![]() ![]()
![]() Even if the actual TC devs found out, their anonymity and reliance on electronic signatures means they can’t conclusively prove they’re the real ones. If they’ve got to the point where they can sign stuff as if they were TC devs, they’d probably stick around and insert backdoors into the codebase, rather than recommend people to switch to something else they’ve already got a backdoor entry point for. Generally such persons/groups deface sites to make a political point or to glorify themselves. I think we can rule out the following scenarios: The new page is thrown up as basically plain HTML and that a massive amount of data appears to simply have been deleted. #Remove truecrypt bootloader software#In the Corporate world, generally only commercial software is used, because it a) is vendor supported b) easier to manage c) has the required reporting and validation functionality. Honestly, products like TrueCrypt are for the highly technical individual user, who in many cases does not contribute financially to the Open Source product. It is possible (although I’m not sure if it is likely) that the TrueCrypt team realized they don’t have much of a market left. Whether that is REALLY why the TrueCrypt team posted that message (assuming it is legitimate) is a whole different question. I am only stating that there is in fact a valid point to their argument. ![]() #Remove truecrypt bootloader windows#But I have read a lot of comments on various forums stating that the Windows XP statement makes no sense. ![]() Let me clarify though – I’m not saying the statement from the TrueCrypt team is or is not legitimate. That’s far more exciting and timed well with the Snowden interview.ĩ:43 couple of things – do you have articles with evidence that BitLocker has a backdoor? There has been a lot of speculation, and there is evidence the government asked for one, but I am not aware of evidence that Microsoft actually put one in. that are required for supporting audits (SOX, PCI-DSS, etc.).īut enough trying to justify the cryptic statement on the Web Site. TrueCrypt has few deployments because it does not have the enterprise management functionality, centralized reporting, etc. BitLocker, with BitLocker gaining deployments due to the reasons I mentioned above. On the laptop/tablet side, it’s basically down to PointSec vs. Many/most companies deploying mobile device encryption use the integrated encryption available in all modern mobile OSes for those reasons. Working in a Fortune 500 enterprise environment, I will say the following: Built-in encryption is almost always faster and easier to manage than third party encryption. It could be a matter of saying “all OSes now have integrated encryption, so use that instead of our stuff.” On the Windows XP point – there is some legitimacy there in that Windows XP was the last Windows OS to not support usable built-in encryption functionality. Don’t run off an mass migrate those archives just yet. Put those laptops under lock and key and don’t use them a few days. ought to review personal security and NOT be spooked into spinning up the NSA archives and trying to migrate that data. Which is a simply way to suggest that Bruce, Greenwald, et al. Another line of thought goes like this: If the NSA really really really wants to know WHAT Snowden had access to, and wanted to say, use a tempest solution to grab that information, one way to to that would be to spook someone known to have received those info using psy_ops to persuade that someone to decrypt the entire data from whatever air-gapped machine is on into some other machine. to FINISH their audit just for posterity.ĭ. Was the original Truecrypt itself an NSA project and the shenanigans yesterday designed to keep people using the 7.1a and earlier versions (assuming there’s some sort of subtle compromise)? Was the change some sort of “dead man’s switch” that was spring loaded by the developer? Whatever the case, the Truecrypt project is now that friend who usually seems like a good guy, but suddenly turned sketchy. #Remove truecrypt bootloader update#The update to to where the truecrypt site is redirected has a much more amateurish quality than the original site. Of if Bruce pulled this page, sought to deprecate Blowfish/Twofish and instead told everyone “Hey, you should really be using MacGuffin”Ĭ. Almost as if Phil Zimmerman shut down all his web sites and told people to stop using PGP and that they should use something called Bass-o-matic. The endorsement of BitLocker feeds into the later point above. It could also be the modern analog to something like this: ī. Its the sort of thing that would be automated in a development environment for a contractor doing work for the. #Remove truecrypt bootloader code#The odd source code edit where comments referring to “U.S.” had the text altered to “United States” seems noteworthy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |