Main Area and Open Discussion > Living Room

TrueCrypt is Now Abandonware?!

<< < (5/16) > >>

mwb1100:
I'd suggest keeping whatever downloads of TrueCrypt 7.1a that you might have safe until people figure out what's going on.

At this point I don't think we know if what's happening is due to problems that might be in 7.1a that the devs don't want (or can't) fix, or if 7.1a is OK to just continue using.

Either way, it looks like official downloads of a TrueCrypt that can encrypt data are probably gone for good.

Deozaan:
I don't get what the big deal is. It seems pretty simple to me:

1. The developer of TrueCrypt has decided it is no longer worth continuing development since every modern OS supports hard drive encryption natively, making TrueCrypt redundant. Use the OS's native encryption instead of TrueCrypt. That's what this means:

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images
--- End quote ---

To reiterate: It means that TrueCrypt filled a need in XP because XP didn't support encrypted disks (or at least not to the extent that TrueCrypt provided). But now that Windows XP is a "dead" OS, everybody (who uses Windows) should be on Vista or newer. Vista or newer all support encrypted disks, so use the OS's integrated encryption.

That's why it gives so much detail on how to enable encryption on the OS level (BitLocker or whatever it's called).

2. Since 7.2 is the final release of TrueCrypt, that means that this latest version (7.2) will be the last update of TrueCrypt that people will be able to find on the internet. As such, 5 years from now when 7.2 is still the "latest version" and security flaws are found or encryption breaking/cracking schemes advance enough to make breaking the encryption in TrueCrypt trivial, people should be aware that it is not a secure program. In other words, TrueCrypt is no less secure in 7.2 than it was in 7.1a. It just has a warning now about its inevitable insecurity in the future.

Or, in other words, to avoid having to release an update in a few years when TrueCrypt truly is no longer secure due to not being developed, the developer just put one in there right now so he can be done with it.

To put it yet another way, the developer can feel like he is being morally responsible by putting that warning in there now so that he won't feel accountable for the actions of some idiot who in X years tries to use it while thinking that encryption is magical security.

Of course, I'm no security expert. I could be wrong about all this. But that's how I see it from reading the warning.

J-Mac:
One problem with that theory: TC 7.2 only allows for decryption; it will not encrypt.

Jim

Deozaan:
Then I think I still was mostly right, but somehow missed that important detail. I think the developer did what he felt was the morally right thing by making sure nobody would use his abandonware security software since security is an ongoing process and just the fact that it is no longer being developed will make it insecure relatively quickly.

tomos:
^ a very logical explanation Deozaan, especially with regard to XP. (In fairness to the rest of us who didnt figure that out, they could have spelled it out a little more :-\)

Navigation

[0] Message Index

[#] Next page

[*] Previous page