Results 1 to 6 of 6
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Warning: Vulnerabilities in TrueCrypt revealed




    ON SECURITY

    Warning: Vulnerabilities in TrueCrypt revealed


    By Tracey Capen
    Encrypting your critical data is an important part of protecting your personal information. But there are relatively few encryption options for the average PC user. One popular encryption tool was TrueCrypt, which became a dead app walking last year. Fortunately, there's a secure regularly updated alternative.

    The full text of this column is posted at WindowsSecrets.com/on-security/warning-vulnerabilities-in-truecrypt-revealed/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Nov 2014
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The article is contrary to the conclusion of Steve Gibson, who I think can be trusted explicitly.
    see http://steve.grc.com/2014/05/30/yes-...l-safe-to-use/ and https://www.grc.com/misc/truecrypt/truecrypt.htm

  3. #3
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by tommy99 View Post
    The article is contrary to the conclusion of Steve Gibson, who I think can be trusted explicitly.
    see http://steve.grc.com/2014/05/30/yes-...l-safe-to-use/ and https://www.grc.com/misc/truecrypt/truecrypt.htm
    Those pages about TrueCrypt were written by Steve Gibson more than a year ago.

    These flaws were only announced within the last week: TrueCrypt critical flaws revealed: It's time to jump ship

    Two days ago, at 2:25 on his Security Now podcast, Steve Gibson said, "The news is, it is probably time to migrate away from TrueCrypt."

    He expands on the reasons later in that recent broadcast at 12:12 to 24:35, where he also recommends VeraCrypt as the alternative.

    This critical flaw doesn't affect encrypted data, but allows an avenue for future malware via privilege escalation.
    Last edited by BruceR; 2015-10-01 at 10:19. Reason: better link and times

  4. The Following User Says Thank You to BruceR For This Useful Post:

    Fascist Nation (2015-10-01)

  5. #4
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Exactly. Everyone paying attention knew this day would come when an exploit would come forward and Truecrypt would no longer be secure.

    Thank you Mr. Capen and Windows Secrets for alerting me that this day has arrived.

    I recently used VeraCrypt on an 850 Pro on an old travel laptop in August-Sept. because I wanted to test it out just for that reason (used 64-bit Win7 Pro). Fortunately old BIOS so I could encrypt the entire drive. I must say VeraCrypt feels somewhat slower to load up the volume once the encryption key is entered than Truecrypt. Not a huge problem as I just get it going and then work on coffee. I was getting ready to time it and then swap in Truecrypt and time it but now not much point.

    Still I enjoyed the thought of the encryption key request that quickly pops up every time the TSA inspects my cargo bag carrying my laptop. I have quite a collection of TSA "Inspected your bag" cards.
    Last edited by Fascist Nation; 2015-10-01 at 12:59.

  6. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    I'll just raise a couple of points about encrypted volumes.

    I used TrueCrypt for awhile back in the day, but then one day it wouldn't open. The container has been corrupted. This was not a hardware issue but with the software itself. The container was dead and everything in it lost.

    This of course highlights the question of backup. You need to use imaging to back up an encrypted volume. And you need to test it to be sure it actually works.

    7-Zip is vastly more straightforward and standardized, without a lot of the complications. Always be careful of proprietary formats too.

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,186
    Thanks
    47
    Thanked 983 Times in 913 Posts
    You do not need to use an image backup for an encrypted volume as long as the backup runs after the volume is mounted. This allow you to use incremental backup rather than copy the entire volume every time.

    cheers, Paul

  8. The Following User Says Thank You to Paul T For This Useful Post:

    Fascist Nation (2015-10-23)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •