lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 May 2014 16:29:33 -0700
From: "Dennis E. Hamilton" <dennis.hamilton@....org>
To: <fulldisclosure@...lists.org>
Subject: Re: [FD] TrueCrypt?

In the various accounts and discussions all around the Internet, I had been baffled by the mention of Windows XP support end-of-life.

On reflection, I can see why there might be concern for the vulnerability of TrueCrypt, and user keys, on a platform for which there is no longer any security support.

The observation that there are existing solutions on the major currently-supported platforms makes sense in that context.  Concerning the mention of Bitlocker, I note that Bitlocker is available on Windows 8.1 Pro and works just fine given the hardware that Windows 8 and 8.1 require anyhow.  (I am not in a position to know whether "works just fine" means Bitlocker is highly secure or not.  At least it is not password based and one should remove and squirrel away the USB key after powering up and certainly not leave it inserted in a powered-down system.)

I have no idea what the actual trigger of the TrueCrypt shutdown is.  


 -- Dennis E. Hamilton
    dennis.hamilton@....org    +1-206-779-9430
    https://keybase.io/orcmid  PGP F96E 89FF D456 628A


-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces@...lists.org] On Behalf Of Barkley, Peter
Sent: Thursday, May 29, 2014 13:47
To: fulldisclosure@...lists.org
Subject: Re: [FD] TrueCrypt?

+

http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ 

-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces@...lists.org] On Behalf Of Anthony Fontanez
Sent: 2014, May, 28 10:21 PM
To: fulldisclosure@...lists.org
Subject: [FD] TrueCrypt?

I'm surprised I haven't seen any discussion about the recent issues with TrueCrypt.  Links to current discussions follow.

/r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
/r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

[ ... ]


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ