After this, no major corporation or group is going to use TrueCrypt to encrypt anything anymore and will rely entirely on the backdoored encryption solutions provided by the NSA's known and confirmed compatriots. TrueCrypt was the only open-source FDE software that had widespread adoption on non-Linux systems. Apple and Microsoft were both willful participants in the PRISM program.
I think it's silly to pretend like no authorities would have an interest in promoting the use of closed-source encryption techs. BitLocker is almost definitely already backdoored, so encouraging people to switch to that makes all of that data accessible by the powers that be. I can definitely see that someone would have an interest in getting that shut down.īitLocker lacks another one of TrueCrypt's most important features: open-source code, readable, verifiable, and compilable by any interested user. As far as I know, BitLocker doesn't haven anything like that. One of TrueCrypt's best features was hidden volumes. I think it's far more likely at this point that the devs, who had not updated their software in years, finally decided to call the project over and have marked it insecure because the codebase is now unmaintained and should be assumed insecure. They've also decided to modify the license terms, perhaps bringing it into compatibility with more common FOSS licenses. if it was a hack, it's a very, very good one. It's quite possible this came from 1 big developer hack, but considering how the release was done, with full source and everything for every supported platform. There's simply no reason to shut it down like this, unless the attack is just an elaborate practical joke.
A better attack would be "here, it's TrueCrypt 8, it has loads of EFI support and mad security, everyone should install it, it's the best!". Any attacker with the intelligence and patience for such an attack would surely realize how poor an execution this would be.
It would only really be an effective attack against people who had TrueCrypt volumes but not a current copy of TrueCrypt as there's no compelling reason for anyone to upgrade to 7.2 and certainly they'd be skeptical after this. The most they achieved would be uninteresting to most attackers. After examining all the facts, I think it's most likely they just didn't want to develop it anymore:Īnd to top it off, let's put ourselves in the theoretical attacker's shoes, the binaries when run make no unexpected connection attempts or write to any unexpected places and don't appear to contain any unexpected imports, so if this was a hack, it's a very stealthy and very boring one.
0 kommentar(er)
