Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt Alternatives Step Up Post-Cryptanalysis

Posted by Soulskill on from the rebuilding-with-confidence dept.

msm1267 writes: What's next for TrueCrypt now that a two-phase audit of the code and its cryptography uncovered a few critical vulnerabilities, but no backdoors? Two alternative open source encryption projects forked TrueCrypt once its developers decided to abandon the project in early 2014, giving rise to VeraCrypt and CipherShed — and both are ready to accelerate growth, compatibility and functionality now that the TrueCrypt code has been given a relatively clean bill of health.

3 of 83 comments (clear)

  1. good job by slashmydots · · Score: 5, Insightful

    So the NSA or whatever succeeded in turning one software program into two. Good job, guys. They're probably foreign-managed too so the US gov can't touch them.

  2. Re:So what are people using anyway? by Resol · · Score: 4, Interesting

    Interesting, perhaps its the way I use it I don't need full disk encryption. Most of the stuff I consider important and confidential is pretty small (tax return files, bank statements, etc.) What I need is small virtual disks that are encrypted so that I can easily move them around and access them. Perhaps it's extra naive of me, but I put a small true crypt archive on a server that I trust, and can then mount it from there on Linux, Windows, Mac, and iOS (I actually still have an operational NeXTStation, but I don't think there's a true crypt for that.) Maybe there's a better approach for what I'm doing?

  3. Re:They can hire a lawyer ... by youngatheart · · Score: 5, Insightful

    Yeah, they could if they wanted to, and if they had the money to get the ball rolling, but.... I'm not convinced they want to keep it from being forked. I got the feeling that TrueCrypt was basically a labor of love where the creators wanted to keep control of it and avoid exposing themselves to getting strong-armed into building in back doors.

    If you could ask them and get an honest answer, I suspect they'd tell you that government agencies figured out who they were. I think those agencies came to them and told them that they had no choice but to compromise the security "for the sake of the children." I think that's when they decided it was best to just exit rather than fight. I think that if they were given a choice between compromising their work intentionally and seeing other people take over, they'd support other people taking over even if they couldn't publicly endorse the efforts.

    That's all conjecture of course, but as a long time fan of their work and someone who listened to many analyses of their exit from the stage, I'm moderately confident in my guesses.