Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

TrueCrypt Website Says To Switch To BitLocker

Soulskill posted about 2 months ago | from the so-long-and-thanks-for-all-the-Jkkms0EuPPlvOmW7Mk5x2A== dept.

Encryption 566

Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.

cancel ×

566 comments

Fishy (4, Interesting)

CelticWhisper (601755) | about 2 months ago | (#47113521)

A FOSS project shutters itself and, rather than linking to a fork or posting tarballs of a few versions' worth of source, recommends commercial alternatives? If this isn't a hacked site then I'm thinking Lavabit - someone pressured someone else and in order to spill without spilling, they made the most absurd possible kind of announcement that they were closing.

Re:Fishy (3, Insightful)

Ardyvee (2447206) | about 2 months ago | (#47113629)

Yes. You are right. This doesn't seem "right" at all. The very definition of fishy.

Re:Fishy (4, Insightful)

nine-times (778537) | about 2 months ago | (#47113693)

Yeah, it doesn't quite make sense up. First, why has the page suddenly dropped all styling and logos? And then there's the quote at the top:

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

It seems to imply that the following thought process: The only purpose of TrueCrypt was in order to support Windows XP, which is no longer supported, so it's not useful for that purpose anymore. Since new operating systems provide their own encryption mechanisms, there is no value in the project, so we're shutting things down.

However, the fact that Windows XP has lost official support does not mean that no one is using Windows XP anymore. Further, one of the valuable aspects of TrueCrypt was that it was open source (meaning the encryption could be independently verified) and cross-platform (meaning a disk encrypted on Mac could be accessed on Windows and vice versa). There's still a lot of potential uses for such a project.

Aside from that, what would possibly be the harm in continuing to provide the source code? If the intention were to deny people binaries as a method of providing a stern warning to potential users, surely they could still provide the source and say, "... but if you know what you're doing well enough to make use of the source code, go ahead and use at your own risk."

Something's wrong here, unless the people maintaining the project are just kind of retarded.

Re:Fishy (5, Informative)

gbjbaanb (229885) | about 2 months ago | (#47113819)

Except most Windows 7 editions doesn't support Bitlocker - only Enterprise and Ultimate. [microsoft.com]

Re:Fishy (5, Interesting)

Nyder (754090) | about 2 months ago | (#47114197)

Except most Windows 7 editions doesn't support Bitlocker - only Enterprise and Ultimate. [microsoft.com]

I'm wondering who the fuck trusts MS enough to use Bitlocker. I don't.

Re:Fishy (0)

Anonymous Coward | about 2 months ago | (#47114287)

How is bitlocker related to the encryption used by that ransomware virus which turned out to have a copy of the key stored in the registry?

Re:Fishy (0)

Anonymous Coward | about 2 months ago | (#47113827)

Sounds almost like the developers may have went to work for Microsoft

Re:Fishy (5, Interesting)

jones_supa (887896) | about 2 months ago | (#47114031)

Or they were smoked out by NSA, because TrueCrypt encryption was "too good", and Microsoft's BitLocker has an NSA backdoor.

Re:Fishy (4, Insightful)

K. S. Kyosuke (729550) | about 2 months ago | (#47113965)

The only purpose of TrueCrypt was in order to support Windows XP, which is no longer supported, so it's not useful for that purpose anymore.

I thought the purpose was to facilitate moving encrypted volumes between different operating systems? Why wouldn't that be useful on Windows 8? How do I mount a Bitlocker volume in Linux?

Re:Fishy (3, Interesting)

jones_supa (887896) | about 2 months ago | (#47114001)

There was 2 years to the previous version, so it seems that the TrueCrypt project wasn't very active anyway. Maybe they thought that the discontinuation of Windows XP was a good moment to finally officially shut down operations.

Re:Fishy (5, Interesting)

trmj (579410) | about 2 months ago | (#47114257)

Here's a theory, based on the timing:

TC was Sabu's pet project. Since he was caught and working for the Feds, he has provided the very access everybody is afraid of them now having.

Sabu was just released from the service of the Feds a few days ago. Enough time to rewrite the binaries, change the passwords, and disable the whole lot since it's all been compromised for years. Gets rid of a dangerous product, and pisses off the Feds without violating the terms of anything since TC is still available for download, just in a crippled form.

Re:Fishy (2)

PopeRatzo (965947) | about 2 months ago | (#47114333)

one of the valuable aspects of TrueCrypt was that it was open source (meaning the encryption could be independently verified)

And the value of that "open source" is that it's still forkable for anyone who wants to do the work.

My other guess is that the NSA is putting so much pressure on TrueCrypt that they'd rather just close their doors than face jail time if they don't bend to the NSA's wishes.

Seriously, if it's FOSS, doesn't that mean anyone can take the TrueCrypt code and do with it what they will?

Re:Fishy (0)

Anonymous Coward | about 2 months ago | (#47113701)

Not to mention that for windows they say to use bitlocker, requiring the Ultimate or Enterprise versions that most people won't have.

Re: Fishy (1)

ironicsky (569792) | about 2 months ago | (#47113831)

And a TPM chip, something not built in to all computers.

Re: Fishy (1)

jones_supa (887896) | about 2 months ago | (#47113957)

BitLocker can be used with a TPM chip.

Re: Fishy (1)

jones_supa (887896) | about 2 months ago | (#47113975)

Correction: I mean without one.

Re:Fishy (4, Insightful)

gbjbaanb (229885) | about 2 months ago | (#47113727)

it appears it might be compromised.

From https://news.ycombinator.com/i... [ycombinator.com]

Odd, 6 hours ago someone updated the TruCrypt-key.asc files, then 3 hours later posted all the new binaries.
Also odd is whoever posted the new binaries completely yanked all the previous ones, leaving only the new and questionable binary available for download.

Re:Fishy (5, Insightful)

MozeeToby (1163751) | about 2 months ago | (#47113987)

If you're gonna post compromised binaries of TrueCrypt, you generally wouldn't stick them on a page with "WARNING: Using TrueCrypt is not secure" in large, bright red text. You'd also expect some kind of statement from the good folks that have been running TrueCrypt for the past decade.

I'll join the chorus of people speculating about them getting a court order they couldn't bring themselves to follow. I would stay far, far away from that latest binary, if I had to guess it contains whatever loophole they were ordered to put in place, hence all the big and bright warnings.

Re:Fishy (2)

mrchaotica (681592) | about 2 months ago | (#47114021)

If you're gonna post compromised binaries of TrueCrypt, you generally wouldn't stick them on a page with "WARNING: Using TrueCrypt is not secure" in large, bright red text.

That's what they want you to think!

(I'm not sure if I'm joking or not...)

Re:Fishy (1)

Kythe (4779) | about 2 months ago | (#47114151)

Yep. The rationale provided is also at odds with past statements regarding planned development. I'd bet this is a compromised site.

Re:Fishy (0)

Anonymous Coward | about 2 months ago | (#47114023)

Just in case I cloned a truecrypt repository from github.com. But the entire situation sounds like a web server defacement or a NSL issues by our friends in Washington, DC, US. Maybe Putin will "accidently" launch a massive ICBM strike on all US Government facilities in the DC-MD-VA tri-state area.

Re:Fishy (5, Insightful)

AmiMoJo (196126) | about 2 months ago | (#47114079)

Yep, I'm guessing National Security Letter. The only defence against being forced to hand over signing keys or release versions with flaws and backdoors is to release a final version yourself to discredit any future releases.

The web site looks hastily knocked up, which supports this theory. What I can't quite get my head around is the suggestion to use BitLocker though. I know MS resisted an NSL recently, but that doesn't meant we can trust BitLocker.

Alternatively, maybe the site is by the person behind the NSL, trying to drive people to BitLocker which is already compromised. Since TrueCrypt is being audited maybe they figure they can't insert back doors now.

Either way, this is and extremely worrying development in the crypto wars.

I wonder... (4, Interesting)

halfEvilTech (1171369) | about 2 months ago | (#47113523)

If the dev's decided to go full Lavabit mode after getting a NSL for the keys. So instead of letting people know that specifically they did this.

Also in the new version they removed all of the code to encrypt data, only the decryption remains.

Re:I wonder... (3, Informative)

CelticWhisper (601755) | about 2 months ago | (#47113567)

But TrueCrypt doesn't have master keys as I understand it. It's not like Dropbox. There's nothing an NSL (plague be upon whoever got the idea to legalize that) could discover that would do NSA/DHS/USA any good.

Re:I wonder... (2)

halfEvilTech (1171369) | about 2 months ago | (#47113587)

yes but there is still the private signing key that allows for trusted uploads of new (possibly compromised) versions.

Re:I wonder... (0)

Anonymous Coward | about 2 months ago | (#47113709)

But that couldn't possibly happen! My article explained exactly that with links to backup that claim, and it was downvoted to oblivion. Because, apparently, I'm just a paranoid nut for pointing out the obvious and providing sources.

Re:I wonder... (1)

Anonymous Coward | about 2 months ago | (#47113777)

Maybe downvoted to oblivion by an NSA guy with an access to Slashdot's backoffice. We"ll never know.

Re:I wonder... (1)

cbhacking (979169) | about 2 months ago | (#47113627)

They could get the signing key, and release their own version of the software that appears legit? It's a stretch, but maybe even (secretly) take over the project to *add* backdoors, so TC decided to commit seppuku first?

I really don't know. It's a mess. If they come back and *say* it was just defacement/mis-timed April Fools/whatever, they're going to be under even more scrutiny than before for a good long while.

Re:I wonder... (0)

Anonymous Coward | about 2 months ago | (#47113637)

An NSL could request their code signing keys. That would mean any three-letter-agency could distribute a backdoored version of TrueCrypt with the "correct" signatures.

Re:I wonder... (1)

Charliemopps (1157495) | about 2 months ago | (#47113877)

But TrueCrypt doesn't have master keys as I understand it. It's not like Dropbox. There's nothing an NSL (plague be upon whoever got the idea to legalize that) could discover that would do NSA/DHS/USA any good.

The NSA would just need to force them to install the NSA's code. Keep in mind, we have no idea what their capabilities are. They're probably the highest payer for almost every exploit out there. The NSA is likely also very adept at obfuscating their code. I don't know if this is the case here, but I put no limits on their capabilities. I'm in full on paranoia mode now.

Re:I wonder... (0)

Anonymous Coward | about 2 months ago | (#47113663)

Outside of a hoax this sounds pretty damn plausible. The use of the official signing cert makes this story really interesting.

I'm betting the recent sponsored audit got the attention of the NSA (maybe they expect that the code audit would find something), who decided it was time to put a lid on the project by ensuring they could publish compromised versions of true crypt with authentic signing keys. Rather than let this go down, truecrypt devs shutter the project.

Re:I wonder... (1)

Anonymous Coward | about 2 months ago | (#47113667)

Or in tonight's interview, Snowden reveals that TrueCrypt is an NSA product.

 

Re:I wonder... (0)

Anonymous Coward | about 2 months ago | (#47113833)

Hahahaha! THAT would fry my fritters!

Unless NSA has compromised BitLocker & posted (0)

Anonymous Coward | about 2 months ago | (#47113561)

Hmmmm....

Smells Scamspicious (0)

Anonymous Coward | about 2 months ago | (#47113575)

Possibly a website hijack ? Guess its best to wait and see.

Re:Smells Scamspicious (1)

cbhacking (979169) | about 2 months ago | (#47113643)

If it weren't for the new binary that is signed (but the same key as before), that would be the obvious answer. As is, it could still be correct but seems less likely.

I don't have enough info on the priors of this kind of thing yet to establish a Bayesian probability. We've got clues but no idea what *their* probabilities are.

So, what now? (2)

Archeron (183599) | about 2 months ago | (#47113597)

So what do we use to replace TC as a multi-platform solution for things like external drives? There are many decent products, but TC seemed to be alone as far as OpenSource tools capable of running on Windows, Linux and Mac. Suggestions?

Re:So, what now? (3, Insightful)

TCM (130219) | about 2 months ago | (#47113691)

It's not as if 7.1a is suddenly unexecutable...

Re:So, what now? (4, Interesting)

cbhacking (979169) | about 2 months ago | (#47113765)

That works fine for now, but it's a terrible idea to just keep using software that has known flaws (which will continue to accumulate) but no longer gets patches. At some point, while 7.1a will still be executable, it will no longer be safe in any way.

I took Archeron's question to mean "So, what should we start migrating to now?" That's a very good question, sadly...

Re:So, what now? (1)

steveg (55825) | about 2 months ago | (#47114117)

But it does appear to be unavailable if you don't already have a copy. Source is gone as well.

Re:So, what now? (5, Funny)

Qzukk (229616) | about 2 months ago | (#47114323)

You can get your copy from www.totallynotnsa.com/truecrypt.7.1.nsa.zip

Re:So, what now? (1)

Anonymous Coward | about 2 months ago | (#47114277)

Sure, it works now, but once you require GUID Partition tables, you're sunk.

DiskCryptor is our only real alternative now, and it has GPL license, it is not a proprietry license like TrueCryt is (was).

We are in the era of 4TB spindles going up to 6 then 10 then 10TB a spindle. WE NEED GPT (Guid Partition Tables - 64bit addressing, MBR is only 32bit addressing).

Re:So, what now? (1)

cbhacking (979169) | about 2 months ago | (#47113715)

7-Zip encrypted files? I kind of hate to recommend them as a "safe" alternative, and they're definitely not as convenient from a "mount this volume, work in it, save your files, unmount the volume, it's now securely encrypted" user experience standpoint.

Re:So, what now? (2)

TCM (130219) | about 2 months ago | (#47113797)

They're not only not convenient, they're also not secure in the sense that in order to work with your data, you have to decrypt it _somewhere_. Unless you secure erase your free drive space after zipping your files back up and deleting the unencrypted copies, I wouldn't consider that data to be secure anymore, at all.

The 'big announcement' scared NSA (0)

Anonymous Coward | about 2 months ago | (#47113605)

Time to review this: http://yro.slashdot.org/story/10/06/26/1825204/fbi-failed-to-break-encryption-of-hard-drives

What! (2)

rock56501 (1301287) | about 2 months ago | (#47113639)

The website itself says that integrated encryption is supported in Windows 8/7/Vista, but when you go to MS's website about Bitlocker for Win 7, it says that it's only supported in Enterprise and Ultimate versions of Windows 7. Guess everyone on Home / Pro versions gets screwed!

Re:What! (3, Informative)

cbhacking (979169) | about 2 months ago | (#47113687)

Yeah.. the TC site gives you a step-by-step on how to upgrade your Windows edition, but they don't seem inclined to hand over the money it costs. Not that they're under any obligation to - it's not as if they were under any obligation to develop TC in the first place, either - but as a guide its usefulness is severely limited.

Win8 at least has BL in the Pro edition (having reduced the range of SKUs considerably from Win7) but... yeah. Vista doesn't even (officially) support BL on removable media at all, in addition to (like Win7) only offering it on Enterprise and Ultimate SKUs.

Re:What! (2)

harrkev (623093) | about 2 months ago | (#47113759)

So, assuming that this IS real, any suggestions on FOSS encryption for those without access to BitLocker?

On a side-note, how could TrueCrypt be actually broken? Even if the encryption is broken, that can be fixed in a later release. There is a LOT of stuff in TC (boot manager, GUI, etc.), and you cannot tell me that ALL of it is bad.

Re:What! (1)

cbhacking (979169) | about 2 months ago | (#47113799)

7-Zip is FOSS and supports file (well, archive) encryption. It's not a replacement for volume-level encryption, but it's a thing.

GPG still works fine for file encryption too... but again, not for volumes.

Re:What! (0)

Anonymous Coward | about 2 months ago | (#47113881)

DiskCryptor does sector encryption AND is GPL license. Screw TC now.

Re:What! (-1, Flamebait)

HeckRuler (1369601) | about 2 months ago | (#47113895)

Even if the encryption is broken, that can be fixed in a later release

"The development of TrueCrypt was ended in 5/2014"
If this is real, there are no more releases. At least not from the original development team. And if they have a court order instructing them to leave vulnerabilities in there, and a gag order restraining them from announcing said vulnerabilities, then they're pretty much up shit creek.

Luckily, it won't take much for someone to pick up the project, fork it, and continue on. And hopefully discover any vulnerabilities. Who knows though, projects being instantly and totally gutted of all the orignal developers don't go so well. I'm not going to do it. This is a pretty big test of the open source community.

Re:What! (0)

Anonymous Coward | about 2 months ago | (#47113803)

The TrueCrypt website just doesn't bother to list what editions are supported. But yes, that is correct: only Enterprise and Ultimate editions of Windows 7 do have BitLocker capabilities.

Re:What! (1)

TCM (130219) | about 2 months ago | (#47113813)

As long as this matter is in its current state, I wouldn't even bother thinking about the minute details of the "suggestions" on the page.

This whole thing is just absurdly smelling like Lavabit.

Re:What! (0)

Trax3001BBS (2368736) | about 2 months ago | (#47113955)

The website itself says that integrated encryption is supported in Windows 8/7/Vista, but when you go to MS's website about Bitlocker for Win 7, it says that it's only supported in Enterprise and Ultimate versions of Windows 7. Guess everyone on Home / Pro versions gets screwed!

Plus one needs a TPM chip installed for Bitlocker to of any use http://en.wikipedia.org/wiki/T... [wikipedia.org] something I've steered clear of for many years,
"The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run)" just one of many.

I'll ask... (0)

Anonymous Coward | about 2 months ago | (#47113641)

So can someone post the last useful version of Truecrypt (windows version) as well as the corresponding source code ?

Re:I'll ask... (1)

jones_supa (887896) | about 2 months ago | (#47113913)

An Estonian website [cyberside.net.ee] seems to hold the source, but of course you would have to verify that it has not been tampered with. Sadly, the older 7.1a version (which I'm assuming does not have the features removed as is being claimed) seems to not be available at the project's SourceForge source code folder [sourceforge.net] .

Re:I'll ask... (1)

mythosaz (572040) | about 2 months ago | (#47114269)

Pretty sure the guy who did the compare of the two sources has already provided (roundabout) the 7.1a source.

https://www.alchemistowl.org/a... [alchemistowl.org]

Re:I'll ask... (2, Informative)

Anonymous Coward | about 2 months ago | (#47114091)

From my Software folder. I don't have the keys to help you verify them, but feel free to Virus Total or them or something if you're totally paranoid.

7.1: http://www.sendspace.com/file/rjeukf
7.1a: http://www.sendspace.com/file/ihsea5

Bummer (5, Insightful)

I'm just joshin (633449) | about 2 months ago | (#47113677)

The best aspect of Truecrypt was the cross-platform compatibility. Being able to open an encrypted drive on any platform was the killer feature.

Bummer (0)

Anonymous Coward | about 2 months ago | (#47113747)

The worst aspect was it's (TrueCrypt's) software license, DiskCryptor uses GPL so I suspect we are all going to DiskCryptor (once it gets GUID Partition Table support), may the funding commence.

This is WHY we use GPL et al. Not TrueCrypt's proprietry license crap that just screws us in this situation.

DISKCRYPTOR IS A GO! TRUECRYPT IS DEAD:

Re:Bummer (0)

Anonymous Coward | about 2 months ago | (#47113997)

From the FAQ page: "Can I make a donation to aid the development of the project? Currently donations are not accepted."

https://diskcryptor.net/wiki/FAQ#Can_I_make_a_donation_to_aid_the_development_of_the_project.3F

Re:Bummer (0)

Anonymous Coward | about 2 months ago | (#47114029)

But it's GPL license, something TrueCrypt is not.

It is the only other FOSS alternative we have.

Re:Bummer (1)

Anonymous Coward | about 2 months ago | (#47114331)

The TrueCrypt encrypted volume format is well known and there are FOSS projects[1][2] that can create and open TrueCrypt volumes. If the project goes under,the format will still live on and block device encryption projects in windows and osx can start supporting the format as a cross platform solution and it will be like nothing has changed.

[1] https://github.com/bwalex/tc-play

[2] https://code.google.com/p/zulucrypt/

DISKCRYPTOR (0)

Anonymous Coward | about 2 months ago | (#47113685)

https://diskcryptor.net/wiki/Main_Page

But open source doesnt support GUID Partition Table (GPT) unfortunatly.

So currently we are stuck to MBR and 2TB partition, meaning large spindles are unencryptable as a whole.

What's in my TrueCrypt volume? (4, Insightful)

Cruciform (42896) | about 2 months ago | (#47113697)

The only things in my TrueCrypt volume are password lists, tax info, etc.
And those are encrypted separately before being put in the Truecrypt volume.
That way if my machine were to be hijacked while I have the volume mounted, I wouldn't lose all the data to nefarious purposes.
And if the device is stolen, there's two layers of security to get through. (Which around here would just be the thieves deleting everything and selling it for Oxy)

What's in my TrueCrypt volume? (0)

Anonymous Coward | about 2 months ago | (#47113807)

Thanks for the intel.

Love
NSA/GCHQ/FiveEyes/TaxAgency/LolSec/Anonymous

What's in my TrueCrypt volume? (1)

Anonymous Coward | about 2 months ago | (#47113839)

Noob. I put my TrueCrypt volumes in TrueCrypt volumes in TrueCrypt volumes.

Re:What's in my TrueCrypt volume? (0)

Anonymous Coward | about 2 months ago | (#47113935)

Turtles?

Re:What's in my TrueCrypt volume? (0)

Anonymous Coward | about 2 months ago | (#47114161)

All the way down...

Re:What's in my TrueCrypt volume? (2)

rvw (755107) | about 2 months ago | (#47113971)

Noob. I put my TrueCrypt volumes in TrueCrypt volumes in TrueCrypt volumes.

Good that you do this three times, as you probably know that twice simply undos the first attempt! I'm a little confused as to why you put your "volumes" in "volumes", so plural. Is that a confusing tactic?

Hacked or NSA? (2)

Dega704 (1454673) | about 2 months ago | (#47113713)

Taking all bets! I also offer video poker! -Kudos if you can name who I'm quoting.

Re:Hacked or NSA? (0)

Anonymous Coward | about 2 months ago | (#47113889)

bender?! is that you?

Million-dollar question (2)

CelticWhisper (601755) | about 2 months ago | (#47113719)

I think what a lot of people want to know is whether 7.1a is still reliable and, if not, how many versions back one must go to get a release that's still feature-complete but not questionable in security.

In the meantime, if you need to encrypt a file, you can use GPG [gnupg.org] and Cryptophane [google.com] if you want a GUI. Nowhere near as elegant as TC but it should get the job done.

UEFI (0)

Anonymous Coward | about 2 months ago | (#47113721)

The problem with TrueCrypt is that it doesn't support UEFI BIOS. It just doesn't run on new machines.

The developer didn't have time to implement UEFI support, so he's killed the project instead. The security warnings are, most likely, meant for future bugs which he won't fix.

HOWEVER, the code is not dead. Just as TrueCrypt was a fork of EFTM, someone with the time and expertise will likely fork TrueCrypt and add UEFI support. If they're really eager, they'll even remove the Microsoft Visual C 1.5 requirement for building the code.

Re:UEFI (1)

Anonymous Coward | about 2 months ago | (#47113801)

You're exaggerating. Building Truecrypt requires Microsoft Visual C++ 1.5.2 (from 1993, 16 bit software), not Visual C. TrueCrypt does work with modern UEFI computers, you just can't boot Windows on UEFI with Truecrypt. You can still create encrypted volumes and such.

Trust (1, Insightful)

pjbgravely (751384) | about 2 months ago | (#47113741)

Personally I wouldn't trust any software writen for Microsoft windows. Any news on the nix releases?

Da Man Jess Tryin' Ta Keep Us Down (0)

Anonymous Coward | about 2 months ago | (#47113781)

Speakin' just for myself, I'm keeping my current copy of TC. It's the one being 'tested' now. But who tests the testers? And who tests those testers?

One thing's for sure; after this, there's going to have to be another round of testing on whatever (IF ever) the next version happens to be. This supposed new version?... Anybody want to try to read between the lines... of code?

I'm not even downloading this 'new version'. I guess 'they' have learned one thing... FUD works. Hopefully, we'll hear from someone we can trust and, if the worst that happens is that we stay with Version 7.1a, so be it. It works.

Delayed April Fools? (1)

bmurray7 (2784743) | about 2 months ago | (#47113793)

I hope so

Truecrypt was the hardest thing for the NSA (5, Insightful)

ourlovecanlastforeve (795111) | about 2 months ago | (#47113805)

Truecrypt was the hardest thing for the NSA and the US government to deal with when seizing storage equipment. It makes sense that they would pressure the project to shutter.

Re:Truecrypt was the hardest thing for the NSA (2)

cryptizard (2629853) | about 2 months ago | (#47114271)

Not like there aren't a ton of other disk encryption options, so not sure what they would hope to accomplish if that were the case.

Re:Truecrypt was the hardest thing for the NSA (1)

MrCoke (445461) | about 2 months ago | (#47114355)

Truecrypt is so much more. Read some documentation.

lol, I can't believe it (0)

Anonymous Coward | about 2 months ago | (#47113855)

lol, I can't believe it. People would choose money over morals? What is this world coming to? I can't take it.

Reality: You are fucked. Unless you develop everything from scratch as you see fit, with all included dumbass newb mistakes (because you are in fact a dumbass) you're fucked. FUCKED! Fail the unintelligent! FAIL THEM! Only the nerdintelligence will survive and I'm better than you (until the powers that be absorb my greatness under duress)!!!!!!!!!!!!

Dumb reasoning? (2)

K. S. Kyosuke (729550) | about 2 months ago | (#47113893)

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues ... Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Am I the only one to see a problem with that juxtaposition?

Yeah... (1)

Anonymous Coward | about 2 months ago | (#47113903)

Because I'm really going to trust a closed source application by Microsoft for hiding stuff which obviously has some kind of master password in it for the authorities/NSA/etc.

captcha: stupid

Foul Play (5, Informative)

rock56501 (1301287) | about 2 months ago | (#47113911)

The Register [theregister.co.uk] [theregister.co.uk] suggests that the version 7.2 binary has in fact been compromised and is suggesting not to touch that binary.

Re:Foul Play (2, Interesting)

Anonymous Coward | about 2 months ago | (#47114051)

The Register has no idea what it's talking about.
This is pure speculation.

Yes, they might have been compromised. But very early analysis shows they aren't blatantly backdoored, but that's all we know and they have no business claiming the changes are "eyebrow-raising" and hinting that it is malware. The changes are mostly removing the encryption/volume creation part of TrueCrypt.

Wait and see. They probably just want to "make the buzz".

The key has CHANGED (0)

Anonymous Coward | about 2 months ago | (#47113919)

The file is signed, but with a NEW key.

This is a compromise.

Do NOT download!

Re:The key has CHANGED (1)

jones_supa (887896) | about 2 months ago | (#47114073)

Interesting if true. What key? The executable signing key?

my 2p conspiracy theory (2)

s0litaire (1205168) | about 2 months ago | (#47114019)

OK
Main currently accepted theory is the NSA or whoever (insert your fave 3 letter agency here!) tried to get the signing keys TC decides all it can do is "salt the field" and shut up shop.

may as well throw in my 2 theories :
[less likely]
1) one lucky scammer/hacker got the mother-load of a hack and got access to one of the developers systems and managed to get the signing keys as well as full access to the TC sites.

[more likely]
  2) Due to internal ego's and in-fighting one of the development team did a "Eric Cartman" on the others and go "Screw you guys I'm outta here!" putting up the "closed for business sign" and issuing a suspect (but officially signed!) version that only decrypts, killing the brand in the process.

Re:my 2p conspiracy theory (1)

Kythe (4779) | about 2 months ago | (#47114187)

It says above that the signing key was updated prior to the change in site/posting of new binary.

Re:my 2p conspiracy theory (1)

s0litaire (1205168) | about 2 months ago | (#47114353)

I've seen conflicting reports on the key change!
Some are saying the latest compromised binary was signed with the OLD valid keys before new ones were uploaded.
Others say it was signed by the new keys.

Way ahead of you... (0)

Anonymous Coward | about 2 months ago | (#47114041)

Been using bitlocker since I bought Win7 Ultimate over 3 years ago. Just need to change a simple setting for it to work without a TPM.

TrueCrypt screwed me (2)

Trax3001BBS (2368736) | about 2 months ago | (#47114069)

I figure it was my fault but still not sure what I did wrong. I read all of the text on trueCrypt from the site and thought I had a handle on it, so two hard drives were organized and TrueCrypted.

I had just assumed a password would allow one to access the/a device.

I install Windows when it starts doing odd thing, about every 6 months. I installed a new clean install of Win7, hooked up the drives and the passwords wouldn't allow me access to the drives. Ended up formatting both drives as I couldn't access them no matter what I tried.

So I am very reluctant to try TrueCrypt again, yet BitLocker isn't an option.

Convenient (2)

javajeff (73413) | about 2 months ago | (#47114181)

What makes TrueCrypt Convenient is that I can have an encrypted envelope that I can drop on a usb drive and then access it from Linux or Windows. I do not always want to encrypted a HDD or partition.

Yawn... (4, Informative)

davmoo (63521) | about 2 months ago | (#47114217)

Until such time as the iSEC audits turn up an actual problem, I'll keep using 7.1a as usual.

distinction without a difference (4, Insightful)

AdamWill (604569) | about 2 months ago | (#47114261)

So, either they got attacked by someone who was able to both deface the website and *sign code with their GPG key*, or the announcement is genuine.

I think the obvious response is precisely identical in either case...

Re:distinction without a difference (1)

Anonymous Coward | about 2 months ago | (#47114351)

Keep using 7.1a until there's more details.

Here's something interesting... (5, Interesting)

Anonymous Coward | about 2 months ago | (#47114301)

truecrypt.org

>This URL has been excluded from the Wayback Machine.

Who Stands To Benefit... (1)

NotSanguine (1917456) | about 2 months ago | (#47114339)

From confusion surrounding the future and efficacy of TrueCrypt?

It seems strange that random h4x0r elements would post such an odd screed rather than trumpeting their success at compromising TrueCrypt's site.

It could be some sort of false flag/ploy by the intelligence/industrial complex, but that doesn't make a whole lot of sense either.

Potentially, it could be part of some targeted effort to access data encrypted with TrueCrypt by convincing some user(s) to move off of a secure platform so their data can be compromised. Presumably, this would need to be something important enough to expend significant resources to gain access to said data.

It's always a good bet to "follow the money."

Or, it could be a troll. I guess we'll just have to wait and see.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...