[kwlug-disc] Truecrypt

unsolicited unsolicited at swiz.ca
Fri May 30 16:40:07 EDT 2014


On 14-05-30 03:34 PM, Bob Jonkman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> unsolicited writes:
>> audits have been and are being performed. And nothing found thus
>> far. And expectations thus far are that nothing will be found.
>
> That is one of the wrongest and most dangerous security fallacies I
> have ever seen.
>
> - --Bob.

Better check yourself before so shooting your mouth off in such a 
libellous, slanderous, and defamatory way, bud.

By your own link: 
https://twitter.com/stevebarnhart/status/472200478345150464

"@matthew_d_green 1 more "I were happy with the audit, it didn't spark 
anything. We worked hard on this for 10 years, nothing lasts forever.""

By Darcy's: 
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/#p3

" Last, a preliminary audit of TrueCrypt uncovered no evidence of any 
backdoors." 
http://arstechnica.com/security/2014/04/truecrypt-audit-finds-no-evidence-of-backdoors-or-malicious-code/ 
- "On Monday, after seven months of discussion and planning, the first 
phase of a two-part audit of TrueCrypt was released.

The results? iSEC, the company contracted to review the bootloader and 
Windows kernel driver for any backdoor or related security issue, 
concluded (PDF) that TrueCrypt has: “no evidence of backdoors or 
otherwise intentionally malicious code in the assessed areas.”

"James S. wrote:
With the audit, we're going to have an audited line of code that can be 
branched off by somebody trusted and start where the original dev's left 
off. It should also answer some questions about the status of the 
project etc. "

And others from here below:

On 14-05-29 12:03 PM, Khalid Baheyeldin wrote:
 > ... If the previously audited version was safe, i.e. works as 
designed, then ...

On 14-05-29 11:35 AM, Darcy Casselman wrote:
 > I'm not a crazy conspiracy guy, so I'm going to assume for now that
 > Andrew Green (the TrueCrypt audit guy) ...

On 14-05-30 01:49 PM, Bob Jonkman wrote:
 > ...I can understand that he lost interest.  A third-party audit of his
 > software raised some $70,000 in funds, probably several orders of
 > magnitude more than any donations made for TrueCrypt itself. I can't
 > imagine something more depressing.

On 13-12-04 01:27 PM, Paul Nijjar wrote:>
 > ...
 > http://istruecryptauditedyet.com/

http://istruecryptauditedyet.com/: "Update April 14, 2014: Phase I of 
the audit is complete, and report is available. Phase II begins on the 
formal cryptanalysis. Follow #istruecryptauditedyet on Twitter for updates."


> On 14-05-30 03:23 PM, unsolicited wrote:
>> But as the articles say ... audits have been and are being
>> performed. And nothing found thus far. And expectations thus far
>> are that nothing will be found.
>>
>> So unsupported only means ... for what it does, the problem is
>> solved. If it ain't broke, and nothing says it's broke, it don't
>> need fixing. (Enhancements are a different beastie.)
>>
>> The eyes are on it. Your analogy does not apply.
>>
>> The source is there.
>>
>> No reason not to use it unless and until something proves
>> otherwise, and even then there's nothing to say what you have will
>> be inaccessible. You may not want to use it in the wild, based upon
>> information discovered at that time, but we're not there yet, and
>> may never be.
>>
>> Your premise is as bad as the announcement ... there may be bugs in
>> it ... - it does not say there are bugs in it.
>>
>> Neither can prove a negative.
>>
>>
>> On 14-05-30 02:51 PM, Darcy Casselman wrote:
>>>
>>> On Fri, May 30, 2014 at 1:33 PM, unsolicited
>>> <unsolicited at swiz.ca <mailto:unsolicited at swiz.ca>> wrote:
>>>
>>>> But yeah, it's probably time to look for alternatives.
>>>
>>> Why?
>>>
>>>
>>>
>>> Because unsupported security software is bad security software.
>>> Because while many eyes make for shallow bugs, no eyes make for
>>> huge, gaping chasms from which nothing escapes.
>>>
>>> Mind you, if someone sensible comes along and forks the code,
>>> disregarding the license, I'll probably go back to using it. Like
>>> Paul says, there's no real alternative on Windows and certainly
>>> nothing that's cross-platform.
>>>
>>> Darcy.
>>>
>>>
>>> _______________________________________________ kwlug-disc
>>> mailing list kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>
>>
>> _______________________________________________ kwlug-disc mailing
>>   list kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Ensure confidentiality, authenticity, non-repudiability
>
> iEYEARECAAYFAlOI3SYACgkQuRKJsNLM5eoX7wCfVN6kI9WUF0Q5ikZ2FhlF40KY
> gF0AoOUW4ONMjzy19wQ6kZqKgkUFWOa+
> =mnnN
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>




More information about the kwlug-disc mailing list