TrueCrypt Gets a New Life, New Name

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

"CipherShed"

[supertall]

Suddenly I think of banjos.

Re:"CipherShed"

[pushing-robot]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Re:"CipherShed"

[Kjella]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Clearly you didn't use it for your own project, I suppose you had to write it first or it would have suggested HorribleUniqueNameGenerator. Because like the developers of the GNU Image Manipulator Program knows, a catchy acronym never hurt anyone.

Re: "CipherShed"

[aix+tom]

It worked pretty OK for centuries. You could buy a "Plow from John Smith over in Blurn Hollows", or you could buy a "Plow from George Smith over in Redneck Fields", and nobody would be confused that they were called the same.

These days, if you buy a "FuxMatic3000XP from XentTeck" one day, you have to make sure if you want to buy one a year later that neither the FuxMatic3000XP nor the XentTeck Trademark have been sold in the meantime and are completely different things and/or products, or if the company itself did a product switcheroo in the meantime.

Re:Does the TrueCrypt License

Having RTFA (I know, I know), I can answer your question.
The first CipherShed version will be under the TrueCrypt license. They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.

Re:Maybe it'll actually be trustworthy this time

For anyone that doesn't have time to read the article, here's the audit part:

Organizations are loathe to walk away from TrueCrypt because it is free, it is cross platform and, perhaps most importantly, the code is available for inspection. Critically, the code is not just available, but a security audit of the code is underway. The eyeballs on the code are not just theoretical, but are also there in practice -- and they are professional eyeballs at that.

The first part of the code audit was completed in April - a source code assisted security assessment of the TrueCrypt bootloader and Windows kernel driver. No serious problems were found, although many issues were highlighted, including a lack of comments, use of insecure or deprecated functions and inconsistent variable types. The product is also nearly impossible to compile from the source code, which means the majority of users download pre-compiled binaries, with all the attendant security risks.

The next part of the audit, a formal cryptanalysis, is underway.

I would keep my eye on the project that the remaining parts of the audit actually get completed properly.

Re:Does the TrueCrypt License

Section III.1.4 of the license (https://tldrlegal.com/license/truecrypt-license-version-3.0#fulltext) says that any code that you provide that is not part of the original TrueCrypt can be licensed under completely different terms, as long as the terms satisfy certain conditions listed in that section.

Re:FOSS names

[sexconker]

The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.

I'm happy to announce my new FOSS project: CUNTT. It's a universal network tracing tool.
It stands for "CUNTT isn't a Universal Network Tracing Tool".