Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt Author Claims That Forking Is Impossible

Posted by timothy on from the it's-forking-impossible-man dept.

An anonymous reader writes On a request from Matthew Green to fork the TrueCrypt code, the author answers that this is impossible. He says that this might be no good idea, because the code needs a rewrite, but he allows to use the existing code as a reference. "I am sorry, but I think what you're asking for here is impossible. I don't feel that forking TrueCrypt would be a good idea, a complete rewrite was something we wanted to do for a while. I believe that starting from scratch wouldn't require much more work than actually learning and understanding all of truecrypts current codebase. I have no problem with the source code being used as reference."

3 of 250 comments (clear)

  1. You keep using that word... by fuzzyfuzzyfungus · · Score: 5, Informative

    It would appear that the intended meaning is 'impractical'. The code is available, and the original project declared itself dead, so forking is totally possible; but the author believes that it would probably be a better use of time to use the existing project as a reference for building a new one, rather than get sufficiently familiar with the old one that you can (safely) start modifying it.

    I don't know if it's true or not; but it's a much less radical assertion.

  2. Let me attempt to translate for you guys by satan666 · · Score: 5, Informative

    He says:
    "I am sorry, but I think what you're asking for here is impossible."

    As a developer, he uses the term "impossible". Nobody says
    "impossible" in a development framework. You could
    say "difficult" or "expensive" but not "impossible".
    He says "impossible" because he is telling us in
    specific terms:

    It is "impossible" to use the current code base because
    it has been compromised. He can't talk about it. He is
    under court order or some fucking thing.

    Since he cant tell us where the compromise is
    he says fuck it all and start from scratch.
    He is very specific.

    Look, if the developer of an encryption product
    says the product is not secure and it is impossible
    to fix, I take that as:

    "Stay the fuck away from this thing".

    To be forewarned...

  3. Re:What whas the problem in the first place? by Anonymous Coward · · Score: 5, Informative

    Code review did not find it to be a clean product. They simply found that the Windows binary that was distributed could be produced from the source code. IE there were no extras in that bin. Whether the code itself has crap in it is still at question and is being audited.

    Binary Reproducibility wasn't a goal (or even attempted) by the audit project - that was done by somebody else.

    The audit project didn't go through the entire TC codebase, but covered a lot of important areas. They found some issues here and there, but nothing they highlighted was especially serious - i.e., no cold-attack vectors, which is the important thing to guard against (anybody with physical access to your machine would be able to dump keys from memory, Game Over).