SirGod Posted May 28, 2014 Report Posted May 28, 2014 Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.Source: Slashdot: News for nerds, stuff that matters Quote
TheTime Posted May 28, 2014 Report Posted May 28, 2014 Ahahahaha, asta e cea mai tare chestie pe care am vazut-o in ultima vreme! Nu stiu daca e "deface" sau nu, dar face toti banii. Quote
pyth0n3 Posted May 30, 2014 Report Posted May 30, 2014 (edited) Uitati-va putin peste ultimul commit din github.Au schimbat fiecare functie pentru crearea volumelor cu functia AbortProcess ("INSECURE_APP");Ceea ce mi se pare anormal este ca au modificat fiecare stringa -// English (U.S.) resources in +// English (United States) resourcesIntotdeauna a fost U.S , nu inteleg de ce acum e United StatesUn programator modifica codul sursa deobicei , nu neaparat un comment care e putin semnificativ precum in acest caz.Si eliminarea unor functii cu acelasi coment trasmit destul de clar mesajul.Daca exista un bug comuniatea open source ar fi specificat clar acest lucru nu ar fi eliminat functiile pentru a nu folosi programul si in nici un caz ar fi sfatuit pe cineva sa foloseasca BitLocker.E absurd!!! Edited May 30, 2014 by pyth0n3 Quote
shaggi Posted May 30, 2014 Report Posted May 30, 2014 Deci e vorba de compromiterea developerilor de catre g.o.v sau de catre un grup de hackeri? Quote
pyth0n3 Posted May 30, 2014 Report Posted May 30, 2014 Nu cred ca a fost compromis situl Exista un fork aici 1 Quote
Nytro Posted May 30, 2014 Report Posted May 30, 2014 Nu mi se pare nimic critic: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf Quote
dicksi Posted May 30, 2014 Report Posted May 30, 2014 cel mai plauzibil:"The iSec initial audit report was very critical of the TC code quality, and implied that it looks like the work of a single coder. There was no update for 2 years. The build process requires a 20 year old MS compiler, manually extracted from an exe installer. Imagine yourself as the lead/solo developer working on TC. No one pays you for this, governments hate you, much of the crypto community is throwing rocks at you while your user community spends half of its time joining in with clueless paranoia and the other half whining about feature gaps (e.g. GPT boot disks.) You have to eat, so you have a real paying job. You’re not so young any more (doing the TC crap for a decade) and maybe the real job now includes responsibilities that crowd out side work. Or maybe you’ve got a family you love more than the whiny paranoids you encounter via TC. And now iSec is telling you your code is sloppy and unreadable, and that you should take on a buttload of mind-numbing work to pretty it up so they will have an easier time figuring out where some scotch-fueled coding session in 2005 ( or maybe something you inherited from a past developer) resulted in a gaping exploitable hole that everyone will end up calling a NSA backdoor. Maybe you just toss it in. Why not? Anyone with a maintained OS has an integrated alternative and as imperfect as they may be, they are better than TC for most users. Maintaining TC isn’t really doing much good for many people and the audit just pushed a giant steaming pile of the least interesting sort of maintenance into top priority. Seems like a fine time to drop it and be your kids’ soccer coach.":) Quote
Gushterul Posted May 30, 2014 Report Posted May 30, 2014 Totusi daca gasiti more news, prea abrupta iesirea asta...Probabil cineva/undeva a gasit vre-o ecuatie pentru unul din algoritmi, cum se intampla deobicei. Quote
ghostery Posted May 30, 2014 Report Posted May 30, 2014 Eu cred ca FBI sa saturat sa gaseasca pc criptate, si au facut presiuni asupra autorului sa scoata din circulatie truecrypt.Faptul ca a recomandat bitlocker ma face sa fiu convins ca sunt instituti gov in mijloc. Quote
alexandruth Posted July 8, 2014 Report Posted July 8, 2014 Oare varianta de pe fork-ul acesta este compromis?? Care versiune crede?i c? e sigur?, ignorând faptul c? "securitatea acestuia este compromis?"? Quote
cioroi Posted July 8, 2014 Report Posted July 8, 2014 Oare varianta de pe fork-ul acesta este compromis?? Care versiune crede?i c? e sigur?, ignorând faptul c? "securitatea acestuia este compromis?"? ia de pe filehippo si lasa paranoia Quote
george2013 Posted July 8, 2014 Report Posted July 8, 2014 Oare varianta de pe fork-ul acesta este compromis?? Care versiune crede?i c? e sigur?, ignorând faptul c? "securitatea acestuia este compromis?"? Varianta sigura este DiskCryptor, pune mana si foloseste-l pe asta si lasa TrueCrypt-ul. Nu iese fum fara foc asta e clar. Quote
