So what was the point of raising money to audit TrueCrypt
if they knew they would shut it down once XP was EOL?
In fact why didn't they announce this earlier?
But without a similar audit on the alternatives proving their security, surely the most responsible action would be just to explain there is a problem and stop there.
Certainly, it just makes it less suspect that it’s on SourceForge at all. (Unless SourceForge lets you rename projects? Then it could be an old placeholder project that’s been renamed to truecrypt.)
My money is on the site being compromised. If this were a legit, why would they be doing a 302 redirect to a SourceForge page instead of keeping the notice it under their own domain? Also, if TC only existed for XP users, why even have a *nix version? None of this makes sense in the context of this being a legitimate notice.
I'm with you. This seems like an odd move, given that most likely only a minority of their users used XP for some time. Why haven't they been warning Windows Vista, 7 and 8 users to use Bitlocker for years (not to mention Mac OS X and Linux users)? Perhaps I just missed the warnings, but I am really puzzled.
I suppose the developers could have just found a massive vulnerability (perhaps they're doing their own audit in advance of the public one?).
I saw that. It's just that taking this line at face value, it's not clear why they would port TrueCrypt to Linux and Mac OS X or suggest that people using later versions of Windows should use TrueCrypt:
>The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.
Turning on Bitlocker has been on my TODO list for quite some time now, but to me the real value of Truecrypt wasn't full disk encryption, it was having encrypted volumes and mounting them on a as-needed basis.
And how do I handle sensitive stuff wrt backups? I could burn a Truecrypt volume to a DVD or Blu-ray. I cannot do this in any way with Bitlocker, can I?
I cannot do this in any way with Bitlocker, can I?
Yes. There's BitLocker to Go for encrypting removable drives, and with Windows Professional editions you can create and mount a VHD virtual hard disk file as if it was any other drive, and Bitlocker encrypt it, e.g.
The paged linked in the post explains how to create a VHD file, mount it using windows disk management, and then encrypt it using bitlocker. It supports dynamically expanding disks as well as fixed size disks that can be manually grown and volumes extended at a later date.
Using this method you can easily burn or transfer your VHDs, you can also store VHDs inside of VHDs.
The binaries are properly GPG-signed with the same key as the previous binaries, check for yourself. [They] either compromised their private key too or the actual developer(s) did this. Be it voluntarily or by force of secret three-character agencies / a massive pay check.
Maybe something like the Lavabit scenario where they rather close the shop than sell their users out. On the other hand, proposing Bitlocker as an alternative would be rather suspect in that case.
Well, the thing is though, it's not that they were hosting users' data. It's not like they would be forced to provide the contents of users' communication.
I suppose they could be approached by someone to plant backdoor into the software, but I wonder if that can be done without someone noticing it...
IF THIS IS THE CASE and that's an IF then it seriously brings into suspect backdoors in larger proprietary software. Because really if they're going after trucrypt then they have to already have gone after the big players.
I'm not going to jump the gun just yet but after snowden it's not out of the question.
If this is a hack, then the truecrypt.org site (or dns) and sourceforge site are both compromised, suggesting a dev got hacked who would have had access to both, and perhaps the TC signing key as well (not everyone practices good signing key hygiene, like keeping it offline, even for important software projects).
Even if it's a legit announcement, I wouldn't run that 7.2 binary. Anyone running truecrypt already has truecrypt, right? I don't know why they'd release a new version at the same time as such a dire and panic-inducing announcement.
SourceForge recently forced their users to change their passwords [1] because of an attack on their infrastructure [2]. Pure speculation but I'm not sure if that had anything to do with this?
Those two SourceForge blog posts are from January 2011, a year before the release of TrueCrypt 7.1a. The recent forced change was due to infrastructure changes.
> Anyone running truecrypt already has truecrypt, right?
I frequently reformat my boot volumes—but I've had a .tc file laying around on an external HD since forever, with my websites' X.509 private keys and such inside.
I'm probably going to do exactly as this announcement says: download the export-only binary, create a loop-mounted LUKS volume, and migrate everything over.
A much simpler explanation is someone defaced the site around the same time a new release was coming out. Is there anything in the signed release package to corroborate what the site says?
Yes. See the sibling poster's image link. I also installed 7.2 in a VM and received the same warning. It also looks like I can't encrypt anything, just decrypt.
Just quickly scroll through the diff (better version here: https://gist.github.com/anonymous/e5791d5703325b9cf6d1) and you will immediately see that all that was done is disable/remove a majority of the functionality.
AbortProcess ("INSECURE_APP");
Print ("WARNING: Using TrueCrypt is not secure");
They added exceptions/rose errors/printed warnings everywhere where you could possibly encrypt and all of it reflects their intent at the Sourceforge page.
The whole point of the underhanded c contest is that the code looks extremely benign, and you wouldn't know that it's doing something evil by staring at it for a short time. Example: http://underhanded.xcott.com/?page_id=22
Anyway, it was a joke.
edit: But I'm not touching that binary with a 10 foot pole, thank you. There isn't even any guarantee yet that that source compiles into the given binary.
Yes, I can confirm that F0D6B1E0 was on the Truecrypt web site about a year or two ago, since it's been on my keyring for at least that long. I've installed Truecrypt multiple times over the past few years, and have always used this key to verify (or its signing subkey, I suppose).
Don't just trust my SHA1s, verify with the sigs and the TrueCrypt Foundation public key. Ensure the key has the fingerprint shown in the great-great-great grandparent of this comment, independently verified by others in this thread.
gpg: Signature made Tue 07 Feb 2012 12:45:26 PM PST using DSA key ID F0D6B1E0
gpg: Good signature from "TrueCrypt Foundation <contact@truecrypt.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0
There's no way this is legit, but if it is, what other kind of cross-platform solution is available? I need to be able to encrypt/decrypt on all 3 major OSes.
They didn't seem that severe to me, they seemed pretty minor actually. Especially if your attack vector is solely a read attack rather than a read-write attack.
> EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.
Which, seeing as my current major use case is to lock down Dropbox, kind of renders it useless for me.
The advice for Linux is "Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation."
I know everyone likes to bash MS around here but is there any actual proof of Bitlocker's insecurity that is more recent than 2008? If you look at wikipedia it seems like the only known real vulnerability requires someone with physical access to boot via USB into another OS within a few minutes of turning the computer off. When is this a real risk for anyone? I am not a security expert but unless you are doing things shady enough to get raided by the FBI, it seems like Bitlocker is pretty secure. The same problem occurs in other encryption programs on Linux and OSX. Also, it may not be open source like what we want, but MS lets its partners and enterprise customers audit the code subject to an NDA.
It's really not that hard to imagine scenarios where this might happen. Simply leaving your notebook unattended after a shutdown might leave you compromised.
Besides, government agencies in other countries might have a slightly different view on what constitutes "shady behaviour" (think regime critics).
Don't forget that M$ gives you the great 'service' to store your BL-key in your M$-account (on their servers) as soon as a) your machine is not connected to a domain and b) you're [...] enough (most are!) to log on with an M$-account to Win8.x.
wow this is a kick in the nuts. i've been using truecrypt for years. i probably won't stop just because development has ceased... but i'm still curious to know what the real story is behind this. seems sketchy.
exactly. This makes no sense. Security Audit. XP support ended in April not May. Also Truecrypt is open source... when it is not secure why not fix it? And why care of XP support? There are more open questions than answers.
It says 'may', which is a responsible message if you're abandoning security software. Never know what the future holds; don't want to encourage people to rely on it if bugs will never be fixed.
I remember TrueCrypt from several years ago when I was looking into various options for encryption. Haven't used encryption for a while, but if this is true, is there now an encryption software/service that doesn't involve being authored by a large corporation in the country that gave us the NSA, and which allows things like hidden volumes/partitions, algorithm choices, and use with various portable devices?
FreeBSD has GEOM/geli, which is a block-level (sub-filesystem) encryption method written by Paweł Jakub Dawidek (a Pole). It allows your choice of several data integrity verification algorithms, several encryption algorithms, and the usage of zero or more key files and/or a passphrase. And you can use it on external devices if you like. Also supports hardware acceleration via AES/NI with recent Intel CPUs.
Since it's block-level, you can use any filesystem you like. Since it's BSD, you might as well use ZFS (but don't use data integrity verification if you do, since ZFS has that built in.)
Downside is that you have to use FreeBSD to get it. Upside is that you get to use FreeBSD =)
Why have they only talk about how to secure a partition in Windows. Would the developers, or persons who took over the project, not care about other operating systems?!
Of course, by 'they', I mean the fake development team that the hijacker of the site wanted to portray... no way this is real
TrueCrypt is, to be honest, Windows software. The Linux version is a port and used to lag far behind the Windows version featurewise (for some time it was command line and even read-only).
I suppose this leaves yet another possible explanation: A secret order with the intention of getting people to stop using truecrypt and start using bitlocker (possibly either bl and/or tpm has some convenient back doors in them...)?
Another issue is that Bitlocker is most likely not compatible with non-Windows OSes, while a Truecrypt volume works fine in Windows, OSX and Linux as long as the file system is supported.
I use Apple's FileVault on my laptop, but for particularly sensitive data (work code, financial info, etc) I always used truecrypt. We have no idea if apple is actually doing what they claim to be doing. The same applies to MS and bitlocker.
A significant concern of mine with this is that Windows 8 has support for syncing your bitlocker encryption keys with microsoft. If privacy is something a user is seeking, how easy would it be to subpoena bitlocker keys for a user under duress?
Tom has a point, though. The nature of the message (abandoning truecrypt rather than fixing it simply because XP is end-of-lifed?) and the unwillingness to fix it rather than post a dire message about its insecurity and recommend migrating to other solutions that don't have hidden volume functionality -- it suggests it's either very poorly handled, or a fake message.
It might be more likely that a dev got hacked, compromising the signing key, sourceforge project, and truecrypt.org site.
We don't know much about the TC developers, do we? It's also possible that they're just really cavalier about this stuff, and that this is their response to the TC audit process ("stop bothering us about it and use something that's maintained").
Certainly possible, although this from the audit web page doesn't sound like that would be a big problem:
"Wed, Oct 24, 2013: We have made contact with the TrueCrypt development team. They have stated a commitment to a thorough, independent security audit and cryptanalysis of the code."
Since TC developers were unknown for a long time. Perhaps the audit effort, or someone involved with it, intentionally or not, somehow opened some clue that allowed some 3-letters agency go after the developers and they receive those weird proposals like Lavabit ??
True. Security announcements have been botched in the past, for all sorts of reasons, not that you have any experience with that, of course. But what does XP being EOL'd have to do with anything? That and the blithe recommendation to use other solutions, even though they don't have hidden volume functionality which is a main selling point of TC, is what changed my mind, from thinking this is probably a legit mishandled disclosure, to thinking it's probably fake.
On the other hand, as pointed out in other subthreads, if the devs are tired of maintaining it, this could be a legit, unappreciated-developer version of a temper tantrum. Nobody seems to know (yet).
> But what does XP being EOL'd have to do with anything?
Every version of Windows after XP has a native disk encryption utility. TrueCrypt was built to bring full disk encryption to Windows, which didn't exist at the time - this is the developers way of saying "you don't need us anymore, Windows now does what we did"
Not every version... In case of Vista and 7 only Enterprise and Ultimate editions have it and in case of 8/8.1 you need to have Pro or Enterprise edition.
True, but if you need disk encryption you probably use one of those already.
I mean, a normal use case is a corporate laptop used when traveling or similar. Normal home users certainly have no need of it, for them it's just something else that can go wrong and destroy all their data.
FDE was available from different vendors (I bought DriveCrypt PlusPack more than 15 yr ago and tried CompuSec (free) more than 10 yr ago, Comodo FDE is around since ~2k8).
So availability of FDE software can hardly be the reason. Neither the credibility of M$, in matters of quality of code as well as especially being an US based company.
OP here, I came across this link via this Tweet [0] and it's probably a good idea to stay away from the linked TrueCrypt version on the site. It's version 7.2 and afaik the last version for Mac was 7.1.1 (At least that's what I installed recently).
413 comments
[ 3.2 ms ] story [ 290 ms ] threadI don't remember TC ever being hosted on SF, so I think this is a bad redirect...
All of the files are freshly uploaded.
--
Check this out too:
https://webcache.googleusercontent.com/search?q=cache%3Ahttp...
http://sourceforge.net/u/tc-foundation/profile/
====
https://webcache.googleusercontent.com/search?q=cache%3Ahttp...
http://sourceforge.net/projects/truecrypt/
I suppose the developers could have just found a massive vulnerability (perhaps they're doing their own audit in advance of the public one?).
>The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.
And how do I handle sensitive stuff wrt backups? I could burn a Truecrypt volume to a DVD or Blu-ray. I cannot do this in any way with Bitlocker, can I?
Yes. There's BitLocker to Go for encrypting removable drives, and with Windows Professional editions you can create and mount a VHD virtual hard disk file as if it was any other drive, and Bitlocker encrypt it, e.g.
http://www.concurrency.com/blog/encrypted-container-using-bi...
Using this method you can easily burn or transfer your VHDs, you can also store VHDs inside of VHDs.
Is this real? Is there a known vulnerability that catalyzed this? Money from Microsoft? Threats?
I'm not buying into conspiracy theories, but it does seem pretty out of place.
I suppose they could be approached by someone to plant backdoor into the software, but I wonder if that can be done without someone noticing it...
EDIT: I normaly don't care. But this time I'd be glad if who downmoded this post explained why.
I'm not going to jump the gun just yet but after snowden it's not out of the question.
edit: Confirmed Microsoft stores your recovery key on their servers if you're not connected to a domain: http://windows.microsoft.com/en-AU/windows-8/bitlocker-recov...
Whether or not they superstitiously store it anyway is a different question.
Even if it's a legit announcement, I wouldn't run that 7.2 binary. Anyone running truecrypt already has truecrypt, right? I don't know why they'd release a new version at the same time as such a dire and panic-inducing announcement.
[1] http://sourceforge.net/blog/sourceforge-net-global-password-...
[2] http://sourceforge.net/blog/sourceforge-net-attack/
https://sourceforge.net/blog/forced-password-change/
I frequently reformat my boot volumes—but I've had a .tc file laying around on an external HD since forever, with my websites' X.509 private keys and such inside.
I'm probably going to do exactly as this announcement says: download the export-only binary, create a loop-mounted LUKS volume, and migrate everything over.
Just quickly scroll through the diff (better version here: https://gist.github.com/anonymous/e5791d5703325b9cf6d1) and you will immediately see that all that was done is disable/remove a majority of the functionality.
They added exceptions/rose errors/printed warnings everywhere where you could possibly encrypt and all of it reflects their intent at the Sourceforge page.Anyway, it was a joke.
edit: But I'm not touching that binary with a 10 foot pole, thank you. There isn't even any guarantee yet that that source compiles into the given binary.
http://sourceforge.net/p/truecrypt/activity/?page=0&limit=10...
Besides the different file name, the contents of the files match: http://www.diffchecker.com/szpb500v
The only way to verify is if you have the previous key stored somewhere, or can find a trustpath to it.
E3BA73CAF0D6B1E0 C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0
Checks out.
https://twitter.com/matthew_d_green/status/47175105467398963...
[0]: https://en.wikipedia.org/wiki/EncFS
[1]: https://defuse.ca/audits/encfs.htm
They didn't seem that severe to me, they seemed pretty minor actually. Especially if your attack vector is solely a read attack rather than a read-write attack.
Which one got you worried?
Which, seeing as my current major use case is to lock down Dropbox, kind of renders it useless for me.
However you should not use XTS with Dropbox http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/
So... just any of them, then? Sure, ok.
This might help.
[1] http://www.infoworld.com/t/encryption/sloppy-secure-open-sou...
[2] https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_A...
http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption#Secu...
Since it's block-level, you can use any filesystem you like. Since it's BSD, you might as well use ZFS (but don't use data integrity verification if you do, since ZFS has that built in.)
Downside is that you have to use FreeBSD to get it. Upside is that you get to use FreeBSD =)
Of course, by 'they', I mean the fake development team that the hijacker of the site wanted to portray... no way this is real
I'm having trouble taking any of that page seriously however -- to be recommending closed-source solutions like Bitlocker as 'more secure'.
I use Apple's FileVault on my laptop, but for particularly sensitive data (work code, financial info, etc) I always used truecrypt. We have no idea if apple is actually doing what they claim to be doing. The same applies to MS and bitlocker.
It might be more likely that a dev got hacked, compromising the signing key, sourceforge project, and truecrypt.org site.
"Wed, Oct 24, 2013: We have made contact with the TrueCrypt development team. They have stated a commitment to a thorough, independent security audit and cryptanalysis of the code."
On the other hand, as pointed out in other subthreads, if the devs are tired of maintaining it, this could be a legit, unappreciated-developer version of a temper tantrum. Nobody seems to know (yet).
Every version of Windows after XP has a native disk encryption utility. TrueCrypt was built to bring full disk encryption to Windows, which didn't exist at the time - this is the developers way of saying "you don't need us anymore, Windows now does what we did"
I mean, a normal use case is a corporate laptop used when traveling or similar. Normal home users certainly have no need of it, for them it's just something else that can go wrong and destroy all their data.
I really hope it's "just" a defacement/DNS issue.
[0] https://twitter.com/maclemon/status/471727027356434432
Edit: Just saw the comment that they are properly signed. I'll just sit tight and wait for an announcement then.
> p.s. We hope to have some big announcements this week, so stay tuned.
[1] https://www.indiegogo.com/projects/the-truecrypt-audit#activ...
> .@FiloSottile @matthew_d_green no idea. It's doing a 301 perm to a static pg @ SF, now blocked. Possibly compromised. pic.twitter.com/g5tSFUuXzu
[1] https://twitter.com/kennwhite/status/471740840478797824