about TrueCrypt and the Underhanded Coding project

[Thorin]

I read about TrueCrypt suddenly changing today.  I don't know when the change happened exactly, but the TrueCrypt website now says that TrueCrypt is unsecure and that Windows users should switch to BitLocker (not sure why that would be considered more secure, what with lack of transparency).  People are wondering whether it shutting down like this is a warrant canary or a disgruntled developer or just someone who wants to move to a new, more exciting project.

I'm not sure what I'll have to do, given that my company for quite a while was sold on TrueCrypt as the encryption of choice (although our newest hardware has UEFI or whatever it's called and TrueCrypt doesn't work on that anyway).

In reading about it, I also came across the Underhanded Coding project.  Man, in 2009 there were some awesome additions!  http://underhanded.xcott.com/?page_id=22  Sure made me look at how my luggage gets lost in a different light...

[Tom]

The current story behind it is the developers got bored, and no longer wish to maintain it. Another group of people are looking into taking over, but they want to make sure the copyright and licensing details are all shipshape before they do so. They even have raised like $70k towards the goal of taking over. The ongoing audit is still going ahead as well.

[Darren Dirt]

... the TrueCrypt website now says that TrueCrypt is unsecure and that Windows users should switch to BitLocker (not sure why that would be considered more secure, what with lack of transparency).

http://www.google.com/search?q=bitlocker+fbi+backdoor

And this Bitlocker/FBI scandal seems legit, was mentioned on Mashable, BoingBoing...



But dig deeper and it appears that it's not just Bitlocker that is vulnerable... Google "ADVAPI.DLL  NSA backdoor" -- or just read http://cryptome.org/jya/msnsa.htm ( also see https://web.archive.org/web/20000124173533/http://www.cryptonym.com/hottopics.html -- site owner seems to have shut it down... for now)