TrueCrypt development ends suddenly with strange announcement; all functional versions withdrawn; "United States" highlighted in source diffs.

a thoughtful web.

Good ideas and conversation. No ads, no tracking. Login or Take a Tour!

TrueCrypt development ends suddenly with strange announcement; all functional versions withdrawn; "United States" highlighted in source diffs. · 3

rrrrr · 3904 days ago

sourceforge.net · #netsec · #netsec.rrrrr · #cryptography

No-one knows what this means, but there is plenty of speculation that the NSA or some other agency might have put the developers under pressure. Is TrueCrypt the new Lavabit?

Discussions on reddit:

http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/

http://www.reddit.com/r/linux/comments/26qe9f/truecrypt_is_not_secure_official_sourceforge_page/

Discussions on Hacker News:

https://news.ycombinator.com/item?id=7812133

https://news.ycombinator.com/item?id=7814725

tweet · print · htmlmarkup tips · 0

user-inactivated · 3904 days ago · link ·

Reddit points out that the United States diff could be explained by updating their Visual Studio version. Still, this is definitely very strange. I read through all the HN comments and multiple theories make sense to me. Maybe there will be more information at some point soon.

+discuss+discuss

mk · 3904 days ago · link ·

IMO there are three basic tiers of threats that should inform your security choices.

I. Untargeted attacks: A common thief steals your device, or an untrustworthy acquaintance is snooping. Passwords should be enough most of the time.

II. Targeted attacks: Someone with expertise and tools is trying to get at your stuff. Current and top tier encryption software should be effective most of the time.

III. Security agencies: You are fucked. The best you can do is be as paranoid as you can, and then act twice as much so. Everything you type is logged. Everything you save is copied. Unless you can be certain that you aren't being watched, you are.

Guarding against a level II threat will almost surely protect you against a level I threat, and guarding against a level III threat will almost surely protect you against a level II threat. However, there is no level IV. In the case of a level III threat, it's just a matter of time.

+discuss+discuss

–

insomniasexx · 3904 days ago · link ·

There are also a few types targeted attacks.

1. I try to hack my boyfriends facebook using security questions that I know the answers to because I have a personal relationship with him.

2. I try to hack your/everyone's facebook using the released list of emails/password from the Adobe leak.

3. I use social engineering / piecing together of personal information via Google in order to get into your facebook even though I don't know you personally.