{"id":5625,"date":"2014-05-29T09:53:32","date_gmt":"2014-05-29T13:53:32","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5625"},"modified":"2014-05-29T09:53:32","modified_gmt":"2014-05-29T13:53:32","slug":"truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/29\/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns\/","title":{"rendered":"\u201cTrueCrypt is not secure,\u201d official SourceForge page abruptly warns"},"content":{"rendered":"

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.<\/p>\n

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5\/2014 after Microsoft terminated support of Windows XP. Windows 8\/7\/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms click here for more information. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.<\/p>\n

“The advisory, which Ars couldn’t immediately confirm was authentic, touched off a tsunami of comments on Twitter and other social media sites. For more than a decade, the open source and freely available TrueCrypt has been the program of choice of many security-minded people for encrypting sensitive files and even entire hard drives. Last year, amid revelations that the NSA can decode large swaths of the Internet’s encrypted data, supporters ponied up large sums of money to audit TrueCrypt. Results from phase one of the audit released last month revealed no evidence of any backdoors. Additional audits were pending.<\/p>\n

Matthew Green, a professor specializing in cryptography at Johns Hopkins University and one of the people who spearheaded the TrueCrypt audit, told Ars he had no advance notice of the announcement. He said the announcement appears to be authentic, an observation he repeated on Twitter. He told Ars he has privately contacted the largely secretive TrueCrypt developers in an attempt to confirm the site or get more more details.<\/p>\n

The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this “diff” analysis, appears to contain changes warning that the program isn’t safe to use. Curiously, the new release also appeared to let users decrypt encrypted data but not create new volumes.<\/p>\n

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn’t safe wasn’t a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn’t squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers<\/p>\n

.In either case, it’s a good idea for TrueCrypt users to pay attention and realize that it may be necessary to move to a new crypto app. Ars will continue to cover this unfolding story as more information becomes available.<\/p>\n

via \u201cTrueCrypt is not secure,\u201d official SourceForge page abruptly warns | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[325,1105],"class_list":["post-5625","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-encryption","tag-truecrypt"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1sJ","jetpack-related-posts":[{"id":6128,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/05\/mozilla-warns-of-leaky-developer-network-database\/","url_meta":{"origin":5625,"position":0},"title":"Mozilla warns of leaky developer network database","author":"NCCT","date":"August 5, 2014","format":false,"excerpt":"Mozilla\u2019s website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday. Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations,\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8742,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/microsoft-may-block-sha1-certificates-sooner-than-expected\/","url_meta":{"origin":5625,"position":1},"title":"Microsoft may block SHA1 certificates sooner than expected","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Encrypted sites running old certificates will be inaccessible from modern browsers. By Zack Whittaker for Zero Day While about one-in-four encrypted websites are still using weak security certificates, Microsoft is considering taking matters into its own hands. With the possibility of an attack becoming ever more possible, the software giant\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8666,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/10\/09\/u-s-will-not-seek-legislation-against-encryption\/","url_meta":{"origin":5625,"position":2},"title":"U.S. will not seek legislation against encryption","author":"NCCT","date":"October 9, 2015","format":false,"excerpt":"The U.S. administration will not seek legislation at this point to counter the encryption of communications by many technology services and product vendors, but will work on a compromise with industry, a senior U.S. official said Thursday. \"The administration is not seeking legislation at this time,\" Federal Bureau of Investigation\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7954,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/03\/firefox-37-supports-easier-encryption-option-than-https\/","url_meta":{"origin":5625,"position":3},"title":"Firefox 37 supports easier encryption option than HTTPS","author":"NCCT","date":"April 3, 2015","format":false,"excerpt":"The latest version of Firefox has a new security feature that aims to put a band-aid over unencrypted website connections. Firefox 37 rolled out earlier this week with support for opportunistic encryption, or OE. You can consider OE sort of halfway point between no encryption (known as clear text) and\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2988,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/22\/data-breaches-hit-2-5-million-in-california-in-2012-report-says\/","url_meta":{"origin":5625,"position":4},"title":"Data breaches hit 2.5 million in California in 2012, report says","author":"NCCT","date":"July 22, 2013","format":false,"excerpt":"In the first report of its kind, California's Attorney General, Kamala D. Harris, revealed last week that 2.5 million people\u2014roughly 6.5 percent of the state's population\u2014were exposed by data breaches in 2012. California has always been the go-to state for innovative technologies. A law passed in 2009 requires data breaches\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3235,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/21\/how-easy-is-it-to-hack-javascript-in-a-browser\/","url_meta":{"origin":5625,"position":5},"title":"How easy is it to hack JavaScript in a browser?","author":"NCCT","date":"August 21, 2013","format":false,"excerpt":"This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. Imagine an auth system where you're using a\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5625"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5625\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}