I sanitized it before trashing it.

 

eh, we use Acetylene Tourches and melt the things into a ball... makes work fun *LOL*

[xendrome]

Yeah this looks like a domain/sourceforge page hijack...

[torrentthief]

bitlocker has an NSA backdoor built-in. Documents leaked to cryptome.org about 2yrs ago showed that law enforcement can unencrypt it.

[Toysoldier]

bitlocker has an NSA backdoor built-in. Documents leaked to cryptome.org about 2yrs ago showed that law enforcement can unencrypt it.

 

Link?

 

Are you sure they can unencrypt it without your key? last I heard was they were cold-booting them and getting the key from memory.