TrueCrypt shuts down due to alleged 'security issues'

By FiB3R
in Back Page News

 Share

Recommended Posts

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

I don't know about a fork. Not until a definitive reason comes out for what happened or an audit produces backdoors or flaws that are then fixed. That should be the first priority. 

that's pretty much what the website says as well. which i agree is a good way to handle it

Proficient

JJ_

Posted
Posted

[snip]That guy is a fool and a tool.[/snip]

Quite honestly you're making yourself out to look like one. Gibsons article is the most plausible explanation I've read from all the wild conspiracy theories out there and I won't be surprised if he is right. The audit will continue and it hasn't discovered any major flaws yet. Truecrypt will be forked and reborne once again. For now, keep calm and carry on using 7.1a

Grand Master

n_K

Posted
Posted

Well you'd need an electron microscope and you can't really just scribble them down.  

 

of course the key on the chip is useless without your key as well. so...

 

as for a backdoor, no. NSA would't want a backdoor on the very same equipment they use themselves.  kind of a backfire scenario. and as you so smartly pointed out, by reading what the chip does, other people (foreign elint for example) could find this backdoor. 

Actually they would, which is why all the DoD 'secure smartcard' solutions all also have backdoors, it wasn't designed as a backdoor to get the data from the card, it was designed for firmware upgrading (JTAG etc) but can be used to get the data off the cards or rewrite them, etc.

Grand Master

+John Teacake MVC

Posted
  • MVC
Posted

I would hate it if the reason they stopped was because they didn't receive enough donations to continue running!! Then they have every right to pull the plug. The last few years they were heavily "asking" for donations. Its just a shame its come to this.

Grand Master

simonlang

Posted
Posted

Lmfao. That guy is a fool and a tool. I wouldnt trust him for anything and his Spinrite is snake oil.

 

i think the old 7.1 is save but not 7.2. claiming 7.2 to be secure is as ridiculous as truecrypts claim by now to switch to bitlocker.

Collaborator

ITFiend

Posted
Posted

A long winded post about why using a TPM as a key-factor along with BitLocker is a good thing.  Not responding to anyone specifically since a lot of little things have been said through the thread.

 

Why use BitLocker over TrueCrypt:

  1. Microsoft only supports Windows booting from BitLocker encrypted volumes.
  2. Windows BitLocker supports TPM?s and smart cards.
  • Apple only supports Mac OS booting from FileVault encrypted volumes.
  • Apple FileVault does not support TPM?s (it can however support smart cards), and more unfortunately, Apple hardware does not contain a TPM or equivalent.
  • TrueCrypt does not support TPM (though supposedly it could support smart cards)

 

What good is a TPM:

  1. It can measure your device configuration. A TPM can be aware of what state your computer should be in to be considered "trustworthy". If a device becomes untrustworthy, the TPM will no longer release its key until it's rearmed.
  2. If the physical device supports intrusion detection, your firmware records that an intrusion occurred, when it occurred, and announces this. A TPM can consider a device "untrustworthy" after an intrusion.
  3. You can configure a TPM to consider a device "untrustworthy" when measurements change. Firmware settings have several levels of what can be measured for changes. Otherwise Secure Boot, and OS Boot Loader options are measured. If anything measured fails to match its last known secure configuration, then the TPM fails to release its key. (Enabling or disabling Hyper-V counts as a measurement change)
  4. A TPM can be configured to work with secondary key factors. Using a TPM + Network Unlock, TPM + PIN, TPM + USB, or TPM + USB + PIN is significantly more secure than using a TPM on its own.
  5. When a TPM is used with a secondary factor, it doesn?t matter as much if a third party steals that key. They still don?t have access to boot or data without all factors.

 

Is a TPM, as the only key-factor, "secure"?:

  1. Not really, though it may be considered "secure enough" by some. I personally only think of the TPM as a component that measures everything about a device and then stamps it as "approved" for use. Like a smart card (and in fact a TPM can be used as a smart card), it?s a great key-factor, but on its own it?s not foolproof. You are always best off using a second key-factor in conjunction with a TPM, preferably a factor that cannot be easily obtained along with the device. If the device is portable, or a home computer, TPM + PIN or TPM + USB is great. TPM + PIN + USB is awesome. If device is an enterprise device with Windows 8 or Server 2012 or above, TPM + BitLocker Network Unlock is awesome, especially used with Hyper-V. Now physical servers can have two key-factors required without requiring encryption be suspended before rebooting (or always leaving the USB key attached to the server), and while leaving the server automatically bootable from a cold/crashed state because we?re all not crazy enough (? most of the time) to require a PIN on a production server.
  2. If a third party could gain internal access to a computer without triggering an intrusion, then the TPM is probably not "secure enough" for most usage scenarios.
  3. If a TPM considers a device untrustworthy, it is extremely difficult to attack it and extract the keys. It requires time, energy, knowledge, and skill.
  4. If a TPM considers a device trustworthy, and a man in the middle can insert itself between the TPM and motherboard without altering this state, the device?s security is completely penetrated. The only thing that protects data at this point is if more than one key factor was required.

 

Other Comments:

BitLocker for bootable devices can be done via USB without a TPM, but there are costs.  Your boot key is never really ?secure?, and you cannot have multiple key-factors on a bootable partition unless a TPM is present, but if a third party steals a device without stealing the key they at least didn?t gain access to the data. You lack measured boot without a TPM. On older devices that do not support UEFI Secure Boot, this is a more serious attack vector, as your boot loader never exists on an encrypted partition and can be tampered with without the device user becoming aware of it.

 

Anyway, all said, Windows is most secure when used with a TPM + (Other Key Factor) with full Measured Boot options enabled, UEFI Firmware that is password protected, UEFI Secure Boot is enabled plus Trusted Boot measuring all code used in the OS boot process. If you use all of those, plus Windows SmartScreen and AppLocker, your Windows device is one seriously tough nut to crack open.

Grand Master

Skyfrog

Posted
Posted

i think the old 7.1 is save but not 7.2. claiming 7.2 to be secure is as ridiculous as truecrypts claim by now to switch to bitlocker.

 

7.2 is not capable of encryption anyway. It is a stripped version they only put up to decrypt your existing files.

Grand Master

Ian W

Posted
Posted

A long winded post about why using a TPM as a key-factor along with BitLocker is a good thing.  Not responding to anyone specifically since a lot of little things have been said through the thread.

[. . .]

ITFiend, your post is a beautiful summary of Bitlocker and TPM benefits and features. It also doesn't include any nonsense (read: uninformed speculation) about the hardware, which is rare . . .

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.