Anyone tracking the TrueCrypt Situation?

[jgillmanjr]

http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/

Not quite sure what to make of it.

I have a few TrueCrypt volumes floating around, but don't use them a whole lot..

[TheQ]

I've heard of it. I'm dubious. The site was abruptly shut down saying it's not secure and not publishing any details of why it's not secure.

I'll continue to use it.

[linux203]

Open source cryptography has the benefit of public scrutiny.  If there were back-doors or cryptographically weak code, they would have been called out.  It would not be a cryptic announcement. 

I've been using dm-crypt since about 2007.  (now dm-crypt/LUKS)

[gryphon]

What happened to PGP?  No one use it any more?

[jgillmanjr]

Open source cryptography has the benefit of public scrutiny.  If there were back-doors or cryptographically weak code, they would have been called out.  It would not be a cryptic announcement. 

I've been using dm-crypt since about 2007.  (now dm-crypt/LUKS)

See, that's the thing that confuses me, and makes me inclined to believe it *may* be a warrant canary.

But even if they did get served, I'm not sure of:

1. What the NSA would be able to do. As you mentioned, it's an open source cyrpto package - if the NSA was mucking with stuff, people would notice (I think).

2. If the NSA was looking for who all downloaded it, really can't do much about it at this point anyways.

[jgillmanjr]

What happened to PGP?  No one use it any more?

I use GPG for email.

[linux203]

2. If the NSA was looking for who all downloaded it, really can't do much about it at this point anyways.

There would only be export restrictions, not domestic use restrictions.