back to article TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …

COMMENTS

This topic is closed for new posts.
  1. Anonymous IV

    "Perhaps we will never know"

    Quite possibly not, but that surely doesn't stop a necessary and sufficient quantity of Conspiracy Theories being hatched.

    1. Matt Bryant Silver badge
      Joke

      Re: Anon IV Re: "Perhaps we will never know"

      "....Conspiracy Theories...." Come on, everyone knows it was Richard Grenell that done it! It's Swift Boat Part Three - The Decryption Affair!

    2. Anonymous Coward
      Anonymous Coward

      Re: "Perhaps we will never know"

      If my limited experience of releasing free software is anything to do by, they probably got fed up with the endless whiners and complainers. Its amazing the number of people who seem to think they're doing you a favour by using your program and think you owe them 24/7 attention for every tiny issue, rather than you having done THEM a favour by writing and releasing it for free in the first place. I can't be bothered with that school playground attitude any more - if they want help now they can pay me or they can just feck off.

      1. Dave_uk

        Re: "Perhaps we will never know"

        No sure I agree with you about them stopping due to whinging users, but I do definitely agree they should pay or "they can just feck off".

  2. Gordon 10
    Stop

    License smicense

    It would be rather surprising if the developers tried the enforce their License with the result they'll lose their anonymity.

    The only real deterrent in that License is a mild case of FUD.

    1. Anonymous Coward
      Anonymous Coward

      What the hell's supposed to be wrong with the licence???

      It says "Fork if you like just don't call your project "Truecrypt" or "Truecrypt+" or "Truecrypt2" or "TruecryptPro" or "TruecryptUltra" or... anything else which could deceive people into thinking it's associated with our project"

      What could possibly be fairer than that?

      Certainly didn't cause any problem for Mandriva when the repackaged and incorporated TrueCrypt into their project under the name "RealCrypt"

    2. Yet Another Anonymous coward Silver badge

      Re: License smicense

      Until they, or their heirs, or the bank if they default on their mortgage - sell the rights to a patent troll who go after every Linux distribution and corporation using Truecrypt.

      Either pick some name like TPFKAT or just hit the dictionary and call it something else.

      1. Mark 85

        Re: License smicense

        Clonecrypt? or go the other way: CryptClone?

        1. Rhomboid
          Joke

          Re: The name game

          Crew Tripped (Hoffman fork)

          Spooky Crypt (bare bones edition)

          L337 Krypt (Skiddy version)

      2. Destroy All Monsters Silver badge

        Re: License smicense

        sell the rights to a patent troll who go after every Linux distribution and corporation using Truecrypt

        And is then royally ignored by everyone because it's about copyrights and trademarks.

        1. Yet Another Anonymous coward Silver badge

          Re: License smicense

          Patent trolls will sue over copyrights and trademarks as well.

          The point being that "they are good guys don't worry" doesn't work when they sell to bad guys

          1. Anonymous Coward
            Anonymous Coward

            Re: License smicense

            "Patent trolls will sue over copyrights and trademarks as well."

            Not when YOU DON'T (MIS)USE THEM they won't.

            "The point being that "they are good guys don't worry" doesn't work when they sell to bad guys"

            No, it neither works nor "doesn't work" - "the point" doesn't make a difference. "The point" doesn't exist. "The point" is a bizarre and irrational figment of your imagination.

            No one (not even your "bad guys") has powers of timetravel. No one (not even your "bad guys") has powers to retrospectively re-licence anything. TC 7.1a was released by its owners and publishers under what they called the Truecrypt 3.0 Licence. TC 7.1a will always have been released by its owners and publishers under what they called the Truecrypt 3.0 Licence. Anything based on TC 7.1a must comply with the (remarkably permissive) Truecrypt 3.0 Licence - just is it always had to and just as is always* will do.

            *Thanks to the mystical powers of The Disney® Corporation Inc., and Political Corruption™ the moving goalposts of copyright expiry now seem to be infinity away.

    3. Havin_it

      Re: License smicense

      IMHO the licence isn't problematic so much for the part highlighted in the article at all: it's far more because it doesn't (implicitly or explcitly) offer copyright immunity to users or distributors. People seem to have forgotten about this but it's the reason it's still on a number of distros' shit-lists and why the OSI wouldn't validate it as an open-source license (meeting the OSD).

      A (rather dry legalese) analysis was given here. TL;DR Conclusion:

      In effect TrueCrypt ought to be waiving certain of its rights for this to be operative as a license. Free software licenses do involve waivers of rights.

      Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).

      The precise implications for forkers of all this are beyond me, but the devs clearly don't want a direct fork of their codebase, and they or a representative might even be prepared to break cover to sue. And the above demonstrates that they have a basis on which to do so, and even to start suing users if they want.

  3. Hit Snooze
    FAIL

    Journalists nowadays

    "The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure."

    "They blamed the Microsoft's discontinuation of official support for Windows XP..."

    "The real reasons why TrueCrypt.org pulled the plug remain unclear. In the absence of any convincing explanation, conspiracy theorists have suggested TrueCrypt was shut down, Lavabit-style, in response to pressure from the feds or spy chiefs, or possibly due to an internal power struggle. Perhaps we'll never know."

    You start the article by stating reasons as to why TrueCrypt shutdown, passing them off as facts, then you end the article contradicting yourself by saying you do not know the reasons.

    So which is it; did the maintainers shutdown TrueCrypt due to Microsoft ending support for XP and/or did the maintainers feel like they couldn't keep the software secure any longer, or do you not know and can only speculate?

    1. Anonymous Coward
      Anonymous Coward

      Re: Journalists nowadays

      At least he managed to deploy "ostensibly" into the FUD, which was the least he could do, before he went on to brand the baffled TrueCrypt users his quaint newspeak euphemism for "tinfoil clad psychotics"

  4. David Kelly 2

    CryptTrue

    Seeing as how the license for TrueCrypt lists forbidden variations of true followed by crypt, I suggest reversing the order and calling the fork, "CryptTrue".

    1. DJV Silver badge
      Meh

      Re: CryptTrue

      Or chuck it through an anagram generator and get:

      Crept Yurt

      Cry Putter

      Pretty Urk

      Ok, so maybe not!

      1. Chewborg
        Happy

        Re: CryptTrue

        Simply NewCrypt

        1. Richard Boyce
          Happy

          Re: CryptTrue

          .. or TwoCrypt.

          1. Eddy Ito

            Re: CryptTrue

            Red Crypt

            Blue Crypt

            Sorry.

            1. Steven Raith

              Re: CryptTrue

              Crypt Zero.

              Crypt Max.

              Now with zero added conspiracy theories.

              1. Benchops

                Re: CryptTrue

                TrippedCrew

                1. wolfetone Silver badge

                  Re: CryptTrue

                  CryptonFactor?

                  1. Jason 41

                    Re: CryptTrue

                    I was thinking its bound to become ProCrypt

                    But someone already appears to have grabbed that

          2. techulture

            Re: CryptTrue

            Only if you encrypt with the Twofish algorithm ...

    2. Phil W

      Re: CryptTrue

      or simply separate the words and replace them with alternatives of the same meaning

      For instance:

      TrueCrypt

      True Crypt

      Factual Mausoleum

      Ladies and Gentleman, I give you the name for the forked version.

    3. as2003

      Re: CryptTrue

      !FalseCrypt

      1. frank ly

        Re: CryptTrue

        Cry 'Puter

        1. wowfood

          Re: CryptTrue

          Crypto the wonder true.

    4. Adam 1

      Re: CryptTrue

      Gehrpelcg ??

  5. John P

    What difference does the XP EOL make to the code quality of TrueCrypt?

    1. William Towle

      "What difference..." @John P

      > What difference does the XP EOL make to the code quality of TrueCrypt?

      None whatsoever, and AFAICT there isn't a claim here that it does or should.

      Microsoft's decision to discontinue post-sale bugfix support to members of the public running XP means newly-discovered holes through which data(/code?) could leak out are going to stay open longer (if not forever). It seems reasonable that the team should want to take a course of action based on a) not suffering slights on the software due to problems in the underlying OS, b) not feeling obliged to build more and more plugs into the software due to holes in the host OS, and/or c) not needing to keep suitable-for-testing copies of XP around for longer than necessary. That they also supply advice and a migration path is commendable.

      1. Anonymous Coward
        Anonymous Coward

        Re: "What difference..." @John P

        "That they also supply advice and a migration path is commendable."

        That the proposed migration path was Bitlocker doesn't exactly make it commendable. I think 'borderline suspicious' is a better choice of words.

        1. William Towle

          Re: "What difference..." @John P

          > That the proposed migration path was Bitlocker doesn't exactly make it commendable.

          That's not in contention; it's the decision of the developers to not leave end users with data that cannot be transferred (or otherwise recovered) that I'm commending above.

          Going back to the line I originally quoted, I don't think it's necessary to finger point code quality in Windows (whatever one thinks of it) although obviously it does drive those concerns I listed to an extent (as it would for any other end-of-line OS).

          ...and since you've brought up Bitlocker I'm not blaming the team for wanting to not compete against the evolving market -whether any strong-arming has taken place or not- and having spoken highly of the TrueCrypt effort to people recently am pleased there is news of an effort to continue it ;)

      2. Adam 1

        Re: "What difference..." @John P

        >It seems reasonable that the team should want to take a course of action based on a) not suffering slights on the software due to problems in the underlying OS, b) not feeling obliged to build more and more plugs into the software due to holes in the host OS, and/or c) not needing to keep suitable-for-testing copies of XP around for longer than necessary

        Sure thing.

        * Add the following text to the website. "Due to Microsoft ceasing support of windows XP, Windows XP is no longer a supported by Truecrypt. We recommend you upgrade your operating system."

        * A checkbox later in installshield will prevent its install on such operating system versions (or at least those who can work around that know the risks)

    2. Dom 3

      None. But it is no longer needed, at least in the (apparent) opinion of the authors:

      "Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms".

  6. DanceMan

    Readers nowadays

    @Hit Snooze

    The journo made no claims; he reported "they claimed."

    1. Hit Snooze

      Re: Readers nowadays

      @DanceMan

      I've reread the article but I cannot find where the author reported "they claimed". Mind pointing it out for me?

      1. Ammaross Danan

        Re: Readers nowadays

        @Hit Snooze:

        Last I checked "ostensibly" meant "purportedly" and "They blamed" suggests "They claimed," but then again, a thesaurus may not be on your bookshelf to know such things.

        1. Hit Snooze
          Thumb Up

          Re: Readers nowadays

          @Ammaross Danan

          Thanks for the definition of ostensibly. I did not look it up and it is egg on my face!

        2. Anonymous Coward
          Anonymous Coward

          Re: Readers nowadays

          > Last I checked

          Well, to be fair, the first poster quoted "They claimed" as if it was a literal quote from the article.

  7. Anonymous Coward
    Anonymous Coward

    FWIW

    Claiming a "trademark" and then failing to enforce it is one way to lose it in the UK at least. I'm not sure what protection the license affords the holder in determining what someone might call a fork of TC.

    Basically, if you want to enforce rights through a license for a product then calling the product defunct is probably a good way to revoke your own "rights" to the name.

    Unless the license holders create some form of legal entity around the name TrueCrypt I would suggest they have already effectively dropped the name back into the public domain, if indeed it actually left it.

    Cheers

    Jon

    1. Peter2 Silver badge

      Re: FWIW

      Actually, that's completely, totally and utterly wrong without any basis in law.

      They have released the source code and a license allowing use of said code under a few limited conditions, one of which being that you don't use the name TrueCrypt or anything similar.

      If you use the name TrueCrypt then your in violation of the license agreement, hence they have no legal right to use the code or make any alterations to it. Saying that they understand this, but plan to host the website in Switzerland to evade their legal and moral obligations is utterly immoral and shows a total lack of shame, integrity and decency on the part of the "developers" who are shamelessly stealing from TrueCrypt.

      I think this demonstrates perfectly well however much developers are plain about the license agreements (no opaque language here!) then total fuckwits will ignore the simplest and fairest conditions of use.

      It would be perfectly legal to continue from the previous version and call it FalseCrypt, ContinuationCrypt or whatever. If it's a decent product then as with LibreOffice then people will all but forget the previous dead name within a couple of years.

      Re closing down; consider why Lavabit closed down and ponder for a few minutes on how cynical and or paranoid you should be, and if it's worth using any form of encryption product with developers in the US if you want your files to remain encrypted.

      1. Paul Crawford Silver badge
        WTF?

        Re: "who are shamelessly stealing from TrueCrypt"

        You might want to look up what stealing means. It implies depriving the rightful owner of something of value.

        Given that the moral owners of the TrueCrypt name are not coming forward, and that there is absolutely no sign of them commercialising this product in any way, I don't see what is being "lost" to justify a copyright infringement charge, let along "stealing".

        Sure it is an infringement of the license terms, but who is actually suffering? Certainly not the end users who otherwise would have to go to something else that might be much worse in terms of privacy.

        1. Anonymous Coward
          Anonymous Coward

          Re: "who are shamelessly stealing from TrueCrypt"

          Theft (stealing); dishonestly appropriating the property of another with the intention of permanently depriving the other of it. If I remember correctly, their are three exceptions when it is not theft, something along the lines of believing one had a right to it, unable to find the owner after reasonable efforts to tind them and something I have entirely forgotten. Hence, in England and Wales, there is a separate offence (or was, laws change) of taking and driving away to catch the theft of a car that is later abandoned.

          There is nothing there about value. So, stealing tuppence is just as much theft as stealing two million pounds. Hence it is theft to take something from someone else's dustbin or a builder's skip without permission.from the owner.

      2. Werner Heisenberg
        FAIL

        Re: FWIW

        If you're going to accuse others of fuckwittery, you might want to be certain you've got your facts straight first.

        From their main page:

        "We offer the product as is, and do not claim any rights to the name TrueCrypt or TrueCrypt.org - this is not a fork but the distributon of the product under Section II of the TrueCrypt license."

        Elsewhere they also state that a fork would likely be renamed.

        They are hosted in Switzerland as the black helicopters don't work quite as well in the mountains.

        1. DropBear
          Joke

          Re: FWIW

          Don't they have other ones with a white camo paintjob, that blend in better with snow...?

          1. This post has been deleted by its author

      3. Destroy All Monsters Silver badge
        Thumb Down

        Re: FWIW

        Saying that they understand this, but plan to host the website in Switzerland to evade their legal and moral obligations is utterly immoral...

        I hope your fellow colleagues don't ostracize and bully you. Haranguing people on morality while not having a clue tends to backfire.

  8. Woodnag

    What does "after examining the blueprints" mean?

    Did the auditers really use that language?

  9. nick soph

    I was never that bothered by it's name. Can't we just agree to call whatever follows something else - 'Elisabeth' maybe?

    1. DropBear

      Fine by me, as long as it's not Shirley...

      1. Gerard Krupa

        You can't be serious

  10. DrTeeth

    The most troublesome thing is the name?

    If the most troublesome thing is that any new product must not have anything resembling 'Truecrypt' in it, there is no real problem. FFS just call it anything and just move on. Next...

  11. Anonymous Coward
    Anonymous Coward

    Blazing Saddles

    Just call it TwueCrypt.

    1. Destroy All Monsters Silver badge

      Re: Blazing Saddles

      TwueCrypt from Twitwerland?

  12. Chairo

    What about LibreCrypt?

    As mentioned above, it would be unfair to the current developers to go on under the TrueCrypt moniker. also it will create unnecessary confusion. To use the "Libre" naming would make the intentions clearer and would borrow from the goodwill that LibreOffice created.

    1. regadpellagru

      Re: What about LibreCrypt?

      "To use the "Libre" naming would make the intentions clearer and would borrow from the goodwill that LibreOffice created."

      This. An also, with the fact hosting moves from the US of A to Switzerland, it would be a good punch in the face of Uncle Sam !

      1. Anonymous Coward
        Anonymous Coward

        Re: What about LibreCrypt?

        LibreCrypt would also follow in the footsteps of LibreSSL, the fork of OpenSSL that is undergong a massive amount of refactoring and bug fixing.

  13. John Tserkezis

    You mean it actually WAS the original authors who made it look like it was hacked?

    Pissweak effort IMO. Whatever the justification.

  14. Anonymous Coward
    Anonymous Coward

    How about

    FuckSpook.

  15. power effect
    Go

    Names I would use

    Trustcrypt

    Trustycrypt

    Are closer to the original than any other suggested and give a good meaning to the project intention.

  16. Valeyard

    Alternatives

    So is it just me then who didn't update and kept the fully functional version?

    Although that kinda feels a bit weak and I feel guilty for keeping an apparently insecure version (to the point where they removed encryption rather than let you use it?!) I really don't have anything I trust more

    Which says a lot for what's available at the moment. Has anyone any recommendations for good alternatives?

    1. This post has been deleted by its author

  17. TopOnePercent

    The name isn't important. What is important is the ongoing ability to use TrueCrypt, so well done guys for at least attempting this.

    Though I'll just suggest CHuCrypt (given it's hosting in alpine quarters). To be pronounced TrueCrypt.

  18. fnusnu

    Swisscrypt?

    How about Swisscrypt?

    1. Adam 1

      Re: Swisscrypt?

      Swiss army crypt?

      Maybe not. They would have to extend it to convert files to PDF, play video files, edit spreadsheets, zip files and a browser to claim that one.

  19. Frogmelon

    I would expect that after examining the blueprints for Truecrypt the auditors will find a small thermal exhaust port, right below the main port.

    It'll be two metres wide, but it'll lead directly to the main reactor!

    For a new name I'd suggest "Heidi"..something.. as Truecrypt is designed to, er, Heidi stuff.

  20. earl grey
    Happy

    Cthulhucrypt

    Solves lots of problems all at once.

    1. Gerard Krupa

      Re: Cthulhucrypt

      TrueCrypt Fhtagn

  21. Anonymous Coward
    Facepalm

    I think, at this point CryptOrchid might be appropriate, because the point of hidden disk encryption is to show that there is nothing there.

  22. Rhomboid
    Meh

    The name game

    Crew Tripped (Hoffman fork)

    Spooky Crypt (bare bones edition)

    L337 Krypt (Skiddy version)

    If litigation became an issue, I'd definitely advocate 'Sue Script'

  23. Matt Bryant Silver badge
    Boffin

    Maybe wait a bit before forking.

    Whilst it would sound quite possible for the FOSS crowd to fork the earlier version, it might be best to wait until after the code revIew has been completed. Probably twice. After all, as the Seggelmann incidents demonstrate, often there are flaws even the supposed geniuses miss.

  24. zb
    Coat

    How about calling it

    Crew Tripped

  25. LittleTyke

    New name for TrueCrypt?

    If the only stumbling block is the name, well, what's in a name? There are loads of names. As long as people know, nod nod, wink wink, that the revived product was once TrueCrypt, who cares? You could call it Daisy, or Son of TC, or NSA (Non-crackable Security Aid). There are many more possibles.

    1. Matt Bryant Silver badge
      Joke

      Re: New name for TrueCrypt?

      Surely, as it is supposed to provide a unique encryption tool for every user, it should generate a unique application name every time the code is compiled.....

  26. wish

    New name of the program

    CPCrypt

    Because it is a cross-platform program and the name "Crosscrypt" is already protected - i think.

    It is an easy method to create a logo which shows the cross-platform symbol.

    1. Adam 1

      Re: New name of the program

      A penguin staring at an apple tree with an odd bite mark in each fruit through a slightly warped window frame?

  27. wish

    Re: The name game

    CPCrypt

    (or CPDiskCrypt) Because it is a cross-platform program and the name "Crosscrypt" is already protected - i think.

This topic is closed for new posts.