Jump to content
SirGod

TrueCrypt Website Says To Switch To BitLocker

Recommended Posts

Posted

Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.

Source: Slashdot: News for nerds, stuff that matters

Posted (edited)

Uitati-va putin peste ultimul commit din github.Au schimbat fiecare functie pentru crearea volumelor cu functia

AbortProcess ("INSECURE_APP");

Ceea ce mi se pare anormal este ca au modificat fiecare stringa

-// English (U.S.) resources
in
+// English (United States) resources

Intotdeauna a fost U.S , nu inteleg de ce acum e United States

Un programator modifica codul sursa deobicei , nu neaparat un comment care e putin semnificativ precum in acest caz.Si eliminarea unor functii cu acelasi coment trasmit destul de clar mesajul.Daca exista un bug comuniatea open source ar fi specificat clar acest lucru nu ar fi eliminat functiile pentru a nu folosi programul si in nici un caz ar fi sfatuit pe cineva sa foloseasca BitLocker.E absurd!!!

Edited by pyth0n3
Posted

cel mai plauzibil:

"The iSec initial audit report was very critical of the TC code quality, and implied that it looks like the work of a single coder. There was no update for 2 years. The build process requires a 20 year old MS compiler, manually extracted from an exe installer.

Imagine yourself as the lead/solo developer working on TC. No one pays you for this, governments hate you, much of the crypto community is throwing rocks at you while your user community spends half of its time joining in with clueless paranoia and the other half whining about feature gaps (e.g. GPT boot disks.) You have to eat, so you have a real paying job. You’re not so young any more (doing the TC crap for a decade) and maybe the real job now includes responsibilities that crowd out side work. Or maybe you’ve got a family you love more than the whiny paranoids you encounter via TC. And now iSec is telling you your code is sloppy and unreadable, and that you should take on a buttload of mind-numbing work to pretty it up so they will have an easier time figuring out where some scotch-fueled coding session in 2005 ( or maybe something you inherited from a past developer) resulted in a gaping exploitable hole that everyone will end up calling a NSA backdoor.

Maybe you just toss it in. Why not? Anyone with a maintained OS has an integrated alternative and as imperfect as they may be, they are better than TC for most users. Maintaining TC isn’t really doing much good for many people and the audit just pushed a giant steaming pile of the least interesting sort of maintenance into top priority. Seems like a fine time to drop it and be your kids’ soccer coach.":)

Posted

Eu cred ca FBI sa saturat sa gaseasca pc criptate, si au facut presiuni asupra autorului sa scoata din circulatie truecrypt.

Faptul ca a recomandat bitlocker ma face sa fiu convins ca sunt instituti gov in mijloc.

Posted
Oare varianta de pe fork-ul acesta este compromis?? Care versiune crede?i c? e sigur?, ignorând faptul c? "securitatea acestuia este compromis?"? :D

Varianta sigura este DiskCryptor, pune mana si foloseste-l pe asta si lasa TrueCrypt-ul. Nu iese fum fara foc asta e clar.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...