TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure' The website of popular drive-encryption software TrueCrypt has been ripped up and replaced with a stark warning to not use the crypto-tool. It's also distributing a new version of the software, 7.2, which appears to have been compromised. It's feared the project, run by a highly secretive team of anonymous developers, has been …
The proof is in the pudding. When it works, it works. For instance, The Register website works. I do not know who is in charge of it's servers or it's programming, but I don't need to if it's in tip top shape.
However, as you said, if it does not work, then it's more difficult to find a solution. But that is the result of moving responsibility. I'd not suggest going to the trouble of programming one's own encrypted file system, but if it's out of one's hands and in another's, it's down to another to sort out.
If the annihilation faction/operation hasn't secured exclusive control of the PKI key then it'll be very easy for us to identify them and for them to prove they are who they say they are.
The key is as old as the project, so there's a reasonable chance that at least one of the original team has a copy. Although, of course, good practice would dictate destroying all copies except that held by the webmaster/publisher. ...and perhaps that one individual has been the mole all along. Perhaps the TrueCrypt project was an operation to control an interesting encryption project and the decision has now been made that it's time to pull the plug/rug.
I hope someone else has a copy of the key! I hope someone will pop up and drop us a (signed - or even unsigned) note explaining the structure, politics and evolution of the TrueCrypt "team"
This is better than anything I've seen on telly for ages!
7.1a, which was the most recent version for a long time, and the version being audited, and which was signed by the truecrypt dev keys, was valid and had no issues raised with the independant audit.
It comes across as a combination of site hijack (keys compromised, DNS hack, vulnerability?) and possibly the keys have been compromised hence the recent key activity. Guess things will become clear pretty soon, in the meantime stay away from 7.2 and don't be ripping out 7.1a on the back of this.
Does TrueCrypt talk directly to the ALL hardware not using any OS API's is the question you should be asking. Do you trust the firmware for the harddisks processors are safe (all U.S. companies) ? If not, then it it like trying to build a skyscraper in a swamp with no foundation. It may look good today, but I wouldn't like to live there. The real problem is trust, and with secret gag orders, it is hard to trust anything connected with the US (or UK) in any way.
Does TrueCrypt talk directly to the ALL hardware not using any OS API's is the question you should be asking
No, the question everyone should ask is what is my threat model. Whether you want to attempt to mitigate possible threats in OS APIs and drive firmware and the like is not an absolute. The use of any IT system is a trade-off among risks, including security risks.
Part of thinking about security - most of thinking about security - is considering what "security" means for particular use cases, rather than flailing around seeing monsters in every closet.
Matt Green seems to think it's legit.
https://twitter.com/matthew_d_green/status/471752508147519488
I also saw this comment, posted below, on Ars, thoughts?
The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis, appears to contain only changes that warn the program isn't safe to use. Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key. That suggested the page warning TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers. In either case, it's a good idea for TrueCrypt users to pay attention and realize that it's necessary to move to a new crypto app. Ars will continue to cover this unfolding story as more information becomes available.
Consider the logic of it.
The version with the warning is signed with the true private signing key. So it is authentic.
The explanation about this being related to Windows XP support is ridiculous.
The suggestion to use BitLocker is quite telling.
Now suppose that the author received a secret order from a secret court that required the author keep secret the secrecy of the secret order from the secret court. Furthermore, the author was secretly required to turn over his secret signing key to a secret third party.
If you were the author, what would you do? Consider your options.
One is that you could issue an update with a warning that the program is no longer secure. Even though the program really is, at this moment, secure. The only source code changes are to insert the warnings. But what the warnings are warning you about, but cannot just come out and say, is that the program will not be secure in the future because a third party now has the keys to sign authentic new insecure versions.
This wouldn't be unlike Lavabit shutting down. The author is choosing to fall on his sword for the good of everyone.
"The version with the warning is signed with the true private signing key. So it is authentic."
Incorrect. It just means someone had a copy of the private key and knew the paraphrase.
Without knowing how well the key was managed, it offers zero guarantee of authenticity.
Sigh. The signature is how the TrueCrypt authors have chosen to prove, and thus define, authenticity. This version of TC is authentic by the definition used by the authors of TC. Unless you believe in some absolute, Platonic "authenticity"1, claiming that this TC is "not authentic" and that it has 'zero guarantee of authenticity" is specious. It has, in fact, precisely the same "guarantee of authenticity" that every other TC release has.
There is no other such guarantee, in the context of TC; so your argument distills into "this version of TC is exactly like all other versions of TC (in terms of 'authenticity')".
1In which case I have a lovely metaphysics to sell you.
No, I do not agree that this is what a developer shackled by a secret court Order would do. They may do something similar, but instead of advising people to switch to a Microsoft product that they have no way of knowing how secure it is, they would surely advise people to use the last known secure version of the product, (and give the hash that will verify it to be genuine). In addition, they would probably ensure that there is a "leak" of the secret court Order - which of course we may see materialising in the coming days/weeks/months.
Some years ago I wanted to make Truecrypt compatible files from an embedded device, and so looked into the published source code quite deeply. If there was any backdoor in that source, it was exceptionally well hidden. Not that I ever got the source to compile to an exact copy of the published binary - but that is not at all suspicious given that I was not using exactly the same development tools.
@Cynic_999: Do you know what the terms of the order (or rather, National Security Letter) might be? Nor do I. It seems not impossible that it might forbid the authors recommending previous versions of Truecrypt, or in some other way make it impossible for them to do so without breaching the terms of the order. By offering the ridiculous advice that they have offered, they not only avoid that possibility, but make it clear that they are acting under duress.
The site goes out of its way to provide the information needed in order to move data away from truecrypt volumes, for all platforms - not just Windows.
This suggests that it isn't just a malicious hack or take-down of Truecrypt, but a serious atttempt to get people to move their data out of Trucrypt volumes. Therefore one might be inclined towards the theory that the developers are responding to an attempt to subvert the product, or discovery that it has already been subverted.
What is slightly puzzling is the push to download and use version 7.2. Maybe I'm missing something, but wouldn't anyone with a Truecrypt volume already have an earlier version available? If an earlier version can't be trusted, why trust a new neutered version?
It boils down to whether 7.2 is truly just a cutdown decrypt-only truecrypt, or has some little extras put in to take advantage of all that lovely information being passed through it. That would be pretty audacious, I think.
Sure, most people using Truecrypt volumes today have a version of Truecrypt installed - most likely v7.1a
However, what about someone who rediscovers a Truecrypt volume in 5 years time?
If this episode actually boils down to the Truecrypt developers deciding they have had enough of developing Truecrypt, then the sensible thing to do would be to leave available the source and binary that can decrypt all previous versions' volumes so such people can rescue their files. Stripping out the encryption routines is a sensible precautionary measure as the software will be unmaintained going forward, so any subsequently discovered holes or bugs are not going to be fixed - hence removing the possibility that people in the future will rely on a possibly obsolete encryption application. This is very good practise when it comes to security related software.
Encryption methodology and complexity is a moving goal as even with mathematically sound and correctly implemented algorithms it is only a matter of time before the incessant scaling up of computing power renders today's best encryption useless in the face of full on brute forcing. Hence why over the years advice on what length of key to use in any given ecryption scheme has increased time and again. The point being that encryption should only be relied on to keep something "secret" beyond the point it is of any use, not forever.
Care to explain the thumb down thumbdowner?
I was just trying to bring some rational dicussion to the fore, rather than the OMGZ111!!!2! Truecrypt PAN1C headlines that seem to be littering the tech media.
There's always at least One arse here that downvotes everything. Irregardless if the actual comment made, I just try to ignore 'em.
>Irregardless
That's not a word
Frickin' prescriptivists.
Of course it's a word. It's clearly a well-formed sequence of letters that's well within the space of English word formations, and it's widely used and even more widely recognized by English speakers and writers.
It's a redundant, ugly, awkward, and widely-despised word, but it's a word nonetheless.
The site goes out of its way to provide the information needed in order to move data away from truecrypt volumes, for all platforms - not just Windows.
It skims over Linux, just saying "use any integrated support for encryption". They did give the quick instructions for OSX though.
This all happening just as the audit project breaks its silence and promises upcoming "exciting news": giving me a pretty high pucker factor on the whole business. Rather glad I migrated my encrypted drives to LUKS a while back, anyhow.
The main reason at the time for doing that was that Gentoo and a few other packagers were going berserk about its license terms (I forget the details but it related to end-user indemnity IIRC). It wasn't until the Reg reported on the audit that I took note that the developers were actually anons (not Anons, as far as we know haha), which troubled me a lot more to be honest. I mean, in this world there are certainly valid reasons for that choice (e.g. the NSA can't lean on you if they don't know who you are), that inscrutability cuts both ways and just makes it a little hard to trust the project. Mind you, I guess that's what the audit was for (assuming one trusts the auditors).
And of course, making us all uber-paranoid makes the spooks' job even easier in some ways...
Are the developers really that anon though?
I've been vaguely following the audit process and it seems the audit team have direct contact with the developers. Of course that may be via tortuous anonymising routes.
To be fair if I was a developer of Truecrypt, I'd do the exact same thing. I would think creating a tool with the express intention of creating plausibly deniable encrypted filesystems beyond the reach of even national level intelligence agencies is going to end badly one way or another if one were to be associated with it. Be that from vigorous "arm twisting" from both governmental and criminal goons or from some odious smear campaign (by anyone so motivated) that you are developing tools for peado-terrorists to use to hide their activities etc. Roll on the aiding and abetting charges (and coercion opportunities that brings in itself).
In this sphere I'd trust unknown anonymisters over some sprightly startup LLC based in the US to provide this complexity of encryption software.
It will be interesting to see how this plays out over the next few weeks. Whatever happens Truecrypt has passed a point of no return with this move.
One small (and I think interesting) point that I picked up on while reviewing the diffs of the 7.1a and 7.2 source (see https://github.com/warewolf/truecrypt/compare/master...7.2 ) and only seen commented on once on another forum is that as well as all the code changes to remove the encryption routines all the references to localisation that previously referred to "U.S." have been changed to "United States". Now that may just be down to some previously coded changes in underlying libraries requiring the change - but it could also be considered as a not so subtle noisy canary tweeting its last song before turning its toes up.
I did acknowledge that there are valid motives for anonymity, and like you I'd be lairy of it if the devs were a "sprightly startup LLC based in the US" (especially the US part!). But that's just an exploration of alternative realities; if we're going there, I'd much rather the devs were a traditional OSS collective of known, established experts in the field, based in all corners of the globe so it'd be hard to impossible for them all to be under the thumb of a single espionage agency or criminal network.
When software is born as a decentralised global operation, it's damn hard if not impossible for it to be subverted to the whims of any one country. When audits are carried out, ideally that process ought to happen in the same context.
Just checked my rarely used Win7 partition for Truecrypt install files but all I have is a v7.1 (NOT v7.1a) installer file dated Tue 03 Jan 2012 14:40:01 GMT - which would coincide with when I purchased this particular machine.
So whilst I cannot answer your question I am going to post the sha1 for that installer file.
mourner@mint13-laptop ~/Desktop $ sha1sum ./TrueCrypt\ Setup.exe
5910a05bf671a385c2c5967171aa1c5509a3d3ee ./TrueCrypt Setup.exe
As far as I know that is the sha1 hash of the unadulterated v7.1 (NOT v7.1a) Windows installer.
This post has been deleted by its author
.. under which jurisdiction this project runs?
If it's in the US (and sourceforge is), then there are all sorts of interesting things that can happen to both the service it's hosted on and the people that work on the project, all neatly legalised under federal laws brought into play post 9/11. Given that none of the people involved with the project have made public statements so far it is not unreasonable to assume that they have been served with something official. That'll be my assumption until I hear from someone near the project.
Bonus questions:
1 - maybe the key was breached? That creates a whole chain reaction of problems.
2 - what will happen with the review project and the money sourced for it?
Gazing back through the murky mists of time... I see... shapes... familiar shapes... shapes on a map... I see... Germany and... Eastern Europe.
Not sure how accurate my recollection of that is and the contributors always protected their anonymity. Which is a VERY GOOD thing.* But that's what I recall from the conception of the project.
I certainly got no US connection concerns until a few years after the project began, when up popped something called "TrueCrypt LLC" - a company registered in Nevada. "Zoikes! Why the US, when the US is so hostile to strong cryptography in general and TrueCrypt in particular" was my thought at the time... much as you're expressing now.
Thinking about it then, I concluded that TrueCrypt LLC wasn't that significant. It's probably a sort of front-of-convenience established by a sympathetic party for the convenience of the collective. For the developers to strictly maintain their anonymity (A VERY GOOD THING) various mundane tasks would become rather difficult and I concluded that this was just a presence to ease that situation. Managing the (US based) domain registrations, hosting, etc... collection and distribution of donations... all that sort of stuff which involves transfer of funds and proof of identity. Tricky if you wish to remain anonymous!
Thinking about it again now, more than half a decade later, I'm inclined to think that was all pretty close to the mark... and is the key to all the recent shenanigans.
As time passes, what appeared at first glance to be a simple sarcastic website defacement, is looking ever more wilful and premeditated. The files appear to have been prepared well in advance. The defacement is FAR more involved and considered than necessary - preparing all those screencaptures alone was not an insignificant endeavour. The content appears contrived to achieve maximum alienation... everyone sufficiently sophisticated to be using TrueCrypt will be aware of Bitlocker. Of the plethora of free, open, mature and trustworthy alternatives, why design and publish a giant poster proclaiming "use the NSA crippleware" to that audience? We know about the NSA option! That's why we're HERE! Almost as offensive as, after ACRES of verbose handholding for Windows users, that lone "fuck off" oneliner served to the Linux crowd... that must have hit a raw nerve square on! And so on. This was certainly no casual hoax.
If TrueCrypt LLC was what I think it was, then the entity behind it had injected themselves into a position of GREAT influence within the project. Control of the funds, control of the primary communication medium and as publisher perhaps sole control of the authentication keys. The perfect position from which to achieve exactly what we have just witnessed.
This hasn't been a simple website defacement. It's a carefully planned and executed coup d'état.
*There's been CONCERTED HEAVY PRESSURE from parties within the US against anonymous development of free and open security related projects. It's even bubbled up in these very threads. Always exactly the same doublethink. The Tails developers have been particularly relentlessly battered. This is COINTELPRO. In such matters, interesting security matters, anonymity is A VERY GOOD THING. Think about it. Think HARD.
One of the problems with encryption software is that it is product dependant. Irrespective of which alogorythm is used the same software package to decrypt it is essential. Which poses a long term problem that the software youuse today may not be available tomorrow if you need to reinstall it to get hold of some important data.
Compare this to, say, ZIP or office software. MS Office/open Office/Libre office etc etc. can all open each other's files. Ditto 7zip etc.
There's more difference between your counter-examples than between some of them and TrueCrypt. The key is openness of the spec (file format).
TrueCrypt's file/volume format is open, as is ZIP, as is OpenDocument as used by OOo/LO. That means that as long as there's a demand and somebody, anybody, can be arsed doing the work, then that software will exist.
MS Office formats, on the other hand, are either proprietary (in the case of the old binary formats) or specced so vaguely that they're virtually impossible to implement properly (OOXML). Never mind the future, you can't use these formats with perfect fidelity now unless you have the right version of MSOffice. The third-party solutions that you do have are either reverse-engineered or have done their best (which is never going to be enough) to adhere to a 6,000-page spec full of undocumented gubbins whose meaning is buried in the (still proprietary) workings of those old binary formats.
Whew! Rant over, but I hope you get my point. As long as there's the demand and someone willing to meet it, there will always be software capable of doing exactly what TrueCrypt does. Office 97? Not so much.
TrueCrypt had a quite functional, if not very eye-catching website, which has been replaced by a primitive HTML page that you can throw together in two minutes. The source code for "7.2" is peppered with inane "INSECURE_APP" messages. The binary was signed with a different key. Can anyone seriously believe that this is the work of the original developers?
Whatever the motivation, this looks like a rather obvious security breach regarding the project's SourceForge account. No more and no less.
(I mean... switch to Bitlocker? That's not even a good troll.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
