TrueCrypt is discontinued

Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs).

Truecrypt is said to be published under an open source license, but in some quarters, its license has not been accepted as a valid open source license. And some of those people believe it has a backdoor. Guess who is widely believed to be responsible for that backdoor.

Related Post:  Samsung Chromebook 2 will be powered by the Exynos 5 Octa processor

In a recently published article on his blog (see Let’s audit Truecrypt!), Matthew Green, a cryptographer and research professor at Johns Hopkins University, Baltimore, Maryland, wrote that:

The ‘problem’ with Truecrypt is the same problem we have with any popular security software in the post-September-5 era: we don’t know what we can trust anymore. We now have hard evidence that the NSA is tampering with encryption software and hardware, and common sense tells us that NSA is probably not alone. Truecrypt, as popular and widely trusted as it is, is a fantastic target for subversion.

But quite frankly there are other things that worry me about Truecrypt. The biggest one is that nobody knows who wrote it. This skeeves me out. As Dan Kaminsky puts it, ‘authorship is a better predictor of quality than openness’. I would feel better if I knew who the TrueCrypt authors were.

So that’s why Professor Green has launched a project to audit the Truecrypt code. It’s a challenging project with very specific objectives. And it will require many hands on deck. Details are available here.

Related Post:  How to build a containerized app on Mirantis OpenStack with native Docker tools

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

5 Responses

  1. Stupid question. Two questions you should be asking are:

    1. Should you use unaudited security software?
    NO.
    2. Is auditing Truecrypt work $25k?
    Probably. Support of $16k before word got out seems to indicate that people are coughing up for it.

  2. Got a problem with TrueCrypt? Well, if you’re using Microsoft or Apple software, then you’re already “pwn3d” by “We Know Whom” in the first place. Therefore, first thing to do is switch to a F/OSS platform like GNU/Linux or *BSD. Second thing to do is do an encrypted-partition installation. On GNU/Linux systems, I encrypt everything but the /boot partition. I consider that a reasonable mitigation of risk for my purposes. If “We Know Who” breaks into my house and installs a backdoor on /boot without my knowledge, then I’ve got a much bigger problem anyway. But if you know your computer’s been touched or tampered with (e. g. your computer got confiscated and then eventually returned to you), well, that’s what booting from a Knoppix or other Live-CD is for. 🙂 Same applies to backup media, BTW. Use the native GNU/Linux or *BSD tools to do the encrypting, and you should be good to go.

    –SYG

  3. I use and trust truecrypt

    but I believe it should be audited. all open-source (even closed source) should be looked at in details

    1. But you can’t audit the source code of closed source tools. As such we can only trust that they are clean, that is, free of intentionally placed malware, also known as backdoors.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.