neufuse Veteran Posted May 29, 2014 Veteran Share Posted May 29, 2014 Link? Are you sure they can unencrypt it without your key? last I heard was they were cold-booting them and getting the key from memory. I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424181 Share on other sites More sharing options...
Shiranui Posted May 29, 2014 Share Posted May 29, 2014 I thought development had stopped ages ago? Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424197 Share on other sites More sharing options...
+Warwagon MVC Posted May 29, 2014 MVC Share Posted May 29, 2014 That website screams "I'm hacked" Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424205 Share on other sites More sharing options...
primexx Posted May 29, 2014 Share Posted May 29, 2014 speculation is wild on Reddit right now: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/ nobody knows what's happening. also a little odd that version 7.2 which they just put out is smaller by a good bit than 7.1a It's read only. Since TrueCrypt had an official code review, I guess they decided fixing the issues was not feasible. I'm still using 7.1a on Windows 8.1, and I am not having any issues, so for the time being will continue to do so. But at the same time, I will do some research into BitLocker as well. The code review only got through preliminary stages that found no significant issues. Stage two hasn't even completed yet. ROT-13 or 1024-bit NSAKey psh... ROT-26 is where it's at. I thought development had stopped ages ago? They used to be really slow at new releases too. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424317 Share on other sites More sharing options...
gohpep Posted May 29, 2014 Share Posted May 29, 2014 Alternative: http://www.arg0.net/encfs Or for Linux users, dm-crypt with LUKS. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424333 Share on other sites More sharing options...
Matthew_Thepc Posted May 29, 2014 Share Posted May 29, 2014 I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that Really? All I've seen around it are the old NSAKey rumors/reports (before Bitlocker), some reports that if you can copy the RAM contents fast enough you can get the secret key out (which is a vulnerability that all encryption programs have, AFAIK), and a lot of reports saying that Microsoft consistently turned down law enforcement requests for backdoors in Bitlocker. It's actually kind of weird that I haven't heard any legitimate rumors (rumors coming from someone who claims to be affiliated with the company/NSA) about a Bitlocker backdoor O.o Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596424405 Share on other sites More sharing options...
puma1 Posted May 29, 2014 Share Posted May 29, 2014 So aside from using this for whole disk encryption, what about when just creating containers, still considered unsecure? You cannot create container files with bitlocker. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425063 Share on other sites More sharing options...
REM2000 Posted May 29, 2014 Share Posted May 29, 2014 So aside from using this for whole disk encryption, what about when just creating containers, still considered unsecure? You cannot create container files with bitlocker. I think one way i read to get around that was to create a VHD file, mount it and then bitlocker it, that was you would have the file container and it would be encrypted. I haven't tried it so can't say if it works. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425071 Share on other sites More sharing options...
puma1 Posted May 29, 2014 Share Posted May 29, 2014 I am still waiting to hear what all this craziness is about before deciding anything. But I am definitely looking for alternatives. Anyone have any suggestions? Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425073 Share on other sites More sharing options...
xendrome Posted May 29, 2014 Share Posted May 29, 2014 Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425079 Share on other sites More sharing options...
adrynalyne Posted May 29, 2014 Share Posted May 29, 2014 Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect. So people should just give up their attempts to protect their info, because it is pointless to try? Thats what you make it sound like. I use TC as a password manager. Ian W 1 Share Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425085 Share on other sites More sharing options...
Max Norris Posted May 29, 2014 Share Posted May 29, 2014 Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing?Porn obviously. Can't have the wife finding it. That aside, only systems I actually bother with it on is mobile devices that actually hold stuff that may be important. Not worried about it on the desktops, if "they" actually got physical access to it I've probably got bigger problems. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425087 Share on other sites More sharing options...
puma1 Posted May 29, 2014 Share Posted May 29, 2014 Just because a lock can be picked, do you not lock the door to your house before you leave? And no I don't agree that if someone wants something they can and will. Not everyone is a hacker or even close, this isn't the movies. pallipdrsn0 1 Share Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425089 Share on other sites More sharing options...
AStaUK Posted May 29, 2014 Share Posted May 29, 2014 Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect. Why make it easy for the little bleeder that has just stolen my laptop to get at any of my data? DConnell 1 Share Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425099 Share on other sites More sharing options...
vcfan Posted May 29, 2014 Share Posted May 29, 2014 anything with TPM is not secure if physical access is acquired, and potentially remotely too. the key can be easily extracted(by those who know how to do it,like biggun). Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425107 Share on other sites More sharing options...
Andre S. Veteran Posted May 29, 2014 Veteran Share Posted May 29, 2014 Just curious, in the grand scheme of things, what are you guys all hiding in your encrypted folders/disks that you are so worried about someone seeing? Short of personal info, medical info, financial/bill info. (Which can all be had through the internet or the vendor being hacked directly). If someone wants to get something, they can and will, even if it takes social engineering to do it. Which no level of encryption will protect. Security is not about making it impossible for attackers, it's about making it as hard as possible. Hard enough that it's unlikely an attacker will find it worthwhile to pursue the attack. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425109 Share on other sites More sharing options...
Ficman Posted May 29, 2014 Share Posted May 29, 2014 What an odd developing story... Watching this one closely Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425113 Share on other sites More sharing options...
puma1 Posted May 29, 2014 Share Posted May 29, 2014 anything with TPM is not secure if physical access is acquired, and potentially remotely too. the key can be easily extracted(by those who know how to do it,like biggun). Isn't the method for doing this something very few people can actually do successfully? I don't think your average anyone can accomplish this with 100% success rate. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425137 Share on other sites More sharing options...
+John Teacake MVC Posted May 29, 2014 MVC Share Posted May 29, 2014 I remember reading something a few years ago also about bitlocker being unsafe due to secret keys or something like that This guy hints at it I think. There's definitely a presentation about it where he says that Microsoft have a Top Secret way to work with Law Enforcement. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425141 Share on other sites More sharing options...
puma1 Posted May 29, 2014 Share Posted May 29, 2014 This guy hints at it I think. There's definitely a presentation about it where he says that Microsoft have a Top Secret way to work with Law Enforcement. I understand but I don't think the majority of people are worried about keeping anything from top level law enforcement.. more like hackers and criminals. If you have top law enforcement on you.. encryption is not going to save you. I am talking about some reasonable security on your personal files. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425143 Share on other sites More sharing options...
+John Teacake MVC Posted May 29, 2014 MVC Share Posted May 29, 2014 I understand but I don't think the majority of people are worried about keeping anything from top level law enforcement.. more like hackers and criminals. If you have top law enforcement on you.. encryption is not going to save you. I am talking about some reasonable security on your personal files. Shame I used TrueCrypt to encrypt a file and burn it to a CD and gave it to a mate to look after, I told him to look after it incase I ever needed it again :shiftyninja: Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425169 Share on other sites More sharing options...
vcfan Posted May 29, 2014 Share Posted May 29, 2014 Isn't the method for doing this something very few people can actually do successfully? I don't think your average anyone can accomplish this with 100% success rate. heres the thing though. all it takes is one person to extract the code, then holes could be found in software. it doesn't always have to be a physical break to extract the key. as for breaking the chip physically,if you possess the knowledge,and have only $5000 worth of tools,you can do it. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425251 Share on other sites More sharing options...
#Michael Posted May 29, 2014 Share Posted May 29, 2014 I was just looking on the truecrypt page and I noticed something. If this was done by the real developers or a hacker they did a great job on the screen grabs that are posted. They were very careful not to reveal any un-needed info and not include any info in the picture. I do find it interesting though that the pics are png files instead of jpg. Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425285 Share on other sites More sharing options...
Fezmid Reviews Posted May 29, 2014 Reviews Share Posted May 29, 2014 Security is not about making it impossible for attackers, it's about making it as hard as possible. Hard enough that it's unlikely an attacker will find it worthwhile to pursue the attack. This. You don't need to have the best security. You only need to be more secure than your neighbor. DConnell 1 Share Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425293 Share on other sites More sharing options...
neufuse Veteran Posted May 29, 2014 Veteran Share Posted May 29, 2014 I was just looking on the truecrypt page and I noticed something. If this was done by the real developers or a hacker they did a great job on the screen grabs that are posted. They were very careful not to reveal any un-needed info and not include any info in the picture. I do find it interesting though that the pics are png files instead of jpg. why's that interesting? We do most high quality images now in PNG format Link to comment https://www.neowin.net/forum/topic/1215495-truecrypt-shuts-down-due-to-alleged-security-issues/page/2/#findComment-596425295 Share on other sites More sharing options...
Recommended Posts