Full Disclosure mailing list archives
Re: TrueCrypt?
From: Michael Cramer <mike.cramer () outlook com>
Date: Fri, 30 May 2014 11:21:02 -0400
On a technicality, There has never been a demonstration of a vulnerability in Dual_EC_DRBG. There are only allegations based on ties to the NSA. -Mike Sent from my iPhone
On May 30, 2014, at 11:09, "Chris Schmidt" <chris.schmidt () contrastsecurity com> wrote: Regarding your final statement here, I seem to recall it being reported a little company called RSA allowed NSA backdooring and I¹m pretty sure they are far from Out-Of-Business. Claiming that giants like MS would go out of business if it got out that they were working with the NSA is completely naïve.On 5/29/14, 4:13 PM, "Mike Cramer" <mike.cramer () outlook com> wrote: I think it¹s more important to have rational discussions. This isn¹t the first time Microsoft has been Œrumored¹ to have backdoors in Windows for the US Government. These rumors have been perpetuated for years. While I don¹t know how long you¹ve been in the industry, it¹s something I recall even being 14 years old and sitting on IRC and having people discuss. The reality now, just as then, is that these are unsubstantiated. A more apt description about the cooperation between the US Government and Microsoft I think falls back onto our old pals ³Alice and Bob². I¹m sure you may recall these names from any sort of discussion about PKI. What people seem to forget in all of these discussions is that Microsoft is Bob. (Microsoft Bob? :P) No amount of encryption, protection, secret keying is going to protect you when one party is going to hand over the information to 3rd parties to review. Based on my Alice and Bob comment above, it¹s reasonable to assume that the encryption itself is 100% fine, so as long as you believe that Bob will never divulge the information you¹ve disclosed. Through all of these discussions surrounding Bitlocker across multiple forums nobody has brought up the fact that Bitlocker in Windows 8 allows you to store recovery key information in OneDrive/²The Cloud². Why bother writing in backdoors to the software when the keys are readily available with a warrant? There are a million and one ways to get access to the information and the absolutely most difficult, most costly, and most potentially damaging is the one people are jumping to first. If it were ever revealed that Microsoft purposefully weakened its encryption systems to allow the NSA access to any Windows device, then it would be the end of the organization. They¹re just not that dumb. Mike From: Justin Bull [mailto:me () justinbull ca] Sent: Thursday, May 29, 2014 18:02 To: Mike Cramer Cc: fulldisclosure () seclists org; secuip Subject: RE: [FD] TrueCrypt? Closed source and Microsoft is notoriously known to play ball with LEO and government. It's an ill-fitting shoe. Sent from mobile. On May 29, 2014 5:47 PM, "Mike Cramer" <mike.cramer () outlook com <mailto:mike.cramer () outlook com> > wrote: What is careless about recommending Bitlocker? -----Original Message----- From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org <mailto:fulldisclosure-bounces () seclists org> ] On Behalf Of Justin Bull Sent: Thursday, May 29, 2014 17:18 To: secuip Cc: fulldisclosure () seclists org <mailto:fulldisclosure () seclists org> Subject: Re: [FD] TrueCrypt? But why go out in that style? Why not be frank? Why be so careless as to recommend BitLocker? The diff was meticulous but the website and comms were not. It doesn't add up. Sent from mobile. On May 29, 2014 5:13 PM, "secuip" <root () secuip fr <mailto:root () secuip fr>wrote:http://krebsonsecurity.com/2014/05/true-goodbye-using- truecrypt-is-not-secure/comment-page-1/#comment-255908 Le 29/05/2014 22:51, uname -a a écrit :There are several strange behaviors. Sitesource is not clean. Just a html that say take now Bitlocker or other built-in tools of your OS !? New Keys got added to SF 3h before release of 7.2 happened. On SF the old versions got removed. For older Versions you've to download them elsewhere (there are several sources available). Encryption, Help and all traces to truecrypt.org <http://truecrypt.org> got removed in the Programsource. No explanation for this anywhere. Just speculations. Truecrypt isn't available on the webarchive! The Wiki got editet massively. Am 29.05.2014 04:21, schrieb Anthony Fontanez:I'm surprised I haven't seen any discussion about the recent issues with TrueCrypt. Links to current discussions follow. /r/sysadmin: http://www.reddit.com/r/sysadmin/comments/26pxol/ truecrypt_is_dead/ /r/netsec: http://www.reddit.com/r/netsec/comments/26pz9b/ truecrypt_development_has_ended_052814/ Thank you, Anthony Fontanez PC Systems Administrator Client Services - College of Liberal Arts Information & Technology Services, Enterprise Support Rochester Institute of Technology LBR-A290 585-475-2208 <tel:585-475-2208> (office) ajfrcc () rit edu <mailto:ajfrcc () rit edu> <mailto:ajfrcc () rit edu <mailto:ajfrcc () rit edu> > Submit a request via email: servicedesk () rit edu <mailto:servicedesk () rit edu> <mailto:ser <mailto:ser> vicedesk () rit edu <mailto:vicedesk () rit edu> > Check the status of an active request: footprints.rit.edu <http://footprints.rit.edu> <https:// footprints.rit.edu/ <http://footprints.rit.edu/> > Manage your RIT account and computers: start.rit.edu <http://start.rit.edu> <https://start. rit.edu/ <http://rit.edu/> > CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: TrueCrypt?, (continued)
- Re: TrueCrypt? Dennis E. Hamilton (May 29)
- Re: TrueCrypt? uname -a (May 29)
- Re: TrueCrypt? secuip (May 29)
- Re: TrueCrypt? Justin Bull (May 29)
- Re: TrueCrypt? CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Re: TrueCrypt? JK (May 29)
- Re: TrueCrypt? Philip Cheong (May 29)
- Re: TrueCrypt? Sergio Conde Gómez (May 29)
- Message not available
- Re: TrueCrypt? Justin Bull (May 29)
- Re: TrueCrypt? Mike Cramer (May 29)
- Message not available
- Re: TrueCrypt? Michael Cramer (May 30)
- Re: TrueCrypt? uname -a (May 30)
- Re: TrueCrypt? Jeffrey Walton (May 30)
- Re: TrueCrypt? secuip (May 29)
- Re: TrueCrypt? Jeffrey Walton (May 30)
- Re: TrueCrypt? Not EcksKaySeeDee (May 30)
- Re: TrueCrypt? Justin Bull (May 30)
- Re: TrueCrypt? Not EcksKaySeeDee (May 31)
- Re: TrueCrypt? Philip Cheong (May 30)
- Re: TrueCrypt? Alfie John (May 30)