TrueCrypt Website Says To Switch To BitLocker 566
Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.
Re:I wonder... (Score:4, Informative)
But TrueCrypt doesn't have master keys as I understand it. It's not like Dropbox. There's nothing an NSL (plague be upon whoever got the idea to legalize that) could discover that would do NSA/DHS/USA any good.
Re:What! (Score:4, Informative)
Yeah.. the TC site gives you a step-by-step on how to upgrade your Windows edition, but they don't seem inclined to hand over the money it costs. Not that they're under any obligation to - it's not as if they were under any obligation to develop TC in the first place, either - but as a guide its usefulness is severely limited.
Win8 at least has BL in the Pro edition (having reduced the range of SKUs considerably from Win7) but... yeah. Vista doesn't even (officially) support BL on removable media at all, in addition to (like Win7) only offering it on Enterprise and Ultimate SKUs.
Re:Fishy (Score:5, Informative)
Except most Windows 7 editions doesn't support Bitlocker - only Enterprise and Ultimate. [microsoft.com]
Foul Play (Score:5, Informative)
Re:I'll ask... (Score:2, Informative)
From my Software folder. I don't have the keys to help you verify them, but feel free to Virus Total or them or something if you're totally paranoid.
7.1: http://www.sendspace.com/file/rjeukf
7.1a: http://www.sendspace.com/file/ihsea5
Yawn... (Score:5, Informative)
Until such time as the iSEC audits turn up an actual problem, I'll keep using 7.1a as usual.
Re:my 2p conspiracy theory (Score:5, Informative)
They REUPLOADED a new key file, that contains the SAME key they used before.
The new files were signed with that key (the new and old key are the SAME, but they wiped everything and reuploaded new key files, then the TC 7.2)
Linux section odd (Score:5, Informative)
Crypsetup-LUKS is the obvious recommendation; you can even mount Truecrypt volumes in recent versions. Or copy data over to a loop-AES encrypted volume but that requires patching the kernel.
Re:Fishy (Score:4, Informative)
It's only forkable if you keep the new fork under the TrueCrypt License
You must not change the license terms of This Product in
any way (adding any new terms is considered changing the
license terms even if the original terms are retained),
which means, e.g., that no part of This Product may be put
under another license. You must keep intact all the legal
notices contained in the source code files. You must include
the following items with every copy of Your Product that You
make and distribute: a clear and conspicuous notice stating
that Your Product or portion(s) thereof is/are governed by
this version of the TrueCrypt License, a verbatim copy of
this version of the TrueCrypt License (as contained herein),
a clear and conspicuous notice containing information about
where the included copy of the License can be found, and an
appropriate copyright notice.
The reason is... (Score:5, Informative)
Re:Fishy (Score:5, Informative)
Point is, with NSLs you can't trust anything they say.