Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Truecrypt development stopped. Recommend changing to Bitlocker.
Comments
-
-
-
-
The security concerns surround the Windows version only. There's a string of encrypted data in the volume headers which might contain the actual password to unlock the containers. Interestingly in the Linux version the same string of data is just a string of zeroes.
Of course since it's no longer in active development, there's no real way yo can be sure of your data being safe so might be best to use something like Veracrypt.
Well that's it, will be best to use the newer forks. But we're also assuming that they're not working the same type of volume header encryption as truecrypt and that it's all above board, again it would need to be audited. Can you really trust anyone?
0 -
Well that's it, will be best to use the newer forks. But we're also assuming that they're not working the same type of volume header encryption as truecrypt and that it's all above board, again it would need to be audited. Can you really trust anyone?
You can trust open source code you've checked and compiled yourself - sadly in the case of Truecrypt it wasn't really possible to check that the Windows installer available on the website was compiled from the publicly available source code line for line - also it apparently is very convoluted and difficult to lock down!
I suppose it's best to go with the traditional method of seeing security as a mindset and employing multiple layers of encryption...
Even when I had a Truecrypt encrypted USB stick, this in turn contained an encrypted file container I had created with the program tomb (which is simply a very easy way to use Linux built in encryption tools dm-crypt and cryptsetup.
I think the command line tool tcplay has previously been mentioned which can create Truecrypt style containers without any of the messy code and security concerns too.
Take your pick! 0 -
Advertisement
-
-
-
-
Hotblack Desiato wrote: »Ah but did you compile the compiler yourself - and did you compile the compiler you compiled the compiler with yourself - and did you compile the compiler you compiled the compiler you compiled the compiler with yourself - and...
Yes. 0 -
-
Advertisement
-
-
howamidifferent wrote:Flaws
Great article, thanks! Gratifying to know that the flaws have been fixed in Veracrypt, as I use Linux version.
According to the article Windows users may still be using Truecrypt as there aren't many encryption options for the OS.
Compare and contrast with Linux which has built in encryption options via tools like LUKS, dm-crypt and gpg - there really is no comparison when it comes to security! 0 -
-
I'm going to wait the couple of days until he releases what the "flaws" are before moving any machine's over to Veracrypt.
If it's a case where it's extremely complicated to reproduce the exact criteria to access the data, then it's not an immediate threat to the users I have on truecrypt. However, if it means the volumes/containers can be accessed externally (i.e. pop the hard drive out) with little difficulty, I'm going to have a very busy week.
Do you have many machines using Truecrypt Bob? I completely understand your options on Windows are limited. It's a shame that Veracrypt can't open Truecrypt containers any more!
Update : It seems according to Veracrypt FAQ that the software actually still can open Truecrypt volumes and can be installed alongside Truecrypt without any issues. We need more info as you say on what these flaws are! 0 -
-
I still will use truecrypt for file containers. It's much handier than Vera. I just use it for privacy not security.
I must try Vera again. I didn't like it the last time I tried it. Was a bit clunky.
There's a few commercial options for windows. You see those a lot in big organisations.
Can I ask beauf what you mean about using Truecrypt for privacy but not for security?
As you say there are a few alternatives for Windows - I wonder though how many there are for system encryption - haven't used Windows for a long time!
Update : My learned friends has pointed me to this website for encryption program alternatives, particularly if you don't fancy relying solely on Bitlocker.0 -
-
I just if I lose the device, laptop, flash drive, so regular scrotes can't muck with it. I doubt they'll be able to use these flaws to decrypt the data. I'm not encrypting any sensitive information. Or all my account details in the caymans. That warrants attention from someone more technical. I'd be more at risk from hacker exploiting some browser flaw, when I was logging on to something, or buying something.
Ah, I see what you mean, you're not trying to protect yourself from jackbooted government thugs seizing your equipment so much as idiotic thieves who might break in and steal it, gotcha!
You're right in saying that there are many more risks associated with going online. Then again if you encrypt your data on an airgapped machine you're very unlikely to have issues either way - not very helpful though if you want to buy an airline ticket online I admit! 0 -
-
-
Advertisement
-
Do you have many machines using Truecrypt Bob? I completely understand your options on Windows are limited. It's a shame that Veracrypt can't open Truecrypt containers any more!
Running it on a couple of personal machines, not so much on clients, except for some that just wanted basic encryption without the cost of management etc...
I was using it on work flash drives for years, but moved to hardware based encryption for ease of use.
Again I don't transport anything that's sensitive, but it'd be a pain in the hole and embarrassing if I potentially lost client data (sensitive or not) that could be picked up by someone off the street.0 -
Running it on a couple of personal machines, not so much on clients, except for some that just wanted basic encryption without the cost of management etc...
I was using it on work flash drives for years, but moved to hardware based encryption for ease of use.
Again I don't transport anything that's sensitive, but it'd be a pain in the hole and embarrassing if I potentially lost client data (sensitive or not) that could be picked up by someone off the street.
Again this is one of the beauties of linux... the disk manager can format and encrypt a USB drive with AES straight out of the box... Pleased to hear you're keeping your customer's information safe, I wish all companies were that obliging! 0 -
-
-
-
Advertisement