Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Data Storage Encryption IT

Despite Project's Demise, Amazon Web Services Continues To Use TrueCrypt 75

Posted by timothy
from the turning-a-ship-takes-a-while dept.
An anonymous reader writes with an article at InfoWorld that points out that TrueCrypt may have melted down as a project, but hasn't disappeared altogether: Importing and exporting data from Amazon Simple Storage Service still requires TrueCrypt, two weeks after the encryption software was discontinued ... Amazon.com did not immediately respond to an inquiry seeking information on whether it plans to support other data encryption technologies for the AWS import/export feature aside from TrueCrypt in the future. Infrastructure can be complex to upgrade; how long is reasonable?
This discussion has been archived. No new comments can be posted.

Despite Project's Demise, Amazon Web Services Continues To Use TrueCrypt

Comments Filter:
  • If it ain't broke? (Score:5, Insightful)

    by Anonymous Coward on Saturday June 14, 2014 @04:21PM (#47237677)

    Why not use it until you HAVE to find an alternative. I mean the audit of 7.1a is not even done yet.

    software != fruit

  • by Anonymous Coward on Saturday June 14, 2014 @04:26PM (#47237707)

    Truecrypt code remains available and currently available 7.1a online exactly matches ones I downloaded over past 2-3 years now and then. It is still good (tho the "7.2" version that was recently put out is crippled and should be ignored.)
    It can be obtained at https://www.grc.com/misc/truecrypt/truecrypt.htm
    and matches exactly the ones downloaded over time.

    The code is being formally reviewed (still) and is likely to be picked up by others. Unfortunately one does not make money
    sellig cryptodisk software (I tried when I published some back in 1979) but the capability is nevertheless useful,
    and using code for which sources are published is far safer than some commercial product, which could be
    surreptitiously broken and back-doored at commands of spy agencies whether the authors like it or not. With closed
    source programs you are stuck. Also one can use truecrypt on windows or linux; the replacement the authors seem
    to steer for is windows only.

  • Re:AWS Email (Score:4, Insightful)

    by jcochran (309950) on Saturday June 14, 2014 @04:43PM (#47237773)

    Gee. Send the data in the clear along with an encryption key so it's stored at the remote site in an encrypted form. There's no way that a NLS will allow for the interception and disclosure of the key is there?

    Frankly, that "solution" is a rather poor one at best and far too likely to give the customer a sense of security while in reality their data is totally accessible.

  • by Sir_Sri (199544) on Saturday June 14, 2014 @06:23PM (#47238119)

    Because there are probably known vulnerabilities actively being exploited by government agencies that they were told not to fix.

    Of course if you're using AWS you're almost certainly subject to NSA surveillance anyway, so... it's not any better or worse than them spying on it through other channels.

    Still, considering the situation with truecrypt was announced with 0 warning and no trivial alternatives to migrate infrastructure to I would think people are more or less stuck with it for a few months.

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...