Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Realcrypt/Truecrypt Gone?

  1. #1

    Default Realcrypt/Truecrypt Gone?

    Greetings All,

    According to the Truecrypt Web site http://truecrypt.sourceforge.net/
    Truecrypt is no longer supported or recommended. Is this also true with Realcrypt?

    If so, what (if any) is the replacement? I DEPEND on this program to access my data
    using both encrypted containers and full disk encryption.

    Thanx in advance

    Rich

  2. #2
    Join Date
    Oct 2011
    Location
    Germany (Ore Mountains)
    Posts
    427

    Default Re: Realcrypt/Truecrypt Gone?

    Until we get to know, what this is all about:

    Keep your current version and do not download/install anything from their website.

    regards,
    Hendrik

  3. #3
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,294
    Blog Entries
    1

    Default Re: Realcrypt/Truecrypt Gone?

    Yeah, the version they are providing now only decrypts, and does not encrypt articles say.
    "Linux provides freedom, problem is most users don't know what it is or how to use it." ~me
    Friends don't let Friends wear red shirts on away parties!
    Linux User #477531 | Danbury Area Computer Society (www.dacs.org)

  4. #4

    Default Re: Realcrypt/Truecrypt Gone?

    If anyone needs the truecrypt-7.1a-linux-x64.tar.gz or truecrypt-7.1a-linux-x86.tar.gz files, just let me know.

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,068

    Default Re: Realcrypt/Truecrypt Gone?

    On Thu, 29 May 2014 15:36:01 +0000, dragonbite wrote:

    > Yeah, the version they are providing now only decrypts, and does not
    > encrypt articles say.


    In addition, there's a suggestion floating around that the 7.2
    "decryption-only" version may be compromised as well.

    Until we have news from someone with actual knowledge of the situation, I
    would advise (a) not panicing, and (b) wait until more information is
    available.

    What I read about this yesterday included a comment from one of the
    people involved in the code/security audit, who said that he hasn't been
    able to reach the developers (whom he apparently knows) to find out
    what's going on. He said that the version used in the review - 7.1a -
    had a few minor issues they found, but nothing critical or particularly
    earthshattering. They were going to make some sort of announcement about
    the audit this week, but he said this wasn't what was planned, to his
    knowledge.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,304
    Blog Entries
    2

    Default Re: Realcrypt/Truecrypt Gone?

    Although commercial solutions to crack TrueCrypt almost immediately(claim within 30 min) by dumping a copy of existing memory when a TrueCrypt encrypted partition is mounted and simply locating the keys as identifiable strings have been around for a few years now, the problem has gained new visibility recently.

    The current recommendation is to implement something like LUKS instead.

    TSU

  7. #7
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,641
    Blog Entries
    3

    Default Re: Realcrypt/Truecrypt Gone?

    Quote Originally Posted by richardrosa View Post
    If so, what (if any) is the replacement? I DEPEND on this program to access my data
    using both encrypted containers and full disk encryption.
    When I decided to go with disk encryption, I went with LUKS. This is mainly because it is better supported in the kernel and in linux distros.

    The one thing that TrueCrypt had going for it, was that it was a common method that could be used with Windows and linux.

    I personally don't do very much on Windows, so I had no incentive to try TrueCrypt.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  8. #8
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,294
    Blog Entries
    1

    Default Re: Realcrypt/Truecrypt Gone?

    <Conspiracy Theory>

    If this is something caused by the NSA or some such agency, they may also be under some "gag order" like restraint and are not free to talk about any of the dealings at this point.

    After reading this article and hearing the method/tactics used, Why Lavabit shut down: Founder explains 38 days of legal hell, I can only imagine what could be going on and can understand for the abrupt shutdown of TrueCrypt!

    It may also be a form of protest, if they are not allowed to talk about it. It has brought up speculation and is getting people talking & thinking about security and privacy a bit more.

    I hope I didn't get too political for the forum...

    </Conspiracy Theory>
    "Linux provides freedom, problem is most users don't know what it is or how to use it." ~me
    Friends don't let Friends wear red shirts on away parties!
    Linux User #477531 | Danbury Area Computer Society (www.dacs.org)

  9. #9

    Default Re: Realcrypt/Truecrypt Gone?

    some really interesting comments on Reddit - http://www.reddit.com/r/netsec/comme..._ended_052814/

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,304
    Blog Entries
    2

    Default Re: Realcrypt/Truecrypt Gone?

    Quote Originally Posted by cra1g321 View Post
    some really interesting comments on Reddit - http://www.reddit.com/r/netsec/comme..._ended_052814/
    Skimming your link, it looks to me like just a lot of uninformed speculation and imagination gone wild.

    As I described, there is a fundamental flaw to <all> (yes, the whole family) of encryption solutions that function like Truecrypt, and that includes Microsoft's much-bally-hooed Bitlocker... The approach is just fundamentally flawed as of today.

    You can look it up, Passware and Elcomsoft released tools in 2012 that capitalize on fundamentally how things work by parsing out the unencrypted keys in memory whenever the partition or disk is mounted. It's so fundamental to how machines work, it's doubtful there can be a solution any time soon.

    The commercial tools are themselves just optimized versions of open source tools which have been widely available for decades. It just took someone to figure out the vulnerability and now there is no answer.

    Bottom line, don't use Truecrypt if you really don't want someone to access your data. It's broken. Don't use an old version which is what some people are saying, that's totally ignoring the problem that Truecrypt can't guarantee your data is protected.

    TSU

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •