Jump to content
Sign in to follow this  
nodle

TrueCrypt shuts down due to alleged 'security issues'

Recommended Posts

Wow I don't even. Sounds to me like the NSA got to them.

TrueCrypt, leading encryption software touted and used by no less than Edward Snowden and Glenn Greenwald, now appears to be dead, according to its recently updated website, but no one seems to know why—or if the program's ominous warning is legitimate.

“WARNING,” the site reads in large red letters. “Using TrueCrypt is not secure as it may contain unfixed security issues.”

A 10-year-old application, TrueCrypt has long been used for encrypting hard drives and USB sticks on Windows, Linux, and Macs.

The open source program was developed by the pseudonymous TrueCrypt team, who have made no public comment since the program’s site changed drastically, leaving many to wonder if the website was hacked or if the warning is legitimate.

However, the newest version of TrueCrypt 7.2 has the same ominous warning message now showing to users, suggesting that this isn’t simply a website-related issue.

Link

Share this post


Link to post
Share on other sites

It says below the warning:

"This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

But bitlocker isn't available on the home or basic editions.?

Share this post


Link to post
Share on other sites
It says below the warning:

But bitlocker isn't available on the home or basic editions.?

Going to search around so many conspiracy stories about this, from hacked webpage to had program itself. Just researched this morning and still no one knows what is happening.

Share this post


Link to post
Share on other sites

I'll weigh in what I think happend. I think there was pressure or some force from the NSA to add a backdoor. The main people instead of allowing it and letting someone take over just abandoned ship. There was one last warning. So I think the page was made by the NSA itself to try to scare people into switching over to Bitlocker because they are already in bed with Microsoft. This is the same thing that happened to Lavabit. Instead of giving up peoples info he just shut the whole thing down.

Share this post


Link to post
Share on other sites

Update: Matthew Green, one of the security researchers involved with the TrueCrypt audit, notes that while he had no prior knowledge of the abrupt change, he believes that the announcement is legitimate.

Similarly, the posted version of TrueCrypt appears to be heavily modified, with critical features removed and a heavy dose of "INSECURE_APP" sprinkled through the code. Even so, it was certified with the official TrueCrypt signing key, which leads us to believe this might be the real thing. Ars Technica notes:

The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis, appears to contain changes warning that the program isn't safe to use. Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers.

Update: Security expert Brian Krebs has a great roundup of the situation on his blog, and notes that while the tone and language used in the warning on the project's SourceForge site is curious at best, the project's hosting, domain registration, and WHOIS information hasn't changed recently—unusual for a simple site hack.

Right now, it's looking more like the changes are either intentional action on the part of the TrueCrypt team (a scorched earth approach to ending the project, either due to the pressure or exposure brought by the audit, because of some outside influence, or internal strife) or someone on the TrueCrypt team decided to flip over the metaphorical table, and because all of the developers are anonymous, there's no way to be sure.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×