| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8mLpUF8ALqDJya8mbKhJ8Ov-ricMsfYhk8zM94UPKCqyQ@mail.gmail.com>
Date: Thu, 29 May 2014 16:55:01 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Anthony Fontanez <ajfrcc@....edu>
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] TrueCrypt?
On Wed, May 28, 2014 at 10:21 PM, Anthony Fontanez <ajfrcc@....edu> wrote:
> I'm surprised I haven't seen any discussion about the recent issues with TrueCrypt. Links to current discussions follow.
>
> /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
> /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
The Crypto mailing list offered a few additional factoids (in addition
to the three offered in the first link):
1) Microsoft ended support for XP.
2) Elcomsoft claims the ability to retrieve master & secondary (XTS mode)
keys for TrueCrypt volumes/partitions from hibernation files.
3) Passware same as above.
4) https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf-
header key derivation uses low iteration count
And as one other person noted in the crypto mailing list thread, the
same kind of thing happened to Lavabit.
See http://lists.randombit.net/pipermail/cryptography/2014-May/thread.html
and http://lists.randombit.net/pipermail/cryptography/2014-May/006561.html.
Jeff
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists