TrueCrypt takedown
Caspar Bowden (lists)
lists at casparbowden.net
Sat May 31 00:25:45 BST 2014
It's not irrational to recommend BitLocker to users trusting a
Microsoft's platform
A mundane reason may be they realized the weaknesses of their cipher
mode, and the support hassle they would get from disk re-encrypts gone
bad if they changed
Or they might be subject to a coercive order to backdoor future
versions, and/or realize they may have been infiltrated with a weakness
already, and mucho data is hanging out there, so cheshire cat best policy
But it dramatically illustrates why should anyone now trust a codebase
whose audit threat model has changed overnight from presumed benign
authors to now unknown influences.
Suppose the Truecrypt authors believed it secure, why should they
declare it not so?
If they believe it could be insecure, it probably is
FWIW neither BitLocker
<http://testlab.sit.fraunhofer.de/content/output/project_results/bitlocker_skimming/>
nor Truecrypt deals
<http://theinvisiblethings.blogspot.fr/2009/10/evil-maid-goes-after-truecrypt.html>
with Evil Maid
<http://theinvisiblethings.blogspot.fr/2011/09/anti-evil-maid.html>
attacks properly
Linux needs some well-engineered hidden container software though
Caspar
In 05/30/14 17:49, Wendy M. Grossman wrote:
> Me too. It really does make you wonder what hidden factors might have
> been at work.
>
>
> wg
> ---
> www.pelicancrossing.net
> Twitter: @wendyg
>
>
>
> -------- Original message --------
> From: bakeryworms at gmail.com
> Date: 2014/05/30 14:55 (GMT+00:00)
> To: ukcrypto at chiark.greenend.org.uk,UK Cryptography Policy Discussion
> Group <ukcrypto at chiark.greenend.org.uk>
> Subject: Re: TrueCrypt takedown
>
>
> It made me think of the Lavabit shutdown.
>
> KRS
> Mark
>
> Original Message
> From: JJ Gray
> Sent: Friday, 30 May 2014 14:43
> To: UK Cryptography Policy Discussion Group
> Reply To: UK Cryptography Policy Discussion Group
> Subject: Re: TrueCrypt takedown
>
> On 30/05/2014 10:44, Graham Cobb wrote:
>
> > of any issues). If the developers have stopped work on TrueCrypt then
> > that seems a reasonable warning to leave behind to the world.
> >
> > That does seem the simplest explanation to me.
>
> That would appear to be the case, at least at this stage.
> https://gist.github.com/ValdikSS/c13a82ca4a2d8b7e87ff
>
> Cheers,
> JJ
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140531/4c10c13a/attachment.html>
More information about the ukcrypto
mailing list