I am not using TrueCrypt version 7.2
This message "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" is very disturbing.
It can be a hidden message "do not use newer versions of TrueCrypt, programmers are forced to advertise Microsoft software with backdoor and to include backdoor to the version 7.2".
On the bottom of the website the message is different: "WARNING: Using TrueCrypt is not secure". It can be interpreted: "this version of TrueCrypt contains backdoor, do not use it".
Warning! The version 7.2 of TrueCrypt executables (or source code!) may contain backdoor or Trojan horse!
This red warning above the download links should be enough to convince you not to click on the links! (Archive.)
I am still using the old version.
Building TrueCrypt 7.1a on Ubuntu 12.04 TLS
The latest version (before 7.2) was 7.1a: Google Drive.
$ sha512sum TrueCrypt\ 7.1a\ Source.tar.gz b5e766023168015cb91bfd85c9e2621055dd98408215e02704775861b5070c5a0234a00c64c1bf7faa34e6d0b51ac71cd36169dd7a6f84d7a34ad0cfa304796a TrueCrypt 7.1a Source.tar.gz $ md5sum TrueCrypt\ 7.1a\ Source.tar.gz 102d9652681db11c813610882332ae48 TrueCrypt 7.1a Source.tar.gz
The PGP key of the TrueCrypt Foundation may be compromised. Therefore, you should not trust to their signatures - compare the sha512sum with the checksum of the my copy of TrueCrypt (downloaded from TrueCrypt.org several months ago) and other copies.
Ask your trusted friends about checksums of their copy of TrueCrypt (downloaded months before). And install only from the genuine source code version 7.1a.
It is not possible to be disproved that BitLocker contains a backdoor! Do not use closed source encryption software!
Since, as one example, “Passware Kit Forensic” can decrypt passwords/volumes from literally anything which stores keys on computer (including even TrueCrypt) with Passware used by governments worldwide; and since the USA government recently said AUMF targets are attempting their own (and assumedly outside Passware powers) encryption software, wouldn’t anyone carrying on TrueCrypt “as-is” be required to say data isn’t safe from hackers with $995 of their own invested in decryption software, and wouldn’t anyone making TrueCrypt truly unbreakable be required to give officials decoding tools or face treatment as if aiding AUMF targets?
ReplyDeleteAs Wikipedia documents, several attempts were made to hack into truecrypt encrypted drives, without success. If there was a weakness as described in this article, they were not able to find it; these were in builds going back to v6. Given the nature of the criminal activity alleged, substantial resources were available to the authorities to crack into truecrypt. One true weakness is not being visible enough to provide an entity to concretely associate truecrypt.org with; whether its for funding or other support, by being too cryptic, the response to it was equally cryptic.
ReplyDelete