-
Features
Warning--Bitlocker sends your keys to the NSA
- Thread starter Loren Pechtel
- Start date
NobleSavage
Veteran Member
Why am I not surprised. Now that TrueCrypt is no longer what do you think is the best alternative? I've been looking, but nothing seem like a proper replacement yet.
I've never had sensitive enough stuff on my machine to bother with such programs.
NobleSavage
Veteran Member
Neither do I, but it's fun to pretend.
barbos
Contributor
BestCrypt?
Axulus
Veteran Member
Even though TrueCrypt is no longer supported, is the latest usable version vulnerable?
NobleSavage
Veteran Member
I've seen no proof that's it's vulnerable, but the website since May has said, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". There has been all kind of rumors and conspiracy theories. The devs said to rewrite not fork: http://pastebin.com/RS0f8gwn
And note that the audit that has been performed so far didn't attempt to see if the released version matches the source. (Doing so is difficult for technical reasons--it uses a 20 year old compiler.)
The nature of the warning makes me think they know something we don't--such as perhaps the binaries don't match the source.
NobleSavage
Veteran Member
No hidden container and I prefer the code be open source with a few Asperger types auditing it.
I haven't tried these yet, but there the ones I'm keeping an eye on:
CipherShed http://www.esecurityplanet.com/open-source-security/truecrypt-getting-a-new-life.html
VeraCrypt http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html
Will Wiley
Veteran Member
I think it is beyond debate that any American company has NSA backdoors in their software, including (or maybe especially) Microsoft. Add to this that Bitlocker is closed source as well and.......
One can always disable onedrive though, can't one?
One can always disable onedrive though, can't one?
barbos
Contributor
Well, linux version is distributed in source, so you can audit it.
Why so much need for hidden container? Afraid of torture?
Speaking of hidden containers, Are there two passwords real one and one in case you get tortured?
What if you forget torture password?
NobleSavage
Veteran Member
Plausible deniability. If they are into torture you are probably gonna get tortured no matter what.
Check out https://securityinabox.org/truecrypt_hiddenvolumes
Nice Squirrel
Contributor
- Joined
- Jun 15, 2004
- Messages
- 6,083
- Location
- Minnesota
- Basic Beliefs
- Only the Nice Squirrel can save us.
Remember: "studies" have shown that if you survive two weeks of torture or attempts at brainwashing, you will not be broken.
From personal experience I can say that they will never get the formula for KFC Original Recipe out of me like they did Extra Crispy.
From personal experience I can say that they will never get the formula for KFC Original Recipe out of me like they did Extra Crispy.
barbos
Contributor
So idea is to create big volume, fill it with porn then make a smaller and hidden one with a plan for world domination?
I heard about it before, I am just surprised to meet people who actually use it.
barbos
Contributor
Anyhow, I don't think the purpose of bitlocker was ever claimed to keep NSA out. It is more like keeping your private pictures from leaking to the Internet.
barbos
Contributor
Yeah, wikipedia does not list any out of ordinary vulnerabilities. Just the usual stuff like stealing keys directly from memory or keyloging. Probably NSA advised them to stop
NobleSavage
Veteran Member
barbos
Contributor
Don't really understand what it has to do with what I said.
Yes, hacking using tampered compilers has long being suggested, have not heard about actual cases though. But it is not hard to do, so they probably did it.
Actually there have been cases of that, NVidia was caught using this trick where they were replacing original code with their own in their graphics card shaders.
NobleSavage
Veteran Member
Yeah, I need to start a thread on practical security. I could use the feedback. I've got several people traveling with laptops and various devices. If one got stolen from a hotel it would not be good. I'm thinking about using YubiKey.
- - - Updated - - -
Just suggesting interesting reading, but you are already familiar.