[kwlug-disc] Truecrypt

Khalid Baheyeldin kb at 2bits.com
Thu May 29 12:03:16 EDT 2014 

I am not a crazy conspiracy person either.

But this is too fishy. If they wanted just to quit, they can quit and say
that they are quitting. They should not say "it may contain vulns". Either
they know it contains such vulns, or they don't.

Also, the new version just removes the bulk of functionality, and leaves in
the decryption.

https://www.alchemistowl.org/arrigo/truecrypt-7.1a-7.2.diff.gz

Why would anyone do that? For what purpose? Who benefits from this?

If the previously audited version was safe, i.e. works as designed, then
posting a new version that removes functionality is really fishy. For the
developers to post something urging people to not use it is more fishy.

I am more inclined to believe the National Security Letter theory (you
can't divulge that the government ordered you to do something, otherwise
the terrorists will get us) theory, or the Sabu theory , than to chalk it
up to "they just wanted to quit".



On Thu, May 29, 2014 at 11:35 AM, Darcy Casselman <dscassel at gmail.com>
wrote:

> I'm not a crazy conspiracy guy, so I'm going to assume for now that Andrew
> Green (the TrueCrypt audit guy) is right and that the anonymous maintainers
> decided to quit and wanted to do so in characteristically dramatic fashion.
>
>
> http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
>
> But yeah, it's probably time to look for alternatives.
>
> Darcy.
>
>
> On Thu, May 29, 2014 at 11:05 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
>
>> Other people are speculating that Hector Monsegur (Sabu), the hacker that
>> was freed by the Feds after he cooperated, was a contributor to TruCrypt,
>> and that was one obstacle they always faced (decrypting encrypted volumes),
>> so there it goes once he was out.
>>
>> As for alternatives, seems that LUKS is backward compatible with TruCrypt.
>>
>> https://code.google.com/p/cryptsetup/
>>
>>
>>
>> On Thu, May 29, 2014 at 10:20 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
>>
>>> Many theories floating around ...
>>>
>>> With secret court orders no one can be sure of anything ...
>>>
>>> But there are other possibilities.
>>>
>>> See the comments here (change to threshold 3 or 4 to limit to the
>>> highest rated ones)
>>>
>>> http://soylentnews.org/article.pl?sid=14/05/29/0243223
>>>
>>>
>>> On Thu, May 29, 2014 at 10:16 AM, Chris Irwin <chris at chrisirwin.ca>
>>> wrote:
>>>
>>>> I wanted to see what everybody's thoughts are about the truecrypt
>>>> "annoucement" yesterday.
>>>>
>>>> Quoted from their website:
>>>>
>>>> > WARNING: Using TrueCrypt is not secure as it may contain unfixed
>>>> security issues
>>>> >
>>>> > This page exists only to help migrate existing data encrypted by
>>>> TrueCrypt.
>>>> >
>>>> > The development of TrueCrypt was ended in 5/2014 after Microsoft
>>>> terminated support of Windows XP. Windows 8/7/Vista and later offer
>>>> integrated support for encrypted disks and virtual disk images. Such
>>>> integrated support is also available on other platforms (click here for
>>>> more information). You should migrate any data encrypted by TrueCrypt to
>>>> encrypted disks or virtual disk images supported on your platform.
>>>>
>>>> There is discussion on slashdot, hacker news, and many other sites. So
>>>> far, there is no consensus on what is going on? Half-hearted compliance
>>>> with a US NSL? Dead-man switch prematurely activating?
>>>>
>>>> Does anybody else have thoughts or insights?
>>>>
>>>> I'm a dmcrypt user personally, but I know several folks on the list use
>>>> truecrypt.
>>>>
>>>> --
>>>> Chris Irwin
>>>> <chris at chrisirwin.ca>
>>>>
>>>> _______________________________________________
>>>> kwlug-disc mailing list
>>>> kwlug-disc at kwlug.org
>>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Khalid M. Baheyeldin
>>> 2bits.com, Inc.
>>> Fast Reliable Drupal
>>> Drupal optimization, development, customization and consulting.
>>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>>> For every complex problem, there is an answer that is clear, simple, and
>>> wrong." -- H.L. Mencken
>>>
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140529/79289bd1/attachment.htm>

More information about the kwlug-disc mailing list