|
|
05-28-2014, 07:44 PM | Topic Starter | |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Truecrypt may be compromised
those who visit truecrypt's sourceforge page will get this warning
Quote:
They Recommend to migrate to Bitlocker....an encryption platform by Microsoft that the feds asked for a backdoor. Suspicous. Some users believe the program was compromised due to a national security letter, or it may be a break-in. Many things don't add up, including the fact that Truecrypt re-issued all of its keys only 4 hours before releasing the new version, 7.2. On top of this - they say they have stopped development because WinXP support has ended... which doesn't add up at all. Even those who audited truecrypt found out suddenly today about the changes and shutdown of the trucrypt project. At this point it is not recommended to use the new version 7.2 Last edited by planetdoc; 05-28-2014 at 10:08 PM.. |
|
Posts: 2,174
|
05-28-2014, 07:51 PM | #2 |
Banned
Join Date: Feb 2009
Location: Fort Worth, TX
Casino cash: $10049239
|
The NSA can break any encryption that they want. It doesn't matter what you use.
|
Posts: 24,946
|
05-28-2014, 08:00 PM | #3 | ||
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Quote:
truecrypt uses AES 256, Quote:
|
||
Posts: 2,174
|
05-28-2014, 08:34 PM | #4 | |
Banned
Join Date: Feb 2009
Location: Fort Worth, TX
Casino cash: $10049239
|
Quote:
|
|
Posts: 24,946
|
05-28-2014, 09:29 PM | #5 | |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Quote:
That being said, backdoors are different from what you said earlier which is clearly false |
|
Posts: 2,174
|
05-29-2014, 08:09 PM | #6 |
When a nightmare becomes real
Join Date: Nov 2003
Casino cash: $2236966
|
lol, nope.
__________________
http://www.goemaw.com |
Posts: 46,971
|
05-29-2014, 10:09 PM | #7 |
Veteran
Join Date: Apr 2006
Casino cash: $9468509
|
Some of the the armchair bullshit in this thread is hilarious.
|
Posts: 1,113
|
05-28-2014, 08:24 PM | #8 |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
SourceForge forced a password reset last week citing "changes to how we're storing user passwords."
SourceForge may be compromised as well. |
Posts: 2,174
|
05-29-2014, 07:10 AM | #9 | |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10269900
|
Quote:
Nothing in my Sourceforge account tells them anything about me. And if you're using the same password for multiple online services, that's pretty freaking dumb. So I ask again, why does it matter if Sourceforge has been compromised? |
|
Posts: 100,022
|
05-29-2014, 07:17 AM | #10 | |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Quote:
2. Although software that they host is open source, most people do not check MD5 checksum's of the software that they download, few check that the available executable matches one compiled independently, and few have the capability to audit the millions of lines of code of each version. Thus, when the chain of trust is potentially broken (such as when SourceForge has been compromised), than any software hosted from the site becomes potentially suspect and should be viewed with suspicion. Last edited by planetdoc; 05-29-2014 at 07:43 AM.. |
|
Posts: 2,174
|
05-29-2014, 08:40 AM | #11 | |||
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10269900
|
Quote:
Quote:
Quote:
As a source of open source software, SourceForge gives the user the ability to inspect the actual code and make informed decisions all on their own. If the users aren't doing that, shame on them. |
|||
Posts: 100,022
|
05-29-2014, 12:28 PM | #12 | |
Veteran
Join Date: Nov 2011
Location: Villa Straylight
Casino cash: $10005610
|
Quote:
This sure does seem odd. I've advised my team to stick with their existing versions and to wait until the dust settles. |
|
Posts: 2,367
|
05-29-2014, 12:36 PM | #13 | |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $10269900
|
Quote:
It's not unique to security software like TrueCrypt. MD5 hashing offers integrity "peace of mind" just beyond the security implication, for example downloading router firmware. A corrupted firmware image = a bricked router. If you're not verifying the checksum, you're just asking for trouble. |
|
Posts: 100,022
|
05-29-2014, 12:10 PM | #14 | |
MVP
Join Date: Aug 2003
Casino cash: $7737309
|
Quote:
__________________
|
|
Posts: 10,620
|
05-28-2014, 09:32 PM | #15 |
Supporter
Join Date: Sep 2013
Location: Seattle, WA
Casino cash: $10015467
|
The HeartBleed exploit was the biggest eye opener in like decades. Everything uses SSL/https and hackers could pull any data from memory at will with it and yet it was only discovered a couple months ago.
http://heartbleed.com/ |
Posts: 2,641
|
|
|