Forgot your password?
typodupeerror
Encryption Security

TrueCrypt Website Says To Switch To BitLocker 566

Posted by Soulskill
from the so-long-and-thanks-for-all-the-Jkkms0EuPPlvOmW7Mk5x2A== dept.
Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.
This discussion has been archived. No new comments can be posted.

TrueCrypt Website Says To Switch To BitLocker

Comments Filter:
  • Re:I wonder... (Score:4, Informative)

    by CelticWhisper (601755) <celticwhisper&gmail,com> on Wednesday May 28, 2014 @05:45PM (#47113567)

    But TrueCrypt doesn't have master keys as I understand it. It's not like Dropbox. There's nothing an NSL (plague be upon whoever got the idea to legalize that) could discover that would do NSA/DHS/USA any good.

  • Re:What! (Score:4, Informative)

    by cbhacking (979169) <been_out_cruising-slashdot&yahoo,com> on Wednesday May 28, 2014 @05:56PM (#47113687) Homepage Journal

    Yeah.. the TC site gives you a step-by-step on how to upgrade your Windows edition, but they don't seem inclined to hand over the money it costs. Not that they're under any obligation to - it's not as if they were under any obligation to develop TC in the first place, either - but as a guide its usefulness is severely limited.

    Win8 at least has BL in the Pro edition (having reduced the range of SKUs considerably from Win7) but... yeah. Vista doesn't even (officially) support BL on removable media at all, in addition to (like Win7) only offering it on Enterprise and Ultimate SKUs.

  • Re:Fishy (Score:5, Informative)

    by gbjbaanb (229885) on Wednesday May 28, 2014 @06:06PM (#47113819)

    Except most Windows 7 editions doesn't support Bitlocker - only Enterprise and Ultimate. [microsoft.com]

  • Foul Play (Score:5, Informative)

    by rock56501 (1301287) on Wednesday May 28, 2014 @06:15PM (#47113911)
    The Register [theregister.co.uk] [theregister.co.uk] suggests that the version 7.2 binary has in fact been compromised and is suggesting not to touch that binary.
  • Re:I'll ask... (Score:2, Informative)

    by Anonymous Coward on Wednesday May 28, 2014 @06:30PM (#47114091)

    From my Software folder. I don't have the keys to help you verify them, but feel free to Virus Total or them or something if you're totally paranoid.

    7.1: http://www.sendspace.com/file/rjeukf
    7.1a: http://www.sendspace.com/file/ihsea5

  • Yawn... (Score:5, Informative)

    by davmoo (63521) on Wednesday May 28, 2014 @06:42PM (#47114217)

    Until such time as the iSEC audits turn up an actual problem, I'll keep using 7.1a as usual.

  • by Anonymous Coward on Wednesday May 28, 2014 @06:59PM (#47114419)

    They REUPLOADED a new key file, that contains the SAME key they used before.
    The new files were signed with that key (the new and old key are the SAME, but they wiped everything and reuploaded new key files, then the TC 7.2)

  • Linux section odd (Score:5, Informative)

    by Anonymous Coward on Wednesday May 28, 2014 @07:16PM (#47114681)

    Crypsetup-LUKS is the obvious recommendation; you can even mount Truecrypt volumes in recent versions. Or copy data over to a loop-AES encrypted volume but that requires patching the kernel.

  • Re:Fishy (Score:4, Informative)

    by viperidaenz (2515578) on Wednesday May 28, 2014 @07:57PM (#47115041)

    It's only forkable if you keep the new fork under the TrueCrypt License

    You must not change the license terms of This Product in
            any way (adding any new terms is considered changing the
            license terms even if the original terms are retained),
            which means, e.g., that no part of This Product may be put
            under another license
    . You must keep intact all the legal
            notices contained in the source code files. You must include
            the following items with every copy of Your Product that You
            make and distribute: a clear and conspicuous notice stating
            that Your Product or portion(s) thereof is/are governed by
            this version of the TrueCrypt License, a verbatim copy of
            this version of the TrueCrypt License (as contained herein),
            a clear and conspicuous notice containing information about
            where the included copy of the License can be found, and an
            appropriate copyright notice.

  • The reason is... (Score:5, Informative)

    by myforwik (1465003) on Wednesday May 28, 2014 @09:33PM (#47115785)
    They probably just decided to end the project. My experience is that it has been slowly dieing for a long time. I have been heavily involved with truecrpyt and its source code for many years. I make programs to custom edit the boot screen and otherwise customise TC's appearance. My programs are not forks, rather they edit the actual binary code installed, so that users can easily use it on existing installations. What you have to understand is that truecrypt has added very little functionality for a very long time. In particular they seem to have lost the key developers who did the code in the boot sectors. For those who don't know, along time ago the program was to big to fit into the boot sectors, and a special deflate algorithm was added to decompression the boot sector code. My code to unzip the boot program and edit its string display strings is still the same code from tc 5.0, and it still works on the latest edition. The guys who code this section appear to be long gone from the project, hence absolutely nothing done over UEFI. The changes that have occured look questionable, in that the people making them seem to have very limited assembly understanding and were hacking on bits instead of properly modifing the programs flow. Secondly getting TC to work with operating systems is extremely complicated, especially for windows. It was micorosoft who eventually released the API's that were used to make truecrypt properly handle sleep/hibernate. These API's are not forthcoming to Win8 or beyond, and in all honesty - windows is the only market that matters. I am going to guess that one of the last known developers knows there is a bug that they can not longer believe they have the experience or skill to fix properly, and hence has decided to shut it down.
  • Re:Fishy (Score:5, Informative)

    by epyT-R (613989) on Wednesday May 28, 2014 @11:41PM (#47116473)

    Point is, with NSLs you can't trust anything they say.

TRANSACTION CANCELLED - FARECARD RETURNED

Working...