2

A security audit of the free and Open Source encryption utility, TrueCrypt

"found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas," and that the found vulnerabilities "all appear to be unintentional, introduced as the result of bugs rather than malice."

A summary of the results can be found here.

Edited by Reverend Jim

6
Contributors
10
Replies
88
Views
4 Years
Discussion Span
Last Post by Hiroshe
Featured Replies
  • Even though it is unmaintained, why should you stop using it? I am currently using version 7.1a. It does everything I require so even if there are no further versions I will continue to use it as is and be quite satisfied. But... [This article](http://www.theinquirer.net/inquirer/news/2347787/truecrypt-is-alive-and-well-and-living-in-switzerland) states that **Truecrypt is alive … Read More

0

Certainty that no backdoor exists is largely because security experts were able to review the source code. It's difficult see how closed source products can provide the same level of assurance. +1 for opensource :-)

Edited by AffineMesh

0

yah, like openSSL that supposedly had a major backdoor in it for 2 years until an NSA contractor just happened to come across it...

0

"...software is insecure..."

I had to check whether that was right or whether 'unsecure' was better. Following research, I'm none the wiser, although the former seems to be favoured in North America. Reminds me of a 'neurotic operating system'. Sorry - off-topic.

0

Unsecure would be akin to "open to penetration". Insecure would be "unsure of oneself".

Now there's a naughty joke about that, but I think I'd receive an infraction...

0

Wow. All the effort and money that was put into getting a security audit, and then the project just shut down. Well, I don't like using unmaintained software, so I guess it's time to find something new.

The thing that's nice about truecrypt is I can still boot linux from USB and open the drive up for recovery. Bitlocket wouldn't be the solution here.

1

Even though it is unmaintained, why should you stop using it? I am currently using version 7.1a. It does everything I require so even if there are no further versions I will continue to use it as is and be quite satisfied.

But...

This article states that Truecrypt is alive and well and living in Switzerland. While the original authors are no longer maintaining TrueCrypt, perhaps the project has found a new home.

Votes + Comments
hope the project lives on
0

True. It's a hueristic I try to stick to (stick with whats popular, and whats being supported ). There doesn't seem too many alternatives atm though.

I also have another hueristic. It's "when in dout, listen to Bruce Schneier". Apperently he's suggesting we do nothing at the moment

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.