truecrypt.org hacked or real?

deadite66 · 30 May 2014 at 08:44

replies from the devs.

https://www.grc.com/misc/truecrypt/truecrypt.htm

Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):

TrueCrypt Developer “David”: “We were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever.”
Steven Barnhart: (Paraphrasing) Developer “personally” feels that fork is harmful: “The source is still available as a reference though.”
Steven Barnhart: “I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.”
Steven Barnhart: “Also said no government contact except one time inquiring about a ‘support contract.’ ”
TrueCrypt Developer “David”: Said “Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ ”
Quoting TrueCrypt Developer David: “There is no longer interest.”

xdcx · 30 May 2014 at 09:17

Energize said:
Hacked is the logical conclusion. Conspiracy theory is not.

Your "logical" conclusion in this case is dumb. So dumb that some of the "conspiracy theory" conclusions you dismiss are actually more likely and meaningful.... Maybe even logical....

Energize · 30 May 2014 at 16:02

xdcx said:
Your "logical" conclusion in this case is dumb. So dumb that some of the "conspiracy theory" conclusions you dismiss are actually more likely and meaningful.... Maybe even logical....

I love, non-evidence based insults, please continue with your rambling.

CaptainCrash · 30 May 2014 at 16:47

Energize said:
I love, non-evidence based insults, please continue with your rambling.

I'd say the fact that the linked binaries used TrueCrypt's authentic signing key was pretty strong evidence against the hacking theory.

Django x2 · 30 May 2014 at 19:52

And there was me getting a beat down from some pre-teen on here because I said BitLocker was more secure than TrueCrypt

I wouldn't think a GCHQ dev would even bat an eyelid at this debacle, given that they themselves use BitLocker on all their devices.

Energize · 30 May 2014 at 20:15

CaptainCrash said:
I'd say the fact that the linked binaries used TrueCrypt's authentic signing key was pretty strong evidence against the hacking theory.

At face value, hacking is a logical conclusion, it follows all the same patterns as previous hackings, to call it childish or "dumb" in favor of conspiracy theories is just bizarre.

The NSA theory is not evidence based, and given that the developers of the program were anonymous seems implausible.

At the end of the day this is a non issue, truecrypt is a great encryption tool that offers security above and beyond bitlocker and has multi os support, there's no reason to stop using it, and I can't see why future development efforts are even needed at this point, though I'm sure someone else will take over development.

Cromulent · 31 May 2014 at 01:20

Django x2 said:
And there was me getting a beat down from some pre-teen on here because I said BitLocker was more secure than TrueCrypt

I'd fully understand why someone would argue with the point you made that Bitlocker is more secure than TrueCrypt.

What exactly are you basing that assumption on anyway?