Author Topic: Anyone tracking the TrueCrypt Situation?  (Read 8343 times)

0 Members and 2 Guests are viewing this topic.

Offline jgillmanjr

  • MOC Member
  • *
  • Posts: 654
    • Freedom Forged Security Consulting
  • First Name (Displayed): Jason
Anyone tracking the TrueCrypt Situation?
« on: June 02, 2014, 07:26:06 AM »
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/

Not quite sure what to make of it.

I have a few TrueCrypt volumes floating around, but don't use them a whole lot..
IT Director
Deputy Treasurer
Legislative Aide

Offline TheQ

  • Website Content Manager
  • MOC Lifetime Member
  • *
  • Posts: 4263
    • Michigan Open Carry, Inc.
  • First Name (Displayed): Phillip
Anyone tracking the TrueCrypt Situation?
« Reply #1 on: June 02, 2014, 09:36:51 AM »
I've heard of it. I'm dubious. The site was abruptly shut down saying it's not secure and not publishing any details of why it's not secure.

I'll continue to use it.
I Am Not A Lawyer (nor a gunsmith).

Offline linux203

  • MOC Member
  • *
  • Posts: 706
  • First Name (Displayed): Daniel
Re: Anyone tracking the TrueCrypt Situation?
« Reply #2 on: June 03, 2014, 12:09:30 AM »
Open source cryptography has the benefit of public scrutiny.  If there were back-doors or cryptographically weak code, they would have been called out.  It would not be a cryptic announcement. 

I've been using dm-crypt since about 2007.  (now dm-crypt/LUKS)
When a strong man, fully armed, guards his own palace, his goods are in peace. Luke 11:21

Then He said to them, “But now, he who has a money bag, let him take it, and likewise a knapsack; and he who has no sword, let him sell his garment and buy one."  Luke 22:36

Offline gryphon

  • Administrator
  • *****
  • Posts: 4038
  • First Name (Displayed): Dan
Re: Anyone tracking the TrueCrypt Situation?
« Reply #3 on: June 03, 2014, 12:11:10 AM »
What happened to PGP?  No one use it any more?

Offline jgillmanjr

  • MOC Member
  • *
  • Posts: 654
    • Freedom Forged Security Consulting
  • First Name (Displayed): Jason
Re: Anyone tracking the TrueCrypt Situation?
« Reply #4 on: June 03, 2014, 06:30:30 AM »
Open source cryptography has the benefit of public scrutiny.  If there were back-doors or cryptographically weak code, they would have been called out.  It would not be a cryptic announcement. 

I've been using dm-crypt since about 2007.  (now dm-crypt/LUKS)

See, that's the thing that confuses me, and makes me inclined to believe it *may* be a warrant canary.

But even if they did get served, I'm not sure of:

1. What the NSA would be able to do. As you mentioned, it's an open source cyrpto package - if the NSA was mucking with stuff, people would notice (I think).

2. If the NSA was looking for who all downloaded it, really can't do much about it at this point anyways.
IT Director
Deputy Treasurer
Legislative Aide

Offline jgillmanjr

  • MOC Member
  • *
  • Posts: 654
    • Freedom Forged Security Consulting
  • First Name (Displayed): Jason
Re: Anyone tracking the TrueCrypt Situation?
« Reply #5 on: June 03, 2014, 06:43:51 AM »
What happened to PGP?  No one use it any more?

I use GPG for email.
IT Director
Deputy Treasurer
Legislative Aide

Offline linux203

  • MOC Member
  • *
  • Posts: 706
  • First Name (Displayed): Daniel
Re: Anyone tracking the TrueCrypt Situation?
« Reply #6 on: June 03, 2014, 07:35:40 AM »
2. If the NSA was looking for who all downloaded it, really can't do much about it at this point anyways.

There would only be export restrictions, not domestic use restrictions.
When a strong man, fully armed, guards his own palace, his goods are in peace. Luke 11:21

Then He said to them, “But now, he who has a money bag, let him take it, and likewise a knapsack; and he who has no sword, let him sell his garment and buy one."  Luke 22:36