9 comments

[ 2.6 ms ] story [ 37.0 ms ] thread
TrueCrypt is software you download, it's not a cloud service that you have to implicitly trust to use. The source for TrueCrypt is viewable by anyone and it is being audited. What would the NSA gain by controlling software with public audited source other than esteem from the general community for helping us to secure our files.
Many different entities use TrueCrypt to secure their files and if we assume that TrueCrypt has been compromised it would give NSA access to these files.

The code base is huge and introducing small bugs which they knew how to exploit can easily slip through from individual code review.

It's true that there is on going proper audit of the code, but it's a slow process and if the infiltration was done good while back they might have not been aware that audit was ever going to happen after all TrueCrypt is fairly old software.

It would not give the NSA access to those files because those encrypted files are probably stored on a computer they don't have access to. And seriously, if the NSA wanted access to something they probably can get it anyway. They don't need a truecrypt backdoor, they'll just install monitoring software and wait for you to open it.
>Somebody must have been searching for both Zyxel brand hardware and NSA infiltration information to cause Google to give such a strange search suggestion, and I would bet my left pinky-toe that at least one of the people doing those searches is "JyZyXEL" from the IRC log above. Although this is probably not a coincidental connection between all of these facts, it doesn't mean JyZyXEL is somehow connected to the TrueCrypt developers. However, I'm making a note of it here in case there are further developments, or someone just wants to ask him what else he might know.

Or maybe Google suggests the term because Zyxel's NAS product line is called NSA (e.g. http://www.zyxel.com/de/de/products_services/nsa325.shtml?t=... ). What a bunch of bullshit

not sure about the Zyxel stuff but the message checks out...

  Of course, we must be cautious by not drawing unwarranted conclusions.
That's right, after seven pages of drawing unwarranted conclusions, just tack this on at the end to make it all right.
In addition to the deconstructions other people have made, anyone who knows Latin well enough to leave a hidden message would know that 'cu' and 'im' aren't Latin words. 'I want' in latin would (most likely) be either 'volo' or 'cupido' and the one which fits better with the message, 'cupido,' means 'I desire' more in the sense of lust, or physical need. 'I' in Latin is 'ego,' and is an auxiliary word one would not include in a secret message. 'Im'? I don't know where they got 'I.' And furthermore, 'si' only means 'unless' with a stretch of its real definition 'if.'