×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Auditors Release Verified Repositories of TrueCrypt

Soulskill posted about 6 months ago | from the still-not-sure-what's-going-on dept.

Encryption 146

Trailrunner7 writes: As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development.

The message that the TrueCrypt posted about the security of the software also was included in the release of version 7.2a. The OCAP team decided to focus on version 7.1a and created the verified repository by comparing the SHA2 hashes with files found in other TrueCrypt repositories. So the files are the same as the ones that were distributed as 7.1a. "These files were obtained last November in preparation for our audit, and match the hash reported by iSec in their official report from phase I of the audit," said Kenn White, part of the team involved in the TrueCrypt audit.

Sorry! There are no comments related to the filter you selected.

7.1a for x64 linux (0, Interesting)

Anonymous Coward | about 6 months ago | (#47205613)

Luckily I have a copy of 7.1a for x64 linux. Because this is a great opportunity to release a trojan horse version of Truecrypt and many people would be affected

Re:7.1a for x64 linux (1)

Anonymous Coward | about 6 months ago | (#47205747)

What are the hashes for your copy?

Subscribe (5, Insightful)

tepples (727027) | about 6 months ago | (#47205895)

What are the hashes for your copy?

In order for a post of the hashes to be of any use, both the poster and anybody reading the post would have to pay Dice for a subscription to Slashdot. This is because Slashdot redirects all non-subscribers' HTTPS pageviews to HTTP. If the poster does not subscribe, a man in the middle could modify the hash on its way from the poster's computer to Slashdot's server. If the reader does not subscribe, a man in the middle could modify the hash on its way from the poster's computer to the reader's computer.

Re:Subscribe (0)

Anonymous Coward | about 6 months ago | (#47205939)

It could still be of use if the reader checked the post from two different machines - say home and at the library. The bonus would be that if they were different, they'd know they were being MITM'd. If the poster checked from a second machine, they could update their post with a confirmation that it was indeed right.

Qatar ball (3, Informative)

tepples (727027) | about 5 months ago | (#47206441)

That's fine so long as home and the library don't use the same ISP. Cable monopolies tend to do this, such as if home uses Xfinity and the library uses Comcast Business. In extreme cases, an entire country's web traffic passes through the same proxy, as when Wikipedia temporarily blocked all editing from Qatar [slashdot.org] .

Oh, and a correction to an error that I failed to spot in preview: "from the poster's computer to the reader's computer" at the end of #47205895 was supposed to be "from Dice to the reader's computer".

Re:Subscribe (0)

Anonymous Coward | about 5 months ago | (#47206583)

Caution: If they can tell that you're the same user due to browsing habits or such, then they might feed you the same MITM'd page. Or the OP might just get lucky and avoid randomly drawing the page with the mangled hash (e.g. if the MITM randomly chooses to mangle the output to every 1000th page view).

Re:Subscribe (1)

jrumney (197329) | about 5 months ago | (#47208019)

If the poster checked from a second machine, they could update their post with a confirmation that it was indeed right.

I think you should update your post to clarify that Slashdot does not support updating of posts once they are submitted, least anyone get confused and spend time looking for that option.

Re:Subscribe (1)

Anonymous Coward | about 5 months ago | (#47206107)

Oh, I get it. A MitM could see whenever someone posts the hash e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2 and convert it to e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2.

Re:Subscribe (-1, Troll)

Anonymous Coward | about 5 months ago | (#47206461)

I was once the victim of a man in the middle attack.

It was a dark and stormy evening at a dork convention called DEF CON. I was standing in the hall, minding my own business. Suddenly, the lights went out. While I reoriented myself, the awful thing happened. I felt a fetid cock get shoved up my no-no hole! It caught me off guard, but the stimulation on my prostate was making my penis erect.

Then, a bright light illuminated in front of me. Off in the distance. Like a tunnel of light during a near-death experience. Something from hell began running toward me. This was four-eyed dork monster dork that was running backwards toward me like something out of a horror movie. But his head was on backwards! So I could do nothing but stare him in the eyes as he smirked gleefully at me.

You can imagine what happened next. BAM! My penis was rammed up his fetid anus. "NOOOOO!" I shouted. I remembered an SSL certificate warning when I entered the building. My oh my, how I wish I hadn't ignored it...

Captcha: decorum. What is left over after butt fucking a demon with a backwards head.

Re:Subscribe (1, Insightful)

sillybilly (668960) | about 5 months ago | (#47208105)

That's gay

Re:Nonsense (0)

Anonymous Coward | about 5 months ago | (#47206559)

This HTTPS stuff is nonsense! My Truecrypt password is 'Hunter2'. I don't need HTTPS because my password shows up as stars when I preview it.

Re:Subscribe (2)

alostpacket (1972110) | about 5 months ago | (#47207039)

But the /. moderation system is infallible

Re:7.1a for x64 linux (1)

cjb658 (1235986) | about 5 months ago | (#47207219)

I have v7.1a for Windows, downloaded 21 Oct 2013. md5 is 7a23ac83a0856c352025a6f7c9cc1526.

Re:7.1a for x64 linux (1)

WaywardGeek (1480513) | about 5 months ago | (#47207605)

Source package (not Linux) sha256sum: e6214e911d0bbededba274a2f8f8d7b3f6f6951e20f1c3a598fc7a23af81c8dc

That's what I just signed in the first ever signed git commit of the CipherShed fork of TrueCrypt [ciphershed.org] . It's been a crazy week over there!

Re:7.1a for x64 linux (1)

Runaway1956 (1322357) | about 6 months ago | (#47205849)

I would be suspicious of 7.1 just as much as 7.2. If the developers left this "message" that 7.2 might be compromised, what kind of guarantee is there that 7.1 isn't also compromised? Discussion below shows that the big difference between the two is, 7.2 won't create new encrypted volumes. The message seems to say "We've been compromised - get your stuff out of the existing volumes, because they are NOT PROTECTED!" Or, "no longer protected".

If NSA demanded keys and/or back doors, and if the NSA actually got anything for their trouble, then those keys will open backdoors into older versions as well.

Re:7.1a for x64 linux (4, Insightful)

lgw (121541) | about 6 months ago | (#47205909)

If the developers left this "message" that 7.2 might be compromised, what kind of guarantee is there that 7.1 isn't also compromised

The only kind of guarantee there is: an open, publically funded audit of the code. That's the point of this exercise, even before people realized that blindly trusting the TrueCrypt code was a mistake, and that an audit by non-government researchers was needed.

Re:7.1a for x64 linux (1)

Varka (767489) | about 5 months ago | (#47206025)

If the developers left this "message" that 7.2 might be compromised, what kind of guarantee is there that 7.1 isn't also compromised

The only kind of guarantee there is: an open, publically funded audit of the code. That's the point of this exercise, even before people realized that blindly trusting the TrueCrypt code was a mistake, and that an audit by non-government researchers was needed.

You're assuming the binary is actually compiled from the source being audited. Once the source audit is complete, AND a recompiled version FROM THAT SOURCE is available, then I might consider using TC again...

Re:7.1a for x64 linux (5, Informative)

lgw (121541) | about 5 months ago | (#47206081)

That was actually the first step of the audit - to ensure repeatable builds and ensure the source matched the object (well, the Windows version - the Linux version was built and verified by many people over the years, but the Windows build took some non-default make setting and then it matched, so confirmation of that was ~1 year ago).

Re:7.1a for x64 linux (4, Informative)

WaywardGeek (1480513) | about 5 months ago | (#47207683)

I believe I read about this guy [concordia.ca] on slashdot a year-ish ago. He verified the Windows binary comes from the official source. I replicated most of his steps, until I became a believer. It is the actual source used to compile the 7.1a binary.

Now, if you're afraid of back-doors, be afraid of what is already in the official source, all 110K+ lines of it.

Re:7.1a for x64 linux (0)

Anonymous Coward | about 5 months ago | (#47206225)

This has already been done. It was the first thing the auditors did.

Re:7.1a for x64 linux (4, Insightful)

Z00L00K (682162) | about 5 months ago | (#47206031)

It depends on the level of security you expect. To make sure that your documents don't get into the open when someone steals your laptop it may be sufficient since most thieves just don't worry about the contents and just reformats it after a cursory glance on the contents. So everything that's not obviously visible or takes more than 5 minutes to access is probably safe.

If you are targeted by the authorities I would say that no wide-spread security system is safe. The authorities are even more likely to have backdoors into bitlocker than TrueCrypt, even though I suspect that they have TrueCrypt backdoors as well.

Re:7.1a for x64 linux (0)

Anonymous Coward | about 5 months ago | (#47209375)

In my case, I used truecrypt because I had to move data between Mac, Windows, and Linux on thumbdrives.
Not life-shatteringly important data, but stuff that shouldn't be just left lying around.

Truecrypt provided adequate obfuscation of the data to prevent casual prying, while still running on all the required OSs. Without it, I'd have to use zips with passwords, which is certainly less secure and more of a pain.

Re:7.1a for x64 linux (0)

Anonymous Coward | about 5 months ago | (#47208389)

"Non-government" as far as you know.

Re:7.1a for x64 linux (5, Insightful)

Kjella (173770) | about 5 months ago | (#47207063)

First of all, they said TrueCrypt has unfixed critical bugs not that it was compromised. It wouldn't really make a lot of sense either, if it was compromised back in 2012 and you wanted to be a whistleblower why wait well over 2 years to do it? It's not like NSA or whomever would let that sort of gag order expire. And if they're under any kind of pressure now, it would be to discredit the software they made years ago that doesn't contain any backdoors. Which brings us over to the next issue, they claim there's critical bugs but they won't tell anyone where they are so others can fix them nor fix them themselves. I mean they don't just want to shut down their project, they want tarnish the name, burn it to the ground and salt the earth after them and you really have to ask: Why?

I don't think and you probably also don't think that it's because XP support has ended and we should now all go use Bitlocker, so they're lying to us now. Why are they lying to us? I don't know, either they're pressured to it or working for commercial alternatives or threw a hand grenade to start conspiracy theories and get everyone reviewing the code or just went plain nuts I don't know. But there's no reason for any agency to kill off a version that has a backdoor and if there really was a government backdoor wouldn't the best way to be a whistleblower be to point it out? Why this ominous yet vague FUD? The answer that makes the most sense is that they're lying about everything. The developers don't know of any critical issues with 7.1a, but they're being pressured to or want to kill it.

That doesn't mean TrueCrypt is bug free, of course it may have bigger and smaller issues. But I think they're lying about knowingly withholding anything, that they're not working on the code and not maintaining it isn't the same as deliberately avoiding fixing issues. If they had said nothing at all and TrueCrypt had stayed at versjon 7.1a for another few years I'd still use it and despite what looks to me like a best effort they can't go back in time and sabotage their old release. So while I wouldn't trust anything they do from now on, the older code looks good. Why else would they go through so much effort to get rid of it? Somebody badly wants TrueCrypt 7.1a to disappear and be abandoned, the question is who and why.

Re:7.1a for x64 linux (1)

Runaway1956 (1322357) | about 5 months ago | (#47208193)

My question is academic. If they got a developer into a dungeon somewhere, and applied the five dollar monkey wrench interrogation method to extract a working back door - what assurance is there that this back door doesn't work on previous versions? FUD? I thought it a reasonable question. Does an exploit in version x.xxx work on version x.xxx - 1, or x.xxx - .001, or even x.xxx - 3? In some cases, I would imagine that the exploit might work all the way back to the project's startup and milestone .01, in other cases the same exploit might not work in a very minor version update.

Re:7.1a for x64 linux (1)

sillybilly (668960) | about 5 months ago | (#47208207)

The only cryptography you can truly trust is one you invent yourself, and don't tell anyone else about it, after you've learned all the top of the line methods and technologies and tricks available in the world. But don't trust these "expert proclaimed" unsolvable problems to really be unsolvable. Somebody somewhere might be passing off to you cryptography so you hide "secrets." Best thing is not to have secrets, or even if you do, they should not be something you absolutely can't have out in the public. Like putting a lock on a bicycle, sure somebody can cut it off with, it's like there is no lock that cannot be picked or wall that cannot be destroyed, unlike in the old days, until they invented cannons, but people still practice building walls and putting up locks, So consider all security to be a mild one, like a password, it's a minor obstacle. Like it's not possible to not have your credit cards stolen. Or be victim to false witnesses. It's not possible to have computer security, because whatever you do on the chips and whatever you see on the screen, somebody could be snooping on you. You wanna practice cryptography? Go hide in a cave somewhere and draw lines in the sand with a stick, and they will still find it with sniffing dogs, and only if it makes absolute nonsense because you did not mean anything by it you were just putting down nonsense marks in the hidden cave sand on purpose, they will still decrypt it into something and jail you for it. Such is cryptography. Who you wanna trust? A computer that has a sticker that says "intel inside" or some "amd?" You can't even trust a chip you made yourself and didn't tell anybody, cuz they replaced it with a rigged identical indistinguishable copy of theirs. All you can hope for is they make mistakes, and are not thorough - and who in the world does not make mistakes - and they forgot to detect a UV pen marker line you put on it, or even a trace of blood that - in theory - can be dna decrypted to your blood, and i mean in theory. So much for cryptography and security. You have no rights. Maybe the right to think freely, but only if you don't tell anybody, or don't express it on anything, like a computer screen, voices into the air, or a piece of paper, or sand. If anything, hiding in plain sight is best. You can store information by some rules you invent, and encode things into how you place say a pillow or a sock somewhere, rules that you don't tell anybody, and sometimes, you can just fuck with the snoopers without having rules, but making it look like the disarray you throw your socks into is an expression of something, like a secret, when you were just trying to fuck with them a little and give them something to decrypt. Like a lot of google books results are "top secrect" gov't documents from like 1940's and 50's written by absolute quacks, and you can tell after 3 sentences or 3 paragraphs into it, but sometimes they are amusing to read and entertaining. Such is the top secret released to you, and you can do similar top secret releases yourself. Not to really encrypt anything and believe it's not decryptable, but just to plain fuck with people decrypting it and disrespecting your privacy.

Re: 7.1a for x64 linux (0)

Anonymous Coward | about 5 months ago | (#47209037)

The only encryption you can trust without reservation is a properly implemented one time pad system.

Re:7.1a for x64 linux (-1)

wonkey_monkey (2592601) | about 6 months ago | (#47205881)

Luckily I have a copy of 7.1a for x64 linux. Because this is a great opportunity to release a trojan horse version of Truecrypt and many people would be affected

Sorry dude. 7.1a is the Trojan Horse version.

Re:7.1a for x64 linux (4, Interesting)

lister king of smeg (2481612) | about 6 months ago | (#47205891)

Luckily I have a copy of 7.1a for x64 linux. Because this is a great opportunity to release a trojan horse version of Truecrypt and many people would be affected

I wonder was its source in any of repositories for the larger Linux distros? Perhaps Debian, Gentoo,or Arch would have a cryptographically signed copy of it if so that would be a simple matter of grabbing the source with a apt-get source command.

Re:7.1a for x64 linux (2)

Pow (107003) | about 5 months ago | (#47206645)

Gentoo doesn't keep the source in the repository, but it has the hashes.
from /usr/portage/app-crypt/truecrypt/Manifest:

DIST truecrypt-7.1a.tar.gz 1949303 SHA256 e6214e911d0bbededba274a2f8f8d7b3f6f6951e20f1c3a598fc7a23af81c8dc SHA512 b5e766023168015cb91bfd85c9e2621055dd98408215e02704775861b5070c5a 0234a00c64c1bf7faa34e6d0b51ac71cd36169dd7a6f84d7a34ad0cfa304796a WHIRLPOOL 5e7f4360746a30639aea96eaf4deac268289c111c0efa96f50487527f0406499 2c26ad4c8ae0fd565d80e77f0ce8add82b03930d877fe5adedc8a733b482fe38

(the filter did not like awful long strings of letters so I added spaces to WHIRLPOOL and SHA512 hash strings.

Re:7.1a for x64 linux (1)

WaywardGeek (1480513) | about 5 months ago | (#47207629)

DIST truecrypt-7.1a.tar.gz 1949303 SHA256 e6214e911d0bbededba274a2f8f8d7b3f6f6951e20f1c3a598fc7a23af81c8dc

Excellent. That's what I just got for the source we're using to build the CipherShed fork of TrueCrypt.

Re:7.1a for x64 linux (4, Interesting)

nmb3000 (741169) | about 5 months ago | (#47206285)

Luckily I have a copy of 7.1a for x64 linux

I noticed something the other day when looking for a copy of the install on my own system. It turns out that when you install TrueCrypt for Windows, it puts a copy of the installer in the destination directory! If you're on Windows, take a look in your %ProgramFiles%\TrueCrypt directory. You will probably find a TrueCrypt Setup.exe file (at work so not sure of the exact filename). This can be used to install/repair/reinstall TrueCrypt on any computer.

There have been some good attempts [grc.com] to create a trustworthy TrueCrypt archive, but nothing beats your original installation source, which you can use to verify against various signatures found online.

The news headline a year from now... (1)

StandardCell (589682) | about 6 months ago | (#47205617)

SHA2 Preimage Attack Discovered

Re:The news headline a year from now... (0)

Anonymous Coward | about 5 months ago | (#47206577)

Ya have to give all these money losing bitcoin engines something to do...

I wonder how much the NSA "donates" to folk that can mod source or binaries to match certain SHA checksums.

What's the difference between the US and China? (4, Funny)

bungo (50628) | about 6 months ago | (#47205621)

From my perspective, it appears that both China and the US are willing to bend to their control any IT organization that they can.

I'm happy that a verified source have been made, but sad to think that it has now come to this - the US, China, Russia, ..... so many countries that it is no longer safe to host security projects.

If only I could get a CISCO router build in China, packages in the US and sold through a reseller in Russia.... it could be marketed are the ultimate freedom router*.

(* Note: freedom is not for the end user)

Re:What's the difference between the US and China? (0)

Anonymous Coward | about 5 months ago | (#47208315)

Has there been any big security scandal involving Russia comparable to the All-Seeing Eye of the US or the Firewall of China?

Differences between 7.1a and 7.2a (1)

chrisgagne (605844) | about 6 months ago | (#47205629)

Has anyone looked at the differences between 7.1a and 7.2a? It seems unlikely that the TC authors would intentionally release 7.2a with security-compromising bugs...

Re:Differences between 7.1a and 7.2a (4, Informative)

droptone (798379) | about 6 months ago | (#47205667)

Yep [github.com] .

Re:Differences between 7.1a and 7.2a (0)

Anonymous Coward | about 6 months ago | (#47205825)

those AbortProcess("insecure_apps")...

Re:Differences between 7.1a and 7.2a (0)

Anonymous Coward | about 6 months ago | (#47205673)

The only difference as far as I've heard is that it doesn't allow encryption, only decryption.

Re:Differences between 7.1a and 7.2a (0)

Anonymous Coward | about 6 months ago | (#47205681)

7.2 was stripped of encryption functions. Even if it was without bugs, what good is it? Not to mention the weird way they walked away from their software.

Re:Differences between 7.1a and 7.2a (4, Interesting)

WaywardGeek (1480513) | about 5 months ago | (#47207853)

7.2 was stripped of encryption functions. Even if it was without bugs, what good is it? Not to mention the weird way they walked away from their software.

It really was weird. Here's my new theory:

These guys released their best version ever, 7.1a, in Febuary 2012. They had a party, said goodbye, and moved on with their lives. Everyone assumed that since it's open source, some new guys would come along to take over the project. Instead, for two years, there were no security updates, and no credible fork. TrueCrypt was languishing. One of the developers decided to force the world to take action. He pulled that amazing stunt, complete with recommending everyone use Microsoft BitLocker. Now he's kicking back with a beer and watching the world go nuts. It's like kicking an ant hill.

Did it work? You bet! A bunch of geeks like me said, "I want to help!" A couple of Swiss Pirate Party dudes said, "We'll lead the effort", and before the weekend was over, they had thousands of offers for help. True to the Pirate Party spirit, they even pirated the TrueCrypt name: truecrypt.ch. Also true to the Pirate Party spirit, they don't really know how to organize a team of geeks to work together in a common direction. So, I said "Follow me!" on the forum, and signed up geeks as fast as I could at the site that became CipherShed.org. Now they're self-organizing like some sort of slime mold, creating order out of chaos. It's really fascinating to watch! I hope the original authors are enjoying the drama :-) At this point, I think the new team is going to do amazing things.

Re:Differences between 7.1a and 7.2a (4, Interesting)

Anonymous Coward | about 6 months ago | (#47205713)

The most obvious difference is that 7.2a will only decrypt files previously encrypted with earlier versions of TrueCrypt. 7.2a is crippled in that it cannot create new encrypted folders, files or whole disks. It was apparently engineered to be broken and serve only as a tool to recover previously encrypted volumes.

So, about those changes... (0)

Anonymous Coward | about 6 months ago | (#47205641)

Will they also see if weird backdoors or other things were added in that last version before they all quit?

Re:So, about those changes... (1)

StandardCell (589682) | about 6 months ago | (#47205763)

That was part of my little joke [slashdot.org] but of course that's all cynicism on my part at this point.

The only truly reliable idiot-proof encryption method is a one-time pad where you commit the key to memory or parts of it among more than one person. Not that practical compared to a mountable volume or full-disk encryption like the old TrueCrypt, but everything has a price.

Even Better (0)

Anonymous Coward | about 6 months ago | (#47205647)

Some of us probably have the 7.1a install file from when we updated. Doesn't get much more secure than that. I can't wait to get home and compare this "verified" repository with mine.

Truecrypt authors-WARNING: TrueCrypt is not secure (3, Insightful)

raymorris (2726007) | about 6 months ago | (#47205861)

> Doesn't get much more secure than that.

The authors of Truecrypt said "WARNING: TrueCrypt is not secure".

I learned a long time ago that if you go on a date with a woman and she says "I'm crazy", BELIEVE HER. She IS crazy. Even if she's hot, she's probably telling the truth when she says she's crazy. I think the same principle may apply here. If the Truecrypt project page says "Truecrypt is not secure", believe them - it probably is not secure.

Other options seem to be more secure. Personally, I use dm-crypt (cryptsetup) with 256 bit ESSIV AES CBC, plus a little magic I've thrown in.

Cross-platform (3, Interesting)

tepples (727027) | about 6 months ago | (#47205911)

Personally, I use dm-crypt (cryptsetup) with 256 bit ESSIV AES CBC, plus a little magic I've thrown in.

Might this magic happen to let you write files to an encrypted volume on one operating system and read it on another?

Re:Cross-platform (0)

Anonymous Coward | about 5 months ago | (#47206217)

I have some magic for that, called "NFS." An arcane conjuring named "Samba" is there too, though more as a test, and something call netatalk is supposedly in some grimoires too. Weirdly, I found that the read-but-not-write case turned out to be so frequent, that some cantrips named MediaTomb and even Apache(!!) often turned out to be some often-used simplest solutions.

Yes, I realize this totally dodges/undermines your intent. And yet, I bet it's potentially one of the best answers out there, for many people (but I admit, not everyone). Once you buy that second computer, you're headed this way. And so many people are into virtualization these days, that sometimes the second computer is inside the first.

With most NAS drives, yeah (1)

raymorris (2726007) | about 5 months ago | (#47206315)

Many consumer grade (and most enterprise grade) NAS devices run Linux or BSD. They are usable from a home desktop OS such as Windows, so yes, even Windows can write files to properly encrypted storage.

Smartphone app to replace flash drive (1)

tepples (727027) | about 5 months ago | (#47206453)

But to make it competitive with a TrueCrypt volume on a USB flash drive, you'd have to shrink the NAS down to pocket size and get it onto the WLAN somehow. Is there a smartphone app for that yet?

Gumstix (2)

raymorris (2726007) | about 5 months ago | (#47206841)

> volume on a USB flash drive, you'd have to shrink the NAS down to pocket size

See Gumstix and many similar options.

Re:Smartphone app to replace flash drive (0)

Anonymous Coward | about 5 months ago | (#47206965)

Just buy a WLAN router for $15 and flash openwrt.

Re:Cross-platform (0)

Anonymous Coward | about 5 months ago | (#47206331)

My guess would be TRESOR. It's pretty much the only reason you'd be using CBC instead of XTS.

Re:Cross-platform (1)

David Jao (2759) | about 5 months ago | (#47206631)

If you're seriously interested in disk encryption, it's pretty clear that there is no viable platform other than Linux, and maybe BSD. Any other platform will be riddled with NSA backdoors, and you'll have no way to check. So I don't understand why cross-platform compatibility is even desirable, much less necessary.

Re:Cross-platform (1)

mirix (1649853) | about 5 months ago | (#47207129)

Pfft, there is only one operating system. ;-)

I am a big fan of dm-crypt.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (5, Funny)

cyn1c77 (928549) | about 6 months ago | (#47205915)

I learned a long time ago that if you go on a date with a woman and she says "I'm crazy", BELIEVE HER. She IS crazy. Even if she's hot, she's probably telling the truth when she says she's crazy. I think the same principle may apply here.

Suddenly I am less interested in my privacy and more interested in your anecdotal story!

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

Jawnn (445279) | about 5 months ago | (#47206065)

I learned a long time ago that if you go on a date with a woman and she says "I'm crazy", BELIEVE HER. She IS crazy. Even if she's hot...

You say that as if it were a bad thing...

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (4, Insightful)

rogoshen1 (2922505) | about 5 months ago | (#47206413)

i think you're confusing 'spontaneous' (which is fun) with 'crazy' which is bunny-burning, jealous lunacy.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (0)

Anonymous Coward | about 5 months ago | (#47207971)

i think you're confusing 'spontaneous' (which is fun) with 'crazy' which is bunny-burning, jealous lunacy.

QFT. Personally, I can add an example of "crazy" which included her living in a fantasy construct, pathologically lying, stealing thousands of dollars from me, faking a pregnancy and abortion (to get more cash from me), eventually getting institutionalized briefly after we broke up, and drunk texting me annually on her mother's death anniversary with passive-aggressive suicide notes (don't respond to those). I eventually changed my phone number I had for 10 years in order to escape.

Listen to the man. Don't stick your dick in crazy.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (0)

Anonymous Coward | about 5 months ago | (#47209579)

That's something special. I was only one step down from you. She was living in a fantasy construct, pathologically lying, but she didn't steal thousands, only hundreds, no faked pregnancy, but she did, either fake or real, try to kill herself and she took a big chunk of skin from my back. Although she was never institutionalized (she's too smart for that) she did lose her kids (yes, she has kids...) and I haven't heard from her since I left.

I completely agree with you on the don't stick your dick in crazy. Bad results tend to happen.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (0)

Anonymous Coward | about 5 months ago | (#47209631)

Wow. How did she end up getting a chunk of your skin, and for what reason?

I didn't mention that she ended up losing her first kid, probably as a result of her institutionalization. She compensated by having three more, with at least two other guys. So, four kids by at least three males.

I was seriously mindfucked by the fake pregnancy thing. I avoided pursuing romantic relationships for three years after this crazy bitch.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (0)

Anonymous Coward | about 5 months ago | (#47209627)

It's a bad thing.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

Z00L00K (682162) | about 5 months ago | (#47206079)

Have you ever seen any computer system that is completely secure? There's always a hole or backdoor in it, and I'm just waiting for a major one to show up in bitlocker.

How can we trust them to say it's not secure if we can't know in what way it isn't secure?

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

Mistakill (965922) | about 5 months ago | (#47206087)

The current train of thought, which may never be verified, is that the authors got a National Security Letter from the NSA (like Lavabit)... If so, pointing people away from it to something like BitLocker may be a way for the NSA to gain easier access to encrypted data

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (2)

davydagger (2566757) | about 5 months ago | (#47206399)

>256 bit ESSIV AES CBC

cool story bro, CBC is broken. Truecrypt uses XTS, and TLS added GCM.

Truecrypt also includes the options for serpent and twofish, both AES finalists with higher margins of absolute security than rinjidael.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

Anonymous Coward | about 5 months ago | (#47206533)

Not him, but as I said above on another reply, TRESOR uses CBC. I don't know about CBC being *broken* (citation, please? I'm not an expert), but I would imagine that protection from cold boot attacks is worth the tradeoff.

https://en.wikipedia.org/wiki/TRESOR [wikipedia.org]

TRESOR (recursive acronym for "TRESOR Runs Encryption Securely Outside RAM") is a Linux kernel patch which provides CPU-only based encryption to defend against cold boot attacks on computer systems by performing encryption outside usual random-access memory (RAM).

EDIT: holy crap, captcha is "decrypt"

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

swillden (191260) | about 5 months ago | (#47206575)

cool story bro, CBC is broken. Truecrypt uses XTS, and TLS added GCM.

CBC is not broken. It doesn't provide the authentication properties an AEAD mode like GCM does, and it's more subject to ciphertext tampering attacks than XTS, but it's a perfectly good mode when applied with understanding of its strengths and weaknesses -- which is also true of GCM (which is terribly insecure if tags are truncated too much; far worse than CBC) and XTS (which isn't authenticated and therefore still subject to ciphertext tampering). And if you want CBC to have authentication and tamper-resistance, they can easily be added by HMACing the ciphertext.

You thinking of SSL? CBC is as "broken" as XTS is (1)

raymorris (2726007) | about 5 months ago | (#47206827)

Are you thinking of SSL (not TLS) and how it used a predictable IV in CBC mode? That's an SSL issue, not a CBC issue.

CBC is "broken" to the extent that it isn't tamper-evident, so if a bad guy has write access to your encrypted storage you might not know it (unless you hash the file, just like any other storage). XTS is the same!

 

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (1)

weedenbc (719416) | about 5 months ago | (#47206671)

They said it was not secure because it "may contain unfixed security issues". That statement was 100% true for every earlier version of TrueCrypt and every single piece of software ever created. Including dm-crypt, your recommendation.

Re:Truecrypt authors-WARNING: TrueCrypt is not sec (0)

Anonymous Coward | about 5 months ago | (#47206767)

Therefore, according to Grice's maxims, they must have had something else to say.

Match (5, Informative)

Anonymous Coward | about 6 months ago | (#47205769)

Only anecdotal, but I have a copy of "TrueCrypt Setup 7.1a.exe" that I downloaded from truecrypt.org on May 25, 2012, with a SHA-1 sum of 7689d038c76bd1df695d295c026961e50e4a62ea, which matches the same file in this repository.

Re:Match (0)

Anonymous Coward | about 6 months ago | (#47205857)

Good to know. What's the SHA-256?

Re:Match (0)

Anonymous Coward | about 5 months ago | (#47205989)

SHA-256 of "TrueCrypt Setup 7.1a.exe" is

where hexstring = 'e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2' is the string substituted by the compromised backbone routers to match the untrojanized "TrueCrypt Setup 7.1a.exe" file.

Re:Match (0)

Anonymous Coward | about 5 months ago | (#47206117)

Ah yes, but is the AC working for the NSA? Or am I?

Re:Match (1)

RoknrolZombie (2504888) | about 5 months ago | (#47206661)

Whether you know it or not, the answer is "yes"

My SHA-256 (1)

Futurepower(R) (558542) | about 5 months ago | (#47206489)

SHA-256:
e95eca399dfe95500c4de569efc4cc77b75e2b66a864d467df37733ec06a0ff2
TrueCrypt Setup 7.1a.exe
Downloaded 02/10/2012 04:19 AM.

Same answer from the CNet.com, FileHippo, and Steve Gibson versions. MD5's also match. Using sha256deep64.exe and md5deep64.exe.

Matches mine, but I also have 64-bit Linux & M (3, Informative)

antdude (79039) | about 5 months ago | (#47206473)

Here's mine:

2667681 Apr 9 2013 truecrypt-7.1a-linux-x64.tar.gz
9526318 Jan 20 2013 TrueCrypt 7.1a Mac OS X.dmg
3466248 Jan 20 2013 TrueCrypt Setup 7.1a.exe

$ sha1sum *
086cf24fad36c2c99a6ac32774833c74091acc4d truecrypt-7.1a-linux-x64.tar.gz
16e6d7675d63fba9bb75a9983397e3fb610459a1 TrueCrypt 7.1a Mac OS X.dmg
7689d038c76bd1df695d295c026961e50e4a62ea TrueCrypt Setup 7.1a.exe

TrueCripled to be released late 2014 (1)

BoRegardless (721219) | about 6 months ago | (#47205883)

But this time it will be compromised and costly commercial SW.

Re:TrueCripled to be released late 2014 (1)

DiamondGeezer (872237) | about 6 months ago | (#47205919)

How will we tell?

Huh? So what? (0)

Anonymous Coward | about 6 months ago | (#47205901)

So the 7.1a code is verified as the same as that which was distributed as 7.1a. Great. But does 7.1 a have vulnerabilities, a backdoor, bugs?

Re:Huh? So what? (1)

ledow (319597) | about 5 months ago | (#47206623)

That's what the audit mentioned in the summary - and several dozen previous articles - will show (and has already intimated, in brief, that there's nothing obviously wrong with it but it can take years of analysis to have confidence that something this large is clean).

Keep up.

Should I put it on eBay? (0)

Anonymous Coward | about 5 months ago | (#47205973)

I have a legit copy of TrueCrypt 7.0.0.0 on an old Windows XP machine. The digital signature timestamp is July 18, 2010 @ 1:23:31 PM

Sublime irony (1)

pla (258480) | about 5 months ago | (#47206167)

I find it truly delightful that the NSA has accidentally accomplished one small aspect of their cover-story mission through their bad PR of late...

By making us paranoid of the documented snooping of our own government, the NSA has managed to do what the likes of Bruce Stirling and Phil Zimmerman failed to accomplish for decades - Get us to finally start encrypting everything possible, from end-to-end. This code audit of TrueCrypt counts as only one tiny part of that whole, but attitudes have changed for the better!

Re:Sublime irony (1)

BoRegardless (721219) | about 5 months ago | (#47206321)

Did TrueCrypt go down because the NSA pulled their programmers off the team?

Re:Sublime irony (1)

rwa2 (4391) | about 5 months ago | (#47207669)

I don't know why I don't see more of this... is it not obvious that TrueCrypt is most likely made by whitehats at the NSA? And that the blackhats at the NSA probably finally strongarmed them into abandoning their hobby project?

This seems consistent with the TrueCrypt End-of-Life announcement.

Re:Sublime irony (0)

Anonymous Coward | about 5 months ago | (#47206439)

Safest protection against NSA:
Roll your own crypto. A person skilled in cryptography might not have any problem breaking trough it but you aren't going to automate decryption of a couple of million different retarded encryption methods.

Re:Sublime irony (2)

ledow (319597) | about 5 months ago | (#47206591)

You obviously know nothing about cryptography, nor the methods used to break them.

Rolling your own crypto is the WORST thing you can do. And automated analysis of "encryptions" like that are not only more feasible than breaking AES, but they stick out like a sore thumb when you do any analysis... that's the point - encryption is hard, and one of the hardest bits of encryption is stopping ANY sign or pattern of the original data showing through.

Even cryptographers wouldn't try this. Use something that's been attacked for 20 years or not at all.

However, personally, I'm more suspicious of exactly why EC cryptography started being pushed JUST BEFORE this whole NSA thing and is still seen as the only solution for it (especially regarding perfect-forward secrecy, whose only non-EC methods are incredibly computationally expensive and thus not being deployed).

To a suspicious mind, it looks like when you think the trick is happening, it's already been done.

Re:Sublime irony (1)

Electricity Likes Me (1098643) | about 5 months ago | (#47207093)

Uh, because RSA was falling at a rather predictable if accelerating pace, and it was obvious "just use longer keys" wasn't really going to scale?

This wasn't a surprise. RSA is computationally expensive for the level of security provided, and the computing power to break shorter keys was becoming more and more available.

Re:Sublime irony (0)

Anonymous Coward | about 5 months ago | (#47207171)

He's observing that the strength of the cryptography is a good defense against cryptographers, and that the obscurity of the cryptography is a good defense against automated mass-surveillance dragnet decryption attempts. It's an economics based defense in the same way that appealing traffic tickets clogs up the court system even though your adversary has you outgunned. If you clog the cooling system with jellyfish: you can suffocate a nuclear power plant.

http://en.wikipedia.org/wiki/Millennium_Challenge_2002

Re:Sublime irony (0)

Anonymous Coward | about 5 months ago | (#47209507)

You obviously are wrong.

Everything we may use is already compromised.

I'd rather that they are forced to bring a human into the game to get me.

Instead of some pre built scanner that collects encrypted snippits from the web and breaks them using some method or backdoor not yet known(or known but not public).

When we were crawling around on the floor, they already knew about differential cryptanalysis. Only later did we "discover" it and realize it was possible.

So I'll assume the public methods are all broken in some way that they keep very secret at the NSA.

It's harder to build a computer that solves random unknown crypto, than to pay a dude to manually analyse my home brew crypto. The requirement that a real human spend time on it is the saving grace that prevents drag-net surveillance.

I don't mind targeted lookups. That's warrant territory. I fear dragnet scanning which surely is on some list of operational requirements on some NSA whiteboard.

Put it this way, if I worked there I'd immediately want to break all publicly known crypto that is in popular use. Then I'd keep quite about it and scan.

Next up I'd say that I want backdoors to all major operating systems. Those would be developed or inserted depending on where the software is made. We'd craft backdoors for open source stuff, and forcefully insert backdoors into paid software under court orders for US business.

Next up I'd say that I want secret 3G/4G reception inside of the CPU, so I could use a transmitter to basically access the CPU from miles away. I'd use that to bypass memory barriers imposed by the OS and simply read your passwords out of RAM whenever you load your encryption program like PGP. I'd just have the CPU microcode have a detection routine which fingerprints programs. As they update PGP I just keep re-flashing the fingerprints across 3G/4G cellular service right into your CPU.

The CPU would then just sit quiet and capture passwords in memory storing them in some internal persistent area (probably next to microcode). It would be undetectable unless I have agents send out the 3G/4G signal which wakes up your chip and has it send me your passwords.

I wouldn't need to bust your network. I wouldn't need your computer to BE on a network (most secure stuff is airgapped anyways). I wouldn't need to bust your Operating system. I only need your computer to be within range of a cellular tower. Then I have ways to see heuristically what programs you run, what usernames are in memory, what passwords are entered in to apps I fingerprint, or hell just intercept the keyboard keys to a buffer when unknown program signatures are running.

That would almost guarantee that I'd breach you. So I'm just a 26 yr old punk software developer. I'd assume anyone truly running the NSA would be *smarter* and already have done the things I'd do.

For reference intel added 3G capability to SandyBridge under the guise of somehow disabling the CPU if stolen..... (because we all call the cops and have them force Intel to disable stolen computers). I think it was fishy and an implementation of the CPU hack I mentioned. It's just so smart and easy. It's how I'd do it.

Re:Sublime irony (0)

Anonymous Coward | about 5 months ago | (#47209385)

This.

Security through obscurity actually does work, when all the methods publicly known are pre-broken in a cookie-cutter fashion.

You can only publicly show your security when those methods are impervious to attack. Today I don't know if such encryption exists beyond the One Time Pad.

Thus it's not *safe* to use any pre-existing crypto. I'm told I cannot beat the Ph-D's who designed the algorithm, but no one mentions how the NSA pays *their* PH-D's to pre-break all the publicly existing methods.

Thus by using a public method, I already can be compromised in a sweeping drag-net fashion by essentially automated tools.

But if I roll my own, a human has to look at it. A human has to break it. I have to be a worthwhile target to even get this Human's attention.

Thus security through obscurity is really all we have in the age of automated pre-baked attacks and backdoors.

Thank you for confirming that at least some people are now thinking this way too.

Should I put it out for bid on eBay? (1)

csdarknightcs (3480827) | about 5 months ago | (#47206223)

I have TrueCrypt 7.0.0.0 timestamped July 19, 2010 at 1:23:31PM

suckers (1)

Anonymous Coward | about 5 months ago | (#47206299)

thankfully I use windows and bitlocker and don't have to worry about any of this.

The OCAP Team (1)

kat_skan (5219) | about 5 months ago | (#47206445)

So who exactly is "the OCAP team?" I admit not following crypto research very closely so the only name I recognize on their site [opencryptoaudit.org] is Bruce Schneier, and though there's a few comments mentioning them on his blog he hasn't as far as I can tell said anything about being involved.

for what it's worth (0)

Anonymous Coward | about 5 months ago | (#47206465)

This is what I get...
truecrypt-7.1a-linux-x64.tar.gz

MD5: bb355096348383987447151eecd6dc0e
SHA1: 086cf24fad36c2c99a6ac32774833c74091acc4d

Who audits... (1)

Rinikusu (28164) | about 5 months ago | (#47206503)

the auditors?
.
.
.
.
.

Re:Who audits... (1)

amigabill (146897) | about 5 months ago | (#47208329)

I'm sure that the NSA would be happy to appoint someone to check the work of the NSA appointed auditors doing the current investigation. :)

I have 7.0a (0)

Anonymous Coward | about 5 months ago | (#47206517)

which should do me just fine until the dust clears and someone produces a verified-safe version (if that's at all possible in this situation).

And was promptly backdoored (1)

Gothmolly (148874) | about 5 months ago | (#47208221)

SUUURE, this new verified installer is legit.
Love, the NSA (who wrote the thing in the first place) ..tries to download it...
"Using GitHub on Windows has never been this easy."

Sad Internet user has a sad.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?