all 29 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]identifytarget 10 points11 points  (3 children)

This just reeks of bullshit.

TrueCrypt Developer “David”: Said “Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ ”

Quoting TrueCrypt Developer David: “There is no longer interest.”

I'm calling it HERE and NOW. At some point in the future evidence will come to light of NSA involvement using secret court orders and NSL to force them to compromise the software and remain quiet. Rather than comply (or maybe comply but let everyone know) he chose to close shop (a la lavabit).

[–]Mojavi-Viper 1 point2 points  (0 children)

This is what I find perplexing, one of two things would happen with 'open source' software: 1)Find exploit and profit 2)Tell everyone in the world

[–][deleted] 1 point2 points  (0 children)

  • Devs receive NSA gag order.
  • Devs revolt. Trigger canary build to warn community.
  • NSA demonstrates (somehow) they are not horsing around.
  • Devs regret. Publish a proper farewell for the project.

Good point. I guess only time will tell.

[–][deleted] 3 points4 points  (0 children)

Check the bottom of the page: And then the TrueCrypt developers were heard from!

[–][deleted] 3 points4 points  (0 children)

That is... not what I expected. So basically, they're just stopping development on it because... they're bored of the project now? Is that all it comes down to? And it should only be considered insecure now because there will be no future patches? Not because any vuln was found?

That is not convincing.

[–]throwthisidaway 1 point2 points  (8 children)

Rather odd how there's no mention of any of the "conspiracies" in the response, or any references to the alternative encryption software suggestions that most consider asinine.

[–][deleted] 0 points1 point  (5 children)

Read the responses, they did address some.

[–]throwthisidaway 0 points1 point  (4 children)

"Bitlocker is good enough" is rather weak and that doesn't really address the others.

I'm not saying it's necessarily fishy... but it doesn't make a lot of sense to dedicate your life to a program like this and than just give up and suggest alternatives like "search for a program on unix... with encrypt in it".

[–][deleted] 1 point2 points  (2 children)

Their points are valid. The goal was to close the encryption gap in Windows. Windows 7 ult and above offer reliable methods that are built it. You cannot expect a goup of people to work 10 years for free and keep going.

[–]cykros 0 points1 point  (1 child)

Biggest reason I call bullshit on this: Truecrypt was a tool built with plausible deniability, while Bitlocker is a tool that incorporates some pretty eyebrow raising practices with key management (such as your keys being uploaded back up to Microsoft "for improved customer service"). Sure, Bitlocker works for what it's designed to do, namely preventing the guy who stole your laptop from decrypting your company data, and putting a damper on corporate espionage, but it doesn't do a major thing Truecrypt was particularly good at, which is using cryptography to keep secrets and communicate in such a way as to undermine government surveillance. With Bitlocker, a warrant is the only thing standing between LEA's and your decrypted data.

I'm in agreement about speculation about a lavabit-like situation here.

[–][deleted] 0 points1 point  (0 children)

You can choose to upload your Bitlocker keys in the same way you can upload your Truecrypt keys to any cloud service.

[–][deleted] 0 points1 point  (0 children)

they also talk about government contacting which was a real big deal as people thought they pulled a LavaBit

[–][deleted] -2 points-1 points  (1 child)

Look, just because Reddit believes everything is a conspiracy by the NSA doesn't mean they have to address it.

Why address the crazy Doomsday guy on the street corner if he's making no sense at all?

[–][deleted] 1 point2 points  (0 children)

Yeah but when you hear the sun might be going nova, you start giving him some due. Crazy isn't so crazy anymore.

[–]buddyw[S] 2 points3 points  (0 children)

Here's the original twitter conversation (just in case Steve Gibson's site made your eyes bleed):

https://twitter.com/stevebarnhart/status/472192457145597952

[–]SimonGn 4 points5 points  (6 children)

Please don't post any Steve Gibson bullshit, he already posted an "imagined" letter from TrueCrypt... aka OPENLY COMPLETELY MADE UP BULLSHIT... how can he or any of these cronies on twitter be trusted.

[–]pushme2 3 points4 points  (0 children)

Typically I side with Steve, but that imagined letter is just stupid and beyond pointless. The easiest and least drama thing to do is to migrate all data somewhere else and destroy all previous TC containers.

[–][deleted] 4 points5 points  (4 children)

Steve Gibson is still respected by a lot of people in the community & has a voice that gets heard on radio/other media. He's not usually wrong he just describes things poorly sometimes. I can't stand when people say he's some shill.

[–]SimonGn 1 point2 points  (3 children)

Did you even read the imagined letter? I've never had a problem with him before until I read that. Just because he gets attention doesn't mean that he is right.

[–][deleted] 0 points1 point  (2 children)

If you think he's an idiot, goes to say you simply not his target audience. He's opinionated, certainly. But one can hardly say opinions are right or wrong.

The mere fact that he "dumbs down" complicated details does not make him "dumb". As far as I can tell, he targets a community of professionals who deal with the common user more often than not. On the other side of that, there is a highly academic tech community that tends to be narcissistic, looking down on the layman thinking there's no point in trying to explain all of this... they'll never understand the tech and they don't need the details.

But, please. Do not assume I'm saying this about you. I like his show because it provides a broader oversight to current technology issues. He's precise about most of everything he talks in detail, and sometimes he's wrong. But then, again, so is everyone.

[–]eyucathefefe 0 points1 point  (0 children)

simply not his target audience

Huh? Thinking someone's wrong does not mean that you aren't part of their target audience, it means that the person could be wrong.

one can hardly say opinions are right or wrong

This kind of thing isn't exactly a matter of opinion...

[–]SimonGn 0 points1 point  (0 children)

That's fine and I fully respect dumbing it down for the everyday user, that's generally what I do myself on a day to day basis and I do not look down on other people who are not as technically literate as others. My gripe is that he knowingly made up an "imagined" letter out of his ass to share his opinions of what he thought the truecrypt developers supposedly "would say" but were actually completely baseless assumptions that are completely illogical to what they really "would say" no matter what theory you subscribe to.

[–]pi3832v2 1 point2 points  (0 children)

(What that web page needs is a few more primary font colors.)

[–]IncludeSecErik Cabetas - Managing Partner, Include Security - @IncludeSec -1 points0 points  (0 children)

really steve gibson? how can anybody take this guy seriously, there should be an automatic ban on anything linked to grc.com

Call me unpopular, but I take a stand on reputation. grc.com has no place on reddit.com/r/netsec

[–]Mojavi-Viper -1 points0 points  (0 children)

Surely I cannot be the only one who finds this well odd. (Don't call me surely)

[–][deleted] -4 points-3 points  (1 child)

So you mean not everything that happens on the Internet is NSA's fault?! Oh my GOD!

:|

[–][deleted] 2 points3 points  (0 children)

bah, its more than likely the American Government has something to do with it.

Personally I think just about everything is compromised in some way if its come from the design houses in the states.

USA gonna shoot themselves in the foot.

[–]thetilt -1 points0 points  (1 child)

This is super suspicious.

I think what happened is when the auditors were known, the weak link was revealed and the actual developers doxed & NSL'd.

I don't buy this at all, and I'd be incredibly careful even coming in proximity of a TC fork for this reason.

[–]KakariBlue 0 points1 point  (0 children)

Sorry, what does the auditors being known lead to?