TrueCrypt Compromised
- Thread starter SLO Ur Roll
- Start date
Yeah, one of the various theories being bandied about is that they pulled a lavabit. The tinfoil hat brigade at reddit are in overdrive, but I use that term lightly considering the assorted revelations of the past 12 months or so. I'm not in a position to say if the NSA got to them or some hackers got hold of the site and are just trolling us, there are people here that may be in a better position to know if it is the latter compared to the reddit crowd.
I can't help but wonder if this is all my fault though. Lavabit shut down a few days after I created an email address there and now Truecrypt pull this shit a few days after I considered encrypting one of my hard drives with it. :anon.sml:
Of course I am kidding about the idea that it is my fault but am totally not shitting you re the timing of events.
I can't help but wonder if this is all my fault though. Lavabit shut down a few days after I created an email address there and now Truecrypt pull this shit a few days after I considered encrypting one of my hard drives with it. :anon.sml:
Of course I am kidding about the idea that it is my fault but am totally not shitting you re the timing of events.
Was the successful crowd funded audit the reason for this drastic change? Either a malicious developer, or a bloated .gov designed project would take such dramatic action.
(O_o)
H̨̼̩͐̑͆̀̚&
I'm surprised that it lasted this long. I know the only way the FBI had to crack TrueCrypt was to bruteforce the password. So, unless somebody had an idiotically short password or they managed to seize the computer while it was still on and the volume was open, they were pretty much fucked. Don't know the NSA's capabilities, but they were probably in the same boat as the FBI.
Thankfully, I've been using BullshitCrypt instead.
*That's where you make a 5 gigabyte text file of random charachters, lock it with truecrypt, save it as "Secret stuff" in an easily findable location on my C: drive, and then proceed to keep all my important data on a fucking thumbdrive.
*That's where you make a 5 gigabyte text file of random charachters, lock it with truecrypt, save it as "Secret stuff" in an easily findable location on my C: drive, and then proceed to keep all my important data on a fucking thumbdrive.
The only use for any type of publicly available computer security is to protect yourself from the common thief.
The internet has always had hackers, probably always will. Nothing is 100% vulnerable to an attack, at least that's the way I see it.
They removed version 7.1 and left a warning that it is considered insecure, as well as instructions on how to migrate to Bitlocker which as posted in this thread already should be treated as possibly backdoored by the NSA and useful for protection of data from petty thieves only.
7.2 is decrypt only
Think I'm missing something. You can find the 7.1 download and prob what you have installed, which works. At least good enough to keep preying eyes and people from accessing if they steal your laptop, correct?
Is this suggesting that 7.1 never worked?
The FBI is law enforcement, the NSA is not. Aside from having well known 3-letter acronyms, the two agencies have nothing in common, particularly in regards to their access and abilities.
The FBI has to work within the confines of making a case prosecutable in court, which includes making public some of their investigative tactics. The NSA has no such constraints and would certainly never expose their secrets to help prosecute a criminal case.
By in the same boat I meant their computational abilities to crack TrueCrypt. Unless the NSA has found a way to put those DWaves to work busting TrueCrypt volumes, I doubt they could brute force a strong password either. I could be wrong, I just don't know for sure.
Also, the FBI does a fair amount of shady shit like black bag work and renditions. They aren't solely stitching together squeaky clean court cases.
Do you think they might be able to crack it if they wrote it? The NSA wrote the book on cryptography. Truecrypt is bloated with gobs and gobs of code. Even if they didnt write the original code, would it be a stretch for them to have a hand in the development? If I where in charge of the NSA I sure would have people working on it covertly. And these guys are way smarter than I could ever dream to be. So if I think it's a pretty good idea, I am certain they do too.
All it takes is a few mistakes in the bloated code and you're in. Dont underestimate the power of that successful crowd sourced code audit. That is a significant piece of the puzzle.
I don't think the NSA wrote it... if they did, why would they shut it down like this? Why invest years of time, money and man-hours only to release a half-assed statement and a decrypt-only last build? That, and as far as I'm aware the audit only found a few minor bugs, nothing that was serious enough to compromise the encryption yet.
To me, this whole ordeal only makes sense if the devs got a knock & talk from one of the alphabet soup agencies and decided to pull the plug.
I personally don't use TrueCrypt, so this doesn't effect me. Although, I have played around with it in the past and thought it was pretty neat.