Yet even this explanation is not entirely satisfying. “Not to mention people like me deciding to audit it-that’s when it’s no longer fun anymore.” Dr Green is in contact with someone claiming to be one of TrueCrypt’s developers, who confirms that story. “Then all of a sudden you have Glenn Greenwald using it to secure stuff with real national-security implications,” he says.
#Truecrypt security audit free
He blames a mix of burnout and events, pointing out that, over the ten years of its development, what might have been a fun side project for a group of footloose 20-something programmers could well have turned into an unwelcome burden on their free time. But Matthew Green, a cryptographer at Johns Hopkins University who is helping to co-ordinate a formal security audit of TrueCrypt, thinks the real explanation is more prosaic. Since TrueCrypt’s developers shun the limelight, no one can be sure. If TrueCrypt has been similarly clobbered, the sudden shutdown might be designed to warn its users off. A gag order required that the firm’s founder, Ladar Levison, not tell anyone this was happening, something that Mr Levison resisted. It shut itself down in August after the American government came calling, demanding the site’s encryption key, which could be used to unscramble the e-mail of all its roughly 400,000 users. Like TrueCrypt, it was used by Mr Snowden. That is what happened to LavaBit, an e-mail provider which promised to encrypt its users’ messages.
But they have not.Īnother, more paranoid interpretation is that the developers have been tapped on the shoulder by the Men in Black.
#Truecrypt security audit software
But SourceForge, a repository for open-source software which hosts TrueCrypt, reported that it had noticed nothing unusual: “We see no indicator of account compromise current usage is consistent with past usage.” Had they been hacked, the development team might have been expected to say so in public. One theory is that TrueCrypt’s developers have simply been hacked, and that the message is a piece of mischief-making. After Mr Snowden’s revelations, those with a serious need for TrueCrypt would be reluctant to trust BitLocker. But, as security researchers were quick to point out, this is a strange piece of advice. Newer versions of Windows come with their own disk-encryption program, BitLocker, and the message recommends using that instead. TrueCrypt offered a short explanation: the end of Microsoft’s support for its ancient Windows XP operating system.
Mr Snowden’s revelations had boosted its popularity still further.
#Truecrypt security audit code
It is open-source, meaning its code is freely available for anyone to look at. TrueCrypt had been in development (by a group of anonymous programmers) for ten years and was popular with everyone from security-conscious lawyers to journalists with sources to protect and dissidents in countries where too much complaining can land you in prison or worse. The announcement caused plenty of raised eyebrows. It exists only to help users recover encrypted files. A new version was released that was incapable of encrypting anything. It warned that “Using TrueCrypt is not secure as it may contain unfixed security issues”. On May 29th TrueCrypt’s website was updated with a brief, cryptic message.
0 kommentar(er)
