Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Data Storage Encryption IT

Despite Project's Demise, Amazon Web Services Continues To Use TrueCrypt 75

Posted by timothy from the turning-a-ship-takes-a-while dept.
An anonymous reader writes with an article at InfoWorld that points out that TrueCrypt may have melted down as a project, but hasn't disappeared altogether: Importing and exporting data from Amazon Simple Storage Service still requires TrueCrypt, two weeks after the encryption software was discontinued ... Amazon.com did not immediately respond to an inquiry seeking information on whether it plans to support other data encryption technologies for the AWS import/export feature aside from TrueCrypt in the future. Infrastructure can be complex to upgrade; how long is reasonable?
This discussion has been archived. No new comments can be posted.

Despite Project's Demise, Amazon Web Services Continues To Use TrueCrypt More

Despite Project's Demise, Amazon Web Services Continues To Use TrueCrypt

Comments Filter:

  • If it ain't broke? (Score:5, Insightful)

    by Anonymous Coward on Saturday June 14, 2014 @04:21PM (#47237677)

    Why not use it until you HAVE to find an alternative. I mean the audit of 7.1a is not even done yet.

    software != fruit

  • Why should one move from truecrypt 7.1a? (Score:2, Insightful)

    by Anonymous Coward on Saturday June 14, 2014 @04:26PM (#47237707)

    Truecrypt code remains available and currently available 7.1a online exactly matches ones I downloaded over past 2-3 years now and then. It is still good (tho the "7.2" version that was recently put out is crippled and should be ignored.)
    It can be obtained at https://www.grc.com/misc/truecrypt/truecrypt.htm
    and matches exactly the ones downloaded over time.

    The code is being formally reviewed (still) and is likely to be picked up by others. Unfortunately one does not make money
    sellig cryptodisk software (I tried when I published some back in 1979) but the capability is nevertheless useful,
    and using code for which sources are published is far safer than some commercial product, which could be
    surreptitiously broken and back-doored at commands of spy agencies whether the authors like it or not. With closed
    source programs you are stuck. Also one can use truecrypt on windows or linux; the replacement the authors seem
    to steer for is windows only.

  • Re:AWS Email (Score:4, Insightful)

    by jcochran ( 309950 ) on Saturday June 14, 2014 @04:43PM (#47237773)

    Gee. Send the data in the clear along with an encryption key so it's stored at the remote site in an encrypted form. There's no way that a NLS will allow for the interception and disclosure of the key is there?

    Frankly, that "solution" is a rather poor one at best and far too likely to give the customer a sense of security while in reality their data is totally accessible.

  • Re:And the problem is? (Score:2, Insightful)

    by Sir_Sri ( 199544 ) on Saturday June 14, 2014 @06:23PM (#47238119)

    Because there are probably known vulnerabilities actively being exploited by government agencies that they were told not to fix.

    Of course if you're using AWS you're almost certainly subject to NSA surveillance anyway, so... it's not any better or worse than them spying on it through other channels.

    Still, considering the situation with truecrypt was announced with 0 warning and no trivial alternatives to migrate infrastructure to I would think people are more or less stuck with it for a few months.

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Close