Now that TrueCrypt is done for, what is a good free partition encryption tool? Or should I just encrypt my entire drive with Bitlocker? I really don't want to encrypt my entire drive, just a small part of it. What kind you any of you use? is there any software that has been know to be hacked or have a backdoor for the GOOBERMENT? Is Microsoft a trust company for encrypting my data?
Now that TrueCrypt is gone
- Thread starter atlasmike
- Start date
Markverhyden
Well-Known Member
- Reaction score
- 11,094
- Location
- Raleigh, NC
http://www.gpg4win.org/
But I still find the whole truecrypt "demise" to be very odd. Why would they specifically recommend bitlocker? This coincided with the release of the first round of analysis of the TC source code. While the first part found problems, mainly related to coding, there was nothing to indicate it had a backdoor. They are supposed to continue evaluating the rest but have not heard anything.
At any rate there is a development vector using the original source code that I saw when this all came down. truecrypt.ch.
But I still find the whole truecrypt "demise" to be very odd. Why would they specifically recommend bitlocker? This coincided with the release of the first round of analysis of the TC source code. While the first part found problems, mainly related to coding, there was nothing to indicate it had a backdoor. They are supposed to continue evaluating the rest but have not heard anything.
At any rate there is a development vector using the original source code that I saw when this all came down. truecrypt.ch.
- Reaction score
- 183
- Location
- Kirkland WA
Truecrypt isn't gone, still happy to recommend it for Windows 7 home/pro users that are required to use disk encryption.
Truecrypt was not the type of software you need to update - so the last build is safe for quite a while in all likelihood.
https://www.grc.com/misc/truecrypt/truecrypt.htm
Truecrypt was not the type of software you need to update - so the last build is safe for quite a while in all likelihood.
https://www.grc.com/misc/truecrypt/truecrypt.htm
nlinecomputers
Well-Known Member
- Reaction score
- 8,595
- Location
- Midland TX
There is no certainty in that. It is one of the reasons the audit was being done to confirm that it was secure and had no backdoors. Steve Gibson needs to stick to spinrite.
pctechforhire
Member
- Reaction score
- 45
- Location
- Montgomery, AL
I feel quite certain about it. TrueCrypt is not dead. And Steve Gibson's analysis of it is spot on.
And, the audit is continuing. In the end, I'm confident that the audit will show that it is still a viable solution.
nlinecomputers
Well-Known Member
- Reaction score
- 8,595
- Location
- Midland TX
Gibson's take on it is to ignore the warning issued by the authors.
They didn't just stop development. They didn't say "it might have issues that will not be corrected use at your own risk."
They flat out state the product is NOT SECURE and advised everyone to immediately STOP using it and to switch to products they themselves advised NOT using in the past.
To me that says don't use either. And you are foolish if you do.
And frankly the whole anonymous authorship of Truecrypt should have given anyone concerned with security a red flag. Hindsight being 20/20 I will never again trust a security package from anonymous authorship.
If after a full audit of the code the product is found to be clean I will consider it. To trust it NOW before that audit is complete is totally foolhardy.
They didn't just stop development. They didn't say "it might have issues that will not be corrected use at your own risk."
They flat out state the product is NOT SECURE and advised everyone to immediately STOP using it and to switch to products they themselves advised NOT using in the past.
To me that says don't use either. And you are foolish if you do.
And frankly the whole anonymous authorship of Truecrypt should have given anyone concerned with security a red flag. Hindsight being 20/20 I will never again trust a security package from anonymous authorship.
If after a full audit of the code the product is found to be clean I will consider it. To trust it NOW before that audit is complete is totally foolhardy.
frederick
Well-Known Member
- Reaction score
- 154
- Location
- Phoenix, AZ
So here is my thing: No support for a program that is supposed to be used for encryption? Not gonna use it.
Plain and simple, and if you are going to recommend it to those who have to use it for compliance reasons, you are a fool! Say this audit goes through, it's found to be alright, no issues. Then 3 months later, BAM! An exploit, a backdoor, a freakin welcome sign is found...and guess what...your client's data is hacked, jacked, and stolen because of it months before. All because you used a program that support was dropped for.
When talking about someone who has to use a program to protect sensitive/confidential information, I want support. I want an 800-number, an email address, something, because my rear is on the fire too. I can't believe you would say...
For anyone else just wanting to keep their wife and kids out of their p0rn stash, no problem.
As for BitLocker, yes. I use it for a lot of things, and I recommend it. Bitlocker is validated for FIPS 140-2, TrueCrypt is not. In fact, I couldn't find TrueCrypt anywhere on the NIST validation for 140-1 or 140-2.
That's my $0.02
Plain and simple, and if you are going to recommend it to those who have to use it for compliance reasons, you are a fool! Say this audit goes through, it's found to be alright, no issues. Then 3 months later, BAM! An exploit, a backdoor, a freakin welcome sign is found...and guess what...your client's data is hacked, jacked, and stolen because of it months before. All because you used a program that support was dropped for.
When talking about someone who has to use a program to protect sensitive/confidential information, I want support. I want an 800-number, an email address, something, because my rear is on the fire too. I can't believe you would say...
For anyone else just wanting to keep their wife and kids out of their p0rn stash, no problem.
As for BitLocker, yes. I use it for a lot of things, and I recommend it. Bitlocker is validated for FIPS 140-2, TrueCrypt is not. In fact, I couldn't find TrueCrypt anywhere on the NIST validation for 140-1 or 140-2.
That's my $0.02
Vicenarian
Active Member
- Reaction score
- 19
Same here, until Truecrypt is fully audited, then Bitlocker is my go-to solution.
Markverhyden
Well-Known Member
- Reaction score
- 11,094
- Location
- Raleigh, NC
Absolutely correct. It's one thing for us to use some Open Source Software package for personal uses. But when it comes to a business that has it's rear, and that means my rear as well, on the line solutions need to be a real business with someone to contact, etc.
If the poo starts flying and the vultures start looking for a meal telling them it's OSS is the worst thing that could happen. I had a conversation several years ago with my insurance agent. One of the things I came away with is that if I do not engage in due diligence during my normal business practices the underwriter might easily limit or deny all coverage.
In that particular conversation we were discussing using additional help. It's just me, myself, and I for now. But if I hired an employee, even part time, a background check is mandatory. She said that if the underwriter discovered that the person involved had prior events related to the lawsuit, say assault or theft, they would deny coverage if no background check had been performed.
Similar threads
