On less conspiracy minded thought. This time with end support for XP and with an external code audit and maybe they just didn’t want to deal with proper support for win7/win8/whatever is next and also with XP being no longer supported oops malware that breaks truecrypt and there ins’t much one can do and they just don’t want to deal with it anymore.
Edit : this http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-1/#comment-255908 seems very very plausable.
It’s the secrecy and lack of open disclosure that is killing us. Who’s TC, we don’t know. Have they been given an NSL, we don’t know. What is the gov trying to do, we don’t know. Sunshine disinfects.
but Peter Biddle, one of the architects of Trusted Computing and Bitlocker
One source’s anecdotal evidence is not enough for me about a project of that size and that scope … even if that source is vetted by Cory Doctorow.
“I think this is reasonable logic, not paranoia.”
Oh.
Well, in that case…
32GB micro sd card, each file encrypted with a public key. Stick it somewhere the sun doesn’t shine. Travel secure. Only keep the private key secure somewhere at home or with a trusted 3rd party, but hard to find. IE, even if the card is detected while traveling, no one, even yourself, will likely be able to unlock it (without more computers than even the NSA possesses). Myself, I put the card in a compartment of my wallet that also has my collection of guitar picks. Nicely hidden, at least from todays’ “security theater” devices.
GRIN
exaaaaaaaactly
This is what happens when you rely on someone else to make security easy for you. Decent security is difficult, and trying to make it ubiquitous seems very like a fool’s errand, to me.
Respecting license terms is a matter of deeply-held principle for a lot of open-source fans. There’s a long and infamous history of big companies ignoring licenses because they know that that the creator isn’t strong enough to do anything about it. A lot of hackers won’t want to follow in those footsteps, even with the best intentions.
You really think keeping security too hard for 95% of people to use is a preferable alternative? There needs to be a range of options.
Here in the land of the Mother of Parliaments and Eternal Fucking Rain, you can get 15 years for not forking your key over.
Depends on what you mean by “too hard”. If inconvenience trumps security for someone, then that’s their choice, and I don’t care that they chose poorly.
Requiring all of my communication to be secure, and not wanting to bother ensuring that security is unrealistic and impractical. Instead, I choose what I want to be secured carefully, and go to considerable lengths to protect that.
Nothing is perfect, but I want failures to at least be my own, not some anonymous person that I heard good things about from someone I don’t even know.
I’m currently testing the Bitlocker + VHD as a alternative for creating encrypted containers. DiskCryptor doesn’t seem to have containers, but if it works with a VHD it might be a better choice.
EDIT: DiskCryptor works on VHDs but it’s a bit cumbersome.
On the Win 7 laptop I’m using to test the concept, mounting a Bitlocker encrypted VHD seems to be glacially slow
However (paraphrasing a comment I saw elsewhere)
If you don’t trust Microsoft’s encryption system to not have back doors, why should you assume the operating system is free of them.
Their suggestion of course is to migrate to Linux if your data is that sensitive. That’s not an option for me currently.
After 25 years of software development, I eventually learned that when coders leave off their names on a piece of software, it is a sign that something is amiss. I won’t write or be a part of software products that don’t provide users a full roster of the developers. Until now, my primary concern with this had not been security concerns, but I’ll add it to the list. Nearly all the angst over Truecrypt is due to developer anonymity.
Yes…everyone should write their own encryption implementation instead of relying on someone else’s.
Only if they want to prioritize security. If it isn’t that important, then sure, Crazy Bob’s House of Crypto will do just fine.
You don’t have to have an advanced degree in math to do strong encryption if you discard some of the more recent trends in the field, and narrow your lines of communication. What you do have to worry about is endpoint attacks. If it comes to that, though, you’re already in a world of hurt.
What key?
Ummm… dude, you put your wallet through an x-ray machine. SD cards aren’t made of just plastic.
He means the password or code to unlock the encrypted blob.
I don’t know anything about that kind of stuff.
Your Patriotic Ignorance has been noted, Citizen.
