New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Wow.. have been used TC for more than 7years... and now there some problem?
Should we just keep using it or move to another apps?
That depends, are you concealing secret government documents or like bank details and shit? In theory no encryption method is safe and they could all be brute forced if you had the time, the energy and the (computational) power.
You should never assume your data is safe from the government (again - in theory. The brute force could be successful on try 1, 1 billion or infinity + 1) but even though there's the same chance your data could be brute forced the second, millionth etc whatever time TrueCrypt is probably okay for now to protect from your average cyber criminal or person prying in your stuff.
@raindog308 lol of course more typical tactics would be used first. The thing is though, the NSA etc don't care about the average persons encrypted data. It's too much hassle.
I just saw this in my news feed. http://truecrypt.ch/
I don't think I could 100% trust it after this shake-up.
OK, it is better than expected, I have hope
If any government is behind this, they will try to bring some legal case to stop the fork. If some company is, will do the same. If the developer(s) did, nothing will happen, they will want to remain anonymous.
TRANSLATION: The NSA ordered us to put in a back door and we're not gonna play that @#$%ing game!
C'est le things.
Gotta love the conspiracy theories
Looks like someone contacted the developers:
Anyway, someone identified the developers two weeks ago. Instead of letting them know, he did publish an article even knowing they wanted to be anonymous. It could be related:
http://translate.google.com/translate?depth=2&hl=ru&ie=UTF8&nv=1&prev=_t&rurl=translate.google.com&sl=ru&tl=en&u=http://news.softodrom.ru/ap/b19702.shtml
And this is why we can't have nice things.
my read on it - at least until the poster provides more info - is that there is no need for truecrypt anymore. all modern os have similar features available to them. if you are still running win xp well you cant really be serious about your security so still no need for the product. just an observation. nothing more.
Yes, but recommend a closed source one??? Who can trust a closed source security system in this day and age when you dont even have to call microsoft, not to mention a judge, you already have the universal key as part of the "good guys" that "keep america safe"? And, who knows who else has it, because, you know, these microsoft keys have a tendency to leak out?
Yep, that's the issue. And Bitlocker does not have all of TC's features: hidden volumes, cross-OS, choice of algorithms, etc.
TrueCrypt didn't got big updates during the last years anyway. It is stable and secure software for now, even with one ongoing audit. No need to rush a migration to a much worse system.
It will be possible to use it for a few years from now at the very least. If I were to migrate my personal computing to Windows, I would use TrueCrypt 7.1a with Windows 8. It works great and there is no need to use anything else for now. No way I'm going to use BitLocker for any serious business, ever.
You can use a TrueCrypt container as your boot drive in Linux too. It's just harder.
Let's face it, even if yo are not migrating to windows, TC was a really great option, okay, you can use encrypted LVM like everyone else, but they wont work on windows, even if you load ext driver (i think), with TC I can mount them even from some exported FSs, like over iSCSI or NFS, even CIFS for the brave or in local net.
If BitLocker can't be trusted because it's closed source from Microsoft, why do people think that their information is safe when using TrueCrypt on Windows? Windows is closed source too. Maybe I'm missing something, but I don't see how TrueCrypt is going to protect your information from an untrusted operating system.
It's not really that.
-First, it is intended to protect your information when the computer is not online/on. If you mount a container while the OS is compromised, that is the end, anything can happen. Even if not compromised, windows could have a backdoor to look for tc keys in memory but that can be detected by security experts, I am not sure bill will go to such lows. If your PC is shutdown, at a border crossing where it will be confiscated, they wont be able to read your disk and you can refuse to reveal the keys, they will have to torture you to do so. Even then, you have the plausible deniability option, still safe if the hidden os is not booted.
-Second, TC can protect only when you are the only one at it when the OS is running. If you are not, someone can run a quick program to get the keys from memory. Once that is done, it can be stolen/seized and you are out of luck. If the os is open source or not, is irrelevant in this case, you should also never mount containers on computers you do not control fully, same issue, you can have a keylogger some place, or even clipboard reader, open files reader, etc.
My typical setup for mounting encrypted containers is a vanilla debian on a VM with TC installed and encrypted LVM. In theory, my computer can be compromised with a trojan to read the memory of the VM and steal the keys. Since I leave it off when I am not home, it is highly unlikely.
I guess that makes sense. If I were the paranoid type I'm still not sure how far I would trust Windows not to conceal the ways that it's spying on me no matter what encryption methods I use. If a rootkit can conceal itself in ways that are nearly impossible to detect then the OS must certainly be able to hide what it's doing too. Even if you analyze the network traffic there would still be ways for Microsoft to sneak your secrets out.
The plausible deniability feature of TrueCrypt is another thing I wouldn't place too much faith in. Your potential torturer would probably know about this feature too, and might not be satisfied with the first volume you decrypt.
Not that we should simply trust open source simply because vulnerabilities would be spotted by others looking at the source. Source code written by other people can be very difficult to read, and major flaws go unnoticed in open source software all the time. Heartbleed is just one example. And from what I've read about the TrueCrypt source it's very cryptic with very few comments.
It is simple, use external firewall, dont allow it to connect to anything else than the IPs you need to connect to, apply updates manually by downloading them separately, there is no way it will send any info, even if it collects it. If you use the computer you are accessing your encrypted files to browse the internet, that is your business, but you shouldnt if you want to avoid that risk. Also, if you log any attempt to connect somewhere else and you turned all automatic updating off completely, you know something is fishy.
Well that's very good advice. I don't use Windows myself, but I don't follow that sort of advice for my personal computers. Then again I'm not really trying to protect myself from the intellgence community. My primary reason for using FDE is so that if my laptop is stolen or lost the dirtbag who has it at least won't be able to read all my diary entries.
For what it's worth I'm not trying to suggest that Microsoft is spying on its users, just the lack of trust for BitLocker being closed source kinda confused me when people are using a closed source OS.
Use cryptsetup on linux