doctorow at June 17th, 2014 10:34 — #1
gaijin42 at June 17th, 2014 10:58 — #2
The TrueCrypt end of life announcement had advice to go use Microsoft BitLocker. I wonder if the NSA warning is directed towards that advice.
jandrese at June 17th, 2014 11:01 — #3
This is getting way too much into symboligy for my taste. This is like Dan Brown discovering that the Holy Grail exists because two lines join at an angle (spoiler alert).
dfaris at June 17th, 2014 11:04 — #4
mcsnee at June 17th, 2014 11:06 — #5
Let's say TrueCrypt wanted to say, "Don't use TrueCrypt, because there are issues that make us think the NSA can read TrueCrypt-secured data." Why not just say that, instead of using some silly (and truly bad) Latin initialism that sort of suggests something about the NSA if you squint at its translation? ESPECIALLY since "Hey, the NSA broke TrueCrypt" is exactly the conclusion everyone who saw the TrueCrypt announcement immediately leaped to?
Or, okay. Let's say they've been warned by the NSA not to disclose that the NSA has access. What makes them think that their hidden message will be deciphered by the heroic net denizens they intend to warn and not by, say, the most technically accomplished codebreaking organization in the world?
doctorow at June 17th, 2014 11:08 — #6
I think the thesis is that they were shooting for "plausible deniability."
lion at June 17th, 2014 11:09 — #7
Ridculous leap of logic here. What's next from boingboing, chemtrails? HAARP?
TrueCrypt may have been shut down simply because the one guy running it was bored and tired of being the one guy running it. It hadn't been updated in nearly two years. There was an impending security audit where they said the code was badly done. The guy got tired of dealing with it. It happens ALL THE TIME in opensource projects. Most people learned not to trust it post-NSA anyway.
mathew at June 17th, 2014 11:22 — #8
In which case, why all the weird behavior? Why not just do the usual thing and say "Hey, I'm done with this, here's the source if anyone wants to maintain it."
brainflakes at June 17th, 2014 11:25 — #9
The important thing is that the hidden message - even if it doesn't
exist - has succeeded in getting people to question whether the NSA
might be trying to tamper with the security of TrueCrypt. That's a bona
fide "mission accomplished" from the point of view of the TrueCrypt
developers, and there's really nothing more to say about it.
But that was the assumption right from the very beginning before this possible hidden message was even discovered!
mcsnee at June 17th, 2014 11:36 — #10
But the Latin is so bad it doesn't appear even to be Latin. Admittedly, it's been a long time, but I majored in this stuff. "Uti" and "si" are Latin words, though you'd expect "si" at or near the beginning of the sentence, not at the end.
"NSA" isn't Latin, obviously.
Which leaves us with the curious "im" and "cu." Google Translate sure thinks they mean "I" and "wish," respectively, but that seems like a real stretch to me. The pronoun "I" in Latin is declined ego, mei, mihi, me, me. The closest I can get to "im" meaning "I" is that it's a first-person singular irregular suffix for "be" verbs in the present subjunctive (e.g., "sim"). Here, it's not attached to a verb--it's just hanging out in the sentence.
"Cu" is no less opaque. I think Google Translate is tying it to cupio, which indeed means "want" or "desire," but it's not actually a form of that verb. And if I'm remembering right, cupio is generally more along the lines of greed or carnal desire rather than a preference or wish (for which, again if I'm remembering right, you'd use volo, velle).
And add to that the fact that even the Google Translate translation doesn't really suggest what this author wants it to suggest. "If you want to use the NSA" makes no sense on its own as a warning, and it also doesn't make sense when appended to the sentence: "Using TrueCrypt is not secure as it may contain unfixed security issues if you want to use the NSA."
There's plausible deniability and then there's obscurity beyond all reasonable bounds. If they were trying to go for the former, they've veered WAY over into the latter territory.
lion at June 17th, 2014 11:40 — #11
Because Truecrypt's guy/guys have always been a bit eccentric and possessive of the source code? Read their license, it's like it was written by a five year old who doesn't want anyone else playing with their toys. Sure, you could VIEW the source, but you couldn't make your own version of truecrypt, you couldn't use the words true crypt, etc.
Seriously, tons of open source projects are run by very eccentric people who sometimes blow it all up because they are tired of it. Nobody reads into those things as if the NSA is involved, and in many cases, it's for projects that have just as much privacy import as truecrypt. (Browsers, ftp clients, chat programs,etc).
If it was a matter of the devs updating the project on a weekly basis, and continually releasing versions, being active, and then suddenly stoping with these weird messages, I'd agree that there was something there... but this project was dormant/stagnant for years, without much conversation from the dev(s) in the community, without new releases, and without much acknowledgement of bugs/defects or plans to fix them.
robotmonkeys at June 17th, 2014 11:41 — #12
There's always plausible deniability, but their actions caused people to leap to one of two conclusions:
1. TrueCrypt was already compromised and they didn't want it to be discovered during the upcoming crowd funded security audit.
2. TrueCrypt had been NSLed.
Personally, I find it funny how no one takes the "We don't care about this software anymore," they provided as being legitimate.
Also, what's up with all this crypto stuff being done anonymously? It's like someone wants to live in the Sprawl.
rwmj at June 17th, 2014 11:42 — #13
I just had to log in here and say that the phrase simply is not Latin. Only 4 of the letters, taken far of context, are Latin words (UT and SI). But they are in the wrong positions in the sentence, and in any case the rest of the letters don't form Latin words.
(And yes, I have studied serious classics)
reinoud at June 17th, 2014 11:42 — #14
jackbird at June 17th, 2014 11:44 — #15
perry_ellis at June 17th, 2014 11:45 — #16
Really have to agree with you here. It's been a long time since I minored in Latin as well, but I've made the effort to keep it up over the years. This isn't merely bad latin - It takes some serious latitude in interpretation for it to be meaningful.
This is not Latin.
heath_smith at June 17th, 2014 12:09 — #17
Even if its true, its a shame they took down the working version. I don't care if the NSA decides to poke around my files...I do care about hiding my files from some jerkoff who breaks into my house, steals my laptop, and then tries to sell my identity for $50. IMO, Truecrypt was perfectly fine for that type of protection.
esd at June 17th, 2014 12:13 — #18
cah at June 17th, 2014 12:17 — #19
Yeah, the "this is so bad that it has to be deliberate" reasoning is not just conspiracy theory reasoning, it's classic conspiracy theory reasoning—where the flaws in the latest theory aren't actually flaws but just further proof that the theory is valid.
(Up next on BoingBoing: the Bible Code predicted the NSA surveillance program. If only we had listened!)
karls at June 17th, 2014 12:22 — #20
It's been a while since high school and I am a little bit out of practice, but I am glad to see that I am not the only one who doesn't see any Latin.
next page →