Windows’ BitLocker and OS X’s FileVault 2, respectively more about the latter later) due to paranoia about whether these major U.S.-based corporations may be beholden to-or compromised by-the government or intelligence agencies such as the NSA. Some still prefer it over Microsoft and Apple’s built-in full-disk encryption alternatives (e.g. One subset of those people includes the die-hard believers in TrueCrypt who continue to view it as the best software of its kind, in spite of public concerns about its security. It is extremely unlikely that there will ever be another official version of the software under the trademarked TrueCrypt name (and if one should ever surface, it would be viewed with such intense skepticism after last year’s brouhaha that very few people would likely use it).īut some people view TrueCrypt’s demise more positively: “TrueCrypt is dead long live TrueCrypt.” Long live TrueCrypt? The short answer is that, yes, TrueCrypt itself is dead in the sense that it’s not being developed anymore by its original creators. What’s the point of auditing software that’s no longer being developed? Is TrueCrypt really dead? It might surprise readers, then, to see recent headlines about the second phase of TrueCrypt’s security audit having been completed. There is also an open source successor, VeraCrypt, which I have not tried.Security & Privacy + Security News TrueCrypt Has Been Audited! Should You Use It?Ĭlose to a year ago, I wrote an article entitled “ TrueCrypt is Dead What Does This Mean for Mac Users?” after the developers of the source-available * disk encryption software abruptly terminated the project. The Open Crypto Audit Project says it is verified, and I have no reason to doubt that. There is what purports to be a copy of Truecrypt 7.1 on Github. For you to use Truecrypt, you'd have to put your hands on an old copy of the software. That said, I am still trusting an older install of Truecrypt. (That's a back door in Truecrypt I'm relatively sure that AES itself is safe.) A code audit by others, of which phase one is complete, did not find any problems that significantly weaken the crypto algorithms, and I really doubt anyone, even the NSA, can crack AES unless there's a back door that hasn't been found. Unhappily, the safety of older versions has not been conclusively demonstrated, I think. Older versions of Truecrypt are as safe as they ever were. It also isn't clear whether that driver is installed only for full-disk encryption or at any time a TrueCrypt volume is in use. It isn't clear from the article whether those flaws compromise the crypto or the underlying Windows OS, or both. Edit: OctoAn article in IT World for Septemreveals the existence of, but doesn't describe fully, two serious flaws in the Windows driver that TrueCrypt installed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |