Silk Road forums
Discussion => Security => Topic started by: HCeline on July 22, 2013, 10:29 pm
-
well stumbled across this while I was reading about truecrypt http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/
if tails doesn't trust it and they don't public show their code should we trust them with our freedoms? Anyone know a good open source alternitive
-
Astor...
kmfkewm .....
Where are yoooou guyyyyys?!?!?!?!
What's the skinny on this?
For the lulz:
https://www.youtube.com/watch?v=03L3lGso_5w
-
P.S. Site is up! ;D
-
Truecrypt domain registed with a false address
Truecrypt developers identity hidden
Truecrypt developers working for free
All of these points also apply to I2P, most of them also apply to Freenet, and for the most part it all applies to Bitcoin as well. As far as I know nobody knows who actually made I2P other than some pseudonyms, Freenet it is known who made it but he works for donations, Bitcoin nobody knows who made it but a pseudonym and he works for free but probably actually made himself a lot of money in doing so. I don't know who is maintaining GPG or follow it that closely, but I imagine they are doing it entirely for free. Most of the open source security software is entirely free, hell just look at OpenSSL it is a truly massive cryptographic library that is entirely free. The point is that any one of these points isn't unique to hardly any security project that is not funded by a corporation, and in the cypherpunk scene projects falling under all three of these criteria are not really out of place at all. You have three distinct groups, the corporate people doing shit for money, the academic people doing shit for knowledge and then the cypherpunks doing shit for ideology and knowledge as well, and the cypherpunk people are generally pretty pseudonymous themselves.
Compiling Truecrypt source code increasingly difficult
No idea, I am sure because of compiler options it is a bit difficult to get source code to compile exactly to the released binaries, but the thing is if you can do it once then you can validate the source code and the binary. It isn't like they are releasing a closed source product.
Truecrypt license contains distribution restrictions
Lots of people have always bitched about Truecrypts license, I think it is fine, I am not a license zealot ready to strap a suicide vest on for GPL like some people are.
Truecrypt removed from The Amnesic Incognito Live system
Doesn't mean anything really
Truecrypt open source code has never been reviewed
This is the biggest concern of all, I certainly have not analyzed Truecrypt and I don't know if anybody else has but I imagine so considering it is open source and popular.
Censorship at Truecrypt forums
Is kind of sketchy, Truecrypt forums have a bit of a reputation for being totalitarian shit hole, definitely sketchy
Can the FBI crack Truecrypt?
Not likely at all from what I have seen
Can the NSA crack Truecrypt?
Maybe, who knows. I don't.
Conclusion about Truecrypt reliability
read the source code let me know how it looks k thnz bye
-
Are there any open source alternatives for full disk encryption or OS partition encryption?
-
dm_crypt
http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian
Truecrypt ->
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
You can hide your containers in MP4 movies also with steno.
No one knows who wrote TrueCrypt. No one knows who maintains TC.
There is a quote right after that says the trademark is held by Tesarik, who lives in the Czech Republic. It's pretty safe to assume that whoever owns the trademark maintains the product.
Moderators on the TC forum ban users who ask questions.
Is there any proof of this, or is it just anecdotal? And by proof, I mean first-person proof, screen shots, et cetera.
TC claims to be based on Encryption for the Masses (E4M). They also claim to be open source, but do not maintain public CVS/SVN repositories
Source control is certainly an important part of a group programming project, but it's absence certainly does not decrease the credibility of such project.
and do not issue change logs.
Yes they do. http://www.truecrypt.org/docs/?s=version-history. Not all OSS publishes extremely clear change logs, because it's simply too much time sometimes.
They ban folks from the forums who ask for change logs or old source code.
Because it's a stupid question, considering that there is a change log and old versions are already available. http://www.truecrypt.org/downloads2
They also silently change binaries (md5 hashes change) with no explanation... zero.
What version is this of? Is there any other proof? Downloadable, signed old versions?
The Trademark is held by a man in the Czech Republic ((REGISTRANT) Tesarik, David INDIVIDUAL CZECH REPUBLIC Taussigova 1170/5 Praha CZECH REPUBLIC 18200.)
So what? Someone in the Czech Republic owns a trademark for a major encryption technology. Why does it matter?
Domains are registered private by proxy. Some folks claim it has a backdoor.
Who? Where? What?
Who Knows? These guys say they can find TC volumes: http://16systems.com/TCHunt/index.html
Duh, the TC volumes in the screenshot all END WITH .tc.
And anyone seen this image on the Contact page?
TrueCrypt Foundation address
http://i.stack.imgur.com/PXIrm.gif
The Problem with TChunt was solve long time ago..bte if you use stego TCHunt wont find them even if the code will ever be optimzed.
On teh other hand ->
See this document, which explains that the government's goal is to encourage the widespread use of encryption for which they can recover the keys: http://www.justice.gov/criminal/cybercrime/cryptfaq.htm
Actually, the Administration encourages the design, manufacture, and use of encryption products and services that allow for recovery of the plaintext of encrypted data, including the development of plaintext recovery systems, which permit through a variety of technical approaches timely access to plaintext either by the owners of data or by law enforcement authorities acting under lawful authority. Only the widespread use of such systems will both provide greater protection for data and protect public safety.
....
The Department's goal -- and the Administration's policy -- is to promote the development and use of strong encryption that enhances the privacy of communications and stored data while also preserving law enforcement's current ability to gain access to evidence as part of a legally authorized search or surveillance.
...
In this regard, we hope that the availability of highly reliable encryption that provides recovery systems will reduce the demand for other types of encryption, and increase the likelihood that criminals will use recoverable encryption.
In other words, whether the software is trustworthy is quite independent from whether the devs are sociable people or not. If you you believe the availability of source code is not enough to ensure security, you will have to organize a code audit. There certainly are people outside the TrueCrypt project who look at the source code, so a deliberate backdoor is probably hard to hide, but there might be hidden bugs. This bug in Debian's OpenSSL package went unnoticed for quite a while.
All text st 8stolen from a 5 minute search via non logging search engines
-
http://www.hacker10.com/tag/truecrypt-alternative/
very good alternative. ( sorry no alternaitve--but based in TC , so they should have looked at it before risking their reputation)
LaCie also seems to have developed a very interesting encrypted cloud.
Servers in switzerland..payable by bitcoin...what do you need more :)
Just use a cascade of encryption schemes if you are mega paranoid...
password strength and other attack vectors are a much bigger concern..
God help you if you do your stuff with windooze or mac os ;D
This is a real alternative->
http://www.hacker10.com/encryption-software-2/diskcryptor-vs-truecrypt-comparison/
-
Finding any significantly sized encrypted file isn't hard to do unless it is hidden with steganography, it looks like a big block of randomness in a sea of non-randomness.
-
Bungee54, how would you go about hiding a encrypted container in an mp4, if you would be so kind
-
Are there any open source alternatives for full disk encryption or OS partition encryption?
LUKS+ for Linux?
-
Bungee54, how would you go about hiding a encrypted container in an mp4, if you would be so kind
Enter exactly " hiding a encrypted container in an mp4" in your non-loging search engine of choice and see the first hit :)
-
From the beggining I knew there was something fishy with TrueCrypt.
I suggest you to use LUKS+ (if you use Linux).
-
Are there any open source alternatives for full disk encryption or OS partition encryption?
LUKS+ for Linux?
That's what I currently use.
-
Bungee54, how would you go about hiding a encrypted container in an mp4, if you would be so kind
Enter exactly " hiding a encrypted container in an mp4" in your non-loging search engine of choice and see the first hit :)
Check this out and let me know what you think
http://dkn255hz262ypmii.onion/index.php?topic=189785.0