lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAML-GjPYOqn6RAmkztaDC67vD-Fs-CSyU8QApSNdni16uUntiA@mail.gmail.com>
Date: Fri, 30 May 2014 08:54:39 +1200
From: James Healy <james@...ic.co.nz>
To: Anthony Fontanez <ajfrcc@....edu>
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] TrueCrypt?

Krebson covered it pretty well here:
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/

And a few more speculations here:
http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/

For the most part the general consensus is they're no longer wanting
to continue development - perhaps through pressure, or this release
would spark a lot of sensitive people to momentarily make their data
vulnerable whilst switching to an alternative. This comes at a time
where full auditing was about to go underway (they had only audited
the bootloader in the past), which in itself adds to the speculation.

Really an open-source variant needs to be made readily-available to
the average consumer. I know of plenty of non-IT-savvy people who
would love an opportunity to secure their local data (photos, email,
work) but don't know how - given their current options there's a clear
gap in the market for this; the paranoid consumer. (Rightly so is
objective.)

On Thu, May 29, 2014 at 2:21 PM, Anthony Fontanez <ajfrcc@....edu> wrote:
> I'm surprised I haven't seen any discussion about the recent issues with TrueCrypt.  Links to current discussions follow.
>
> /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
> /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
>
> Thank you,
>
> Anthony Fontanez
> PC Systems Administrator
> Client Services - College of Liberal Arts
> Information & Technology Services, Enterprise Support
> Rochester Institute of Technology
> LBR-A290
> 585-475-2208 (office)
> ajfrcc@....edu<mailto:ajfrcc@....edu>
>
> Submit a request via email: servicedesk@....edu<mailto:servicedesk@....edu>
> Check the status of an active request: footprints.rit.edu<https://footprints.rit.edu/>
> Manage your RIT account and computers: start.rit.edu<https://start.rit.edu/>
>
> CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/



-- 
James Healy
Stoic, PO Box 17042, Greenlane, Auckland 1546.

w: www.stoic.co.nz
e: james@...ic.co.nz
p: 09 280 3639
m: 027 900 17 44

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ