RSS Feed

Netsec, comsec, infosec and IA news, research and trends



From Wired,

Snowden’s Crypto Software May Be Tainted Forever

    * By Robert McMillan 
    * 05.29.14  | 
    * 8:19 pm


"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.

It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.

That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "

The post itself is on the Truecrypt site,

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Migrating from TrueCrypt to BitLocker:"

This page is powered by Blogger.

Site Meter Locations of visitors to this page