[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] TrueCrypt?

To: <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] TrueCrypt?
From: "Dennis E. Hamilton" <dennis.hamilton@xxxxxxx>
Date: Thu, 29 May 2014 16:29:33 -0700

In the various accounts and discussions all around the Internet, I had been 
baffled by the mention of Windows XP support end-of-life.

On reflection, I can see why there might be concern for the vulnerability of 
TrueCrypt, and user keys, on a platform for which there is no longer any 
security support.

The observation that there are existing solutions on the major 
currently-supported platforms makes sense in that context.  Concerning the 
mention of Bitlocker, I note that Bitlocker is available on Windows 8.1 Pro and 
works just fine given the hardware that Windows 8 and 8.1 require anyhow.  (I 
am not in a position to know whether "works just fine" means Bitlocker is 
highly secure or not.  At least it is not password based and one should remove 
and squirrel away the USB key after powering up and certainly not leave it 
inserted in a powered-down system.)

I have no idea what the actual trigger of the TrueCrypt shutdown is.  


 -- Dennis E. Hamilton
    dennis.hamilton@xxxxxxx    +1-206-779-9430
    https://keybase.io/orcmid  PGP F96E 89FF D456 628A


-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces@xxxxxxxxxxxx] On Behalf Of 
Barkley, Peter
Sent: Thursday, May 29, 2014 13:47
To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] TrueCrypt?

+

http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ 

-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces@xxxxxxxxxxxx] On Behalf Of 
Anthony Fontanez
Sent: 2014, May, 28 10:21 PM
To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] TrueCrypt?

I'm surprised I haven't seen any discussion about the recent issues with 
TrueCrypt.  Links to current discussions follow.

/r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
/r/netsec: 
http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/

[ ... ]


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] TrueCrypt?
  - From: Anthony Fontanez
- Re: [FD] TrueCrypt?
  - From: Barkley, Peter

Prev by Date: [FD] Bizagi BPM Suite contains multiple vulnerabilities
Next by Date: Re: [FD] Full disk encryption for OS X alternative to TrueCrypt
Previous by thread: Re: [FD] TrueCrypt?
Next by thread: Re: [FD] TrueCrypt?
Index(es):
- Date
- Thread