TrueCrypt Gets a New Life, New Name

← Back to Stories (view on slashdot.org)

TrueCrypt Gets a New Life, New Name

Posted by Soulskill on Friday September 19, 2014 @05:08AM from the and-hopefully-won't-disappear-into-the-void dept.

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

20 of 270 comments (clear)

Min score:

Reason:

Sort:

"CipherShed" by supertall · 2014-09-19 05:11 · Score: 5, Funny

Suddenly I think of banjos.
1. Re:"CipherShed" by pushing-robot · 2014-09-19 05:16 · Score: 5, Funny
  
  They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.
  
  --
  How can I believe you when you tell me what I don't want to hear?
2. Re:"CipherShed" by Kjella · 2014-09-19 06:34 · Score: 5, Funny
  
  They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.
  Clearly you didn't use it for your own project, I suppose you had to write it first or it would have suggested HorribleUniqueNameGenerator. Because like the developers of the GNU Image Manipulator Program knows, a catchy acronym never hurt anyone.
  
  --
  Live today, because you never know what tomorrow brings
3. Re: "CipherShed" by aix+tom · 2014-09-19 07:05 · Score: 5, Insightful
  
  It worked pretty OK for centuries. You could buy a "Plow from John Smith over in Blurn Hollows", or you could buy a "Plow from George Smith over in Redneck Fields", and nobody would be confused that they were called the same.
  These days, if you buy a "FuxMatic3000XP from XentTeck" one day, you have to make sure if you want to buy one a year later that neither the FuxMatic3000XP nor the XentTeck Trademark have been sold in the meantime and are completely different things and/or products, or if the company itself did a product switcheroo in the meantime.
4. Re:"CipherShed" by Spy+Handler · 2014-09-19 07:10 · Score: 4, Funny
  
  Nah, it wouldn't be cool to go against the wishes of the original authors. They put a lot of work into it. If you're gonna leech off their code then naming your project something other than Truecrypt is the least you can do.
  I suggest RealCrypt.
5. Re:"CipherShed" by Anonymous Coward · 2014-09-19 07:53 · Score: 3, Funny
  
  Well it`s better than the NSA fork - DeCrypt. ;-)
6. Re:"CipherShed" by WaywardGeek · 2014-09-19 10:19 · Score: 4, Informative
  
  So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)
  This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!
  RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.
  Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.
  
  --
  Celebrate failure, and then learn from it - Nolan Bushnell
Does the TrueCrypt License by I'm+New+Around+Here · 2014-09-19 05:13 · Score: 4, Insightful

allow a fork to be released under a standard open source license?
Because I can take software with a standard open source license and put TrueCrypt's name back into it.
Not that I intend to do so, but it just seems off, somehow.

--
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
1. Re:Does the TrueCrypt License by Anonymous Coward · 2014-09-19 05:18 · Score: 5, Informative
  
  Having RTFA (I know, I know), I can answer your question.
  The first CipherShed version will be under the TrueCrypt license. They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.
2. Re:Does the TrueCrypt License by Anonymous Coward · 2014-09-19 06:01 · Score: 5, Informative
  
  Section III.1.4 of the license (https://tldrlegal.com/license/truecrypt-license-version-3.0#fulltext) says that any code that you provide that is not part of the original TrueCrypt can be licensed under completely different terms, as long as the terms satisfy certain conditions listed in that section.
FOSS names by asmkm22 · 2014-09-19 05:20 · Score: 4, Interesting

Just curious. Is there some kind of unwritten rule that FOSS project names have to as crappy as possible? Is it just a translation thing, where maybe the name makes more sense or sounds better in the dev's native tongue? Has anyone been part of a FOSS project and was involved in the naming of it?
1. Re:FOSS names by gigaherz · 2014-09-19 05:38 · Score: 4, Insightful
  
  The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.
2. Re:FOSS names by jones_supa · 2014-09-19 06:00 · Score: 4, Insightful
  
  Good ones: Inkscape, Thunderbird, Blender, VirtualBox, Linux...
  Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...
  I personally think that you hit the sweet spot when you have a name which sounds cool and professional, is easy to remember, and at least tries to vaguely describe the function of the program.
3. Re:FOSS names by sexconker · 2014-09-19 06:34 · Score: 5, Funny
  
  The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.
  I'm happy to announce my new FOSS project: CUNTT. It's a universal network tracing tool.
  It stands for "CUNTT isn't a Universal Network Tracing Tool".
Re:Maybe it'll actually be trustworthy this time by Anonymous Coward · 2014-09-19 05:27 · Score: 5, Informative

For anyone that doesn't have time to read the article, here's the audit part:
Organizations are loathe to walk away from TrueCrypt because it is free, it is cross platform and, perhaps most importantly, the code is available for inspection. Critically, the code is not just available, but a security audit of the code is underway. The eyeballs on the code are not just theoretical, but are also there in practice -- and they are professional eyeballs at that.

The first part of the code audit was completed in April - a source code assisted security assessment of the TrueCrypt bootloader and Windows kernel driver. No serious problems were found, although many issues were highlighted, including a lack of comments, use of insecure or deprecated functions and inconsistent variable types. The product is also nearly impossible to compile from the source code, which means the majority of users download pre-compiled binaries, with all the attendant security risks.

The next part of the audit, a formal cryptanalysis, is underway.
I would keep my eye on the project that the remaining parts of the audit actually get completed properly.
Expect a FISA or PRISM notice in... by Bomarc · 2014-09-19 05:37 · Score: 3, Interesting

How long before they get a FISA or PRISM notice?
Wonder if they will have a "Warrant Canary" posting.
1. Re:Expect a FISA or PRISM notice in... by WaywardGeek · 2014-09-19 10:47 · Score: 3, Informative
  
  Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.
  Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.
  TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.
  
  --
  Celebrate failure, and then learn from it - Nolan Bushnell
Why does this always happen? by westlake · 2014-09-19 05:37 · Score: 3, Funny

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.
Nothing inspires more confidence in a complex cryptographic system than a name like "CipherShed.'
Is the geek born with this impulse to shoot himself in the foot?
1. Re:Why does this always happen? by CreatureComfort · 2014-09-19 09:16 · Score: 4, Funny
  
  Howbout...MaybeCrypt? Wouldn't want to use FalseCrypt...
  
  I've got it! SchrödingersCrypt!
  
  --
  "Unheard of means only it's undreamed of yet,
  Impossible means not yet done." ~~ Julia Ecklar
Re:Shed?? by CaptSlaq · 2014-09-19 05:59 · Score: 3, Funny

Like TVR.