Reply to topic  [ 9 posts ] 
 Truecrypt no longer safe? Or have they been hacked? 

Wat do
Stick with Truecrypt 7.1 for now 25%  25%  [ 1 ]
Get Microsoft Bitlocker 0%  0%  [ 0 ]
OHSHI- OH GOD, OH FUCK, WIPE EVERYTHING 25%  25%  [ 1 ]
Linux Master Race reporting in. 50%  50%  [ 2 ]
Total votes : 4

 Truecrypt no longer safe? Or have they been hacked? 
Author Message
Level 38
Level 38
User avatar

Cash on hand:
435.45

Bank:
2,750,364.30
Posts: 10364
Joined: Sun Oct 26, 2008 5:47 am
Group: Dev Team
Post Truecrypt no longer safe? Or have they been hacked?
If you now go to truecrypt's website you find a message telling you truecrypt is no longer safe.
If you download their latest version 7.2 you get the same message, along with a bunch of anti-viruses reacting to the executable.
http://arstechnica.com/security/2014/05 ... tly-warns/

However, there is still something fishy going on here. The new encryption program suggested is actually bitlocker for windows, a medium encryption software that most probably provides its master keys to the goverment and can really not be trusted. This is quite unusual coming from the truecrypt developers.
However, there is one possibility left that could explain this all without truecrypt being unsafe.
This is an attempt by the NSA to get everyone to drop their reliable encryptions for something that they can open up easily.
What if this was some TrueCrypt dev's last attempt to warn that the project was no longer under their control. This would explain the correct keys, certificate etc, also the shoddy nature of the explanation. When this is all sorted out, I don't know if TrueCrypt will still be TrueCrypt...


What are your thoughts?
Truecrypt 7.1 hasn't been updated for 2 years and might have exploits.
But Bitlocker is a fucking joke. There is no way I'm using that shit.

Should we wait and see, or should we act? No matter what we do, there seems to be a great risk.
Is it time to wipe all disks and burn them?

Update
this may very well be a hacking incident after all. The new version has been signed WITH A DIFFERENT SIGNED KEY, and not the old official one.
Image
I'll get back to you for more info once we get to the bottom of this shit :black

_________________
My Pixiv
Image
Spoiler: show
OLD VERSION, BITCHES!
Image


Wed May 28, 2014 4:46 pm
Profile E-mail
Level 39
Level 39
User avatar

Cash on hand:
2,187.55

Bank:
5,250.50
Posts: 21063
Joined: Sat Feb 14, 2009 11:44 pm
Group: Sysop
Post Re: Truecrypt no longer safe? Or have they been hacked?
Analysis of the code of the truecrypt reveals that it's peppered with shit.

The signature of the TrueCrypt .exe was made on Tue May 27 12:58:45 2014 EDT using DSA key ID F0D6B1E0.

Sauce: https://twitter.com/runasand/status/471741572909133824

http://lifehacker.com/truecrypts-web-si ... 1582879439

_________________
Image
Yeap.

_________________
Click the icon to see the image in fullscreen mode  
1 pcs.
Click the icon to see the image in fullscreen mode  
4 pcs.


Wed May 28, 2014 5:53 pm
Profile E-mail WWW
Level 39
Level 39
User avatar

Cash on hand:
2,187.55

Bank:
5,250.50
Posts: 21063
Joined: Sat Feb 14, 2009 11:44 pm
Group: Sysop
Post Re: Truecrypt no longer safe? Or have they been hacked?
http://www.theregister.co.uk/2014/05/28/truecrypt_hack/

Image

I smell evil.

_________________
Image
Yeap.

_________________
Click the icon to see the image in fullscreen mode  
1 pcs.
Click the icon to see the image in fullscreen mode  
4 pcs.


Wed May 28, 2014 5:55 pm
Profile E-mail WWW
Level 39
Level 39
User avatar

Cash on hand:
2,187.55

Bank:
5,250.50
Posts: 21063
Joined: Sat Feb 14, 2009 11:44 pm
Group: Sysop
Post Re: Truecrypt no longer safe? Or have they been hacked?
My money is on the site being compromised. If this were a legit, why would they be doing a 302 redirect to a SourceForge page instead of keeping the notice it under their own domain?

_________________
Image
Yeap.

_________________
Click the icon to see the image in fullscreen mode  
1 pcs.
Click the icon to see the image in fullscreen mode  
4 pcs.


Wed May 28, 2014 6:20 pm
Profile E-mail WWW
Level 20
Level 20
User avatar

Cash on hand:
1,859.50
Posts: 2051
Joined: Thu Aug 29, 2013 8:51 pm
Location: [nobody fills this out right, right?]
Group: Special Access
Post Re: Truecrypt no longer safe? Or have they been hacked?
No worries. So long as you have chosen secure methods of encryption (AES at a minimum) and a secure passphrase (mine are literally powerful enough to break the Forkheads AJAX chat) you are fully secure in your data.

However, for paranoia purposes switch to a TrueCrypt compatible client/server/program/daemon/what-have-you for your platform (I know of several for Linux; good luck, Windows users) and wait for official word.

Remember that hacking AES/Blowfish/Swordfish/what-the-fuck-ever is a tremendous amount more difficult than compromising a website (or DNS server; who knows, who cares). In order for TrueCrypt to be compatible with anything else it must follow the encryption standards; those forms of encryption are not in question and so the data is secure.

Also: Linux Master Race reporting in.

Image
I like to sing-a~ About the moon-a and the June-a and the spring-a~

_________________
In just under one-thousand eight-bit bytes I have to confer some glorious shrine to myself by means of text, images, hyper links, embeded flash compositions and possibly formatting. I could abuse this easily. Ten hour clips on youtube embeded in a single vertical stack. Multi-megapixel long transparent GIFs causing scrollbar hell. Nuero-linguistic programs that fuck your mind like a fresh squid. Eye raping color schemes using ascii full-width blocks. Images or links to images of things that can not be unseen. Anything called "epilepsy" dot SWF. This is what I want to do. I am not a good person. I just know that would be a flagrant display of disrespect. I'll wait until I can get away with it.
NOW IN GLORIOUS TODD A.O.!
fluffco™ LLC takes no responsibility for anything, ever, at all, under any circumstances and is entirely fictional outside Colorado.


Wed May 28, 2014 8:56 pm
Profile E-mail
Level 38
Level 38
User avatar

Cash on hand:
435.45

Bank:
2,750,364.30
Posts: 10364
Joined: Sun Oct 26, 2008 5:47 am
Group: Dev Team
Post Re: Truecrypt no longer safe? Or have they been hacked?
It is still safe.
https://www.grc.com/misc/truecrypt/truecrypt.htm

_________________
My Pixiv
Image
Spoiler: show
OLD VERSION, BITCHES!
Image


Tue Jun 24, 2014 10:27 am
Profile E-mail
Level 1
Level 1
User avatar

Cash on hand:
3,816.70
Posts: 107
Joined: Mon Nov 04, 2013 5:47 pm
Group: Special Access
Post Re: Truecrypt no longer safe? Or have they been hacked?
Necroing a little to say that this is most probably "warrant canary" territory.

_________________
I'M BACK BITCHES!


Tue Jul 29, 2014 2:30 pm
Profile E-mail
Level 39
Level 39
User avatar

Cash on hand:
2,187.55

Bank:
5,250.50
Posts: 21063
Joined: Sat Feb 14, 2009 11:44 pm
Group: Sysop
Post Re: Truecrypt no longer safe? Or have they been hacked?
RiotIori wrote:
Necroing a little to say that this is most probably "warrant canary" territory.


A warrant canary? What's that?

_________________
Image
Yeap.

_________________
Click the icon to see the image in fullscreen mode  
1 pcs.
Click the icon to see the image in fullscreen mode  
4 pcs.


Tue Jul 29, 2014 2:55 pm
Profile E-mail WWW
Level 1
Level 1
User avatar

Cash on hand:
3,816.70
Posts: 107
Joined: Mon Nov 04, 2013 5:47 pm
Group: Special Access
Post Re: Truecrypt no longer safe? Or have they been hacked?
This is not the best example, but, there's those NSA gag orders where the service provider must comply with something they want (data/access to data) and they can't tell the user that is being spied. But by saying normally that they haven't, the users will know when they have. TrueCrypt's case is not such, but people found the message to be awkwardly written and would mean that they've received such a gag order.

Those links explain it better:

http://www.theguardian.com/technology/2 ... nsa-spying
https://www.livebusinesschat.com/smf/in ... pic=5629.0
http://en.wikipedia.org/wiki/Warrant_canary

_________________
I'M BACK BITCHES!


Wed Jul 30, 2014 12:15 pm
Profile E-mail
Display posts from previous:  Sort by  
Reply to topic   [ 9 posts ] 
 

Similar topics

 
I can no longer resist the pizza.
Forum: ./General Spam
Author: 「H A N Z O」
Replies: 3
so many promising users that are no longer here
Forum: ./General Spam
Author: tuypo1
Replies: 7
In several hours I will no longer have wisdom teeth
Forum: ./General Spam
Author: n0th1n
Replies: 32
EMERGENCY! LIME'S ACCOUNT HAS BEEN HACKED!!!
Forum: ./General Spam
Author: digit-all
Replies: 14
Top


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Mods Database :: Imprint :: Crawler Feeds :: Reset blocks
Designed by STSoftware for PTF.

Portal XL 5.0 ~ Premod 0.3 phpBB SEO