Posted: 10/11/2014 8:23:24 PM EDT
|
I have been running TrueCrypt for a few years now and have seen what
has been going on. I am migrating to Windows 8 kicking and screaming but wondered what everyone here was running for encryption software. Thanks |
|
Quoted:
For all but government foes, Windows 8's Bitlocker should do fine. Assume the keys go to the government. Bitlocker is not secure. http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/ |
|
Quoted:
I'm looking for the same thing. Whole drive encryption. Everything I'm reading says don't use truecrypt any more, and bit-locker is not available on all versions of Windoz. Mainly for a USB drive that I carry. I thought that the older versions of TC were still secure? |
|
Quoted:
I thought that the older versions of TC were still secure? Quoted:
Quoted:
I'm looking for the same thing. Whole drive encryption. Everything I'm reading says don't use truecrypt any more, and bit-locker is not available on all versions of Windoz. Mainly for a USB drive that I carry. I thought that the older versions of TC were still secure? How Old? I have been using TC for about 5 years. I have not updated my program I had heard it was compromised but didn't know older versions were still secure. Not doing anything nefarious, just book work for my wife's medical practice where everything needs to be double secured due to HIPAA and of course her financials. |
|
Quoted: I thought that the older versions of TC were still secure? Quoted: Quoted: I'm looking for the same thing. Whole drive encryption. Everything I'm reading says don't use truecrypt any more, and bit-locker is not available on all versions of Windoz. Mainly for a USB drive that I carry. I thought that the older versions of TC were still secure? There aren't any (major) known issues with 7.1a yet, so I have no reason to stop using it. I'll keep using it until one of the forks takes off. |
|
Quoted:
How Old? I have been using TC for about 5 years. I have not updated my program I had heard it was compromised but didn't know older versions were still secure. Not doing anything nefarious, just book work for my wife's medical practice where everything needs to be double secured due to HIPAA and of course her financials. Quoted:
Quoted:
Quoted:
I'm looking for the same thing. Whole drive encryption. Everything I'm reading says don't use truecrypt any more, and bit-locker is not available on all versions of Windoz. Mainly for a USB drive that I carry. I thought that the older versions of TC were still secure? How Old? I have been using TC for about 5 years. I have not updated my program I had heard it was compromised but didn't know older versions were still secure. Not doing anything nefarious, just book work for my wife's medical practice where everything needs to be double secured due to HIPAA and of course her financials. There's no reliable information that indicates TrueCrypt, old or new versions, has been compromised. If you're talking about HIPAA and and financial info, bitlocker is probably even overkill. |
|
Quoted:
There's no reliable information that indicates TrueCrypt, old or new versions, has been compromised. If you're talking about HIPAA and and financial info, bitlocker is probably even overkill. Quoted:
Quoted:
Quoted:
Quoted:
I'm looking for the same thing. Whole drive encryption. Everything I'm reading says don't use truecrypt any more, and bit-locker is not available on all versions of Windoz. Mainly for a USB drive that I carry. I thought that the older versions of TC were still secure? How Old? I have been using TC for about 5 years. I have not updated my program I had heard it was compromised but didn't know older versions were still secure. Not doing anything nefarious, just book work for my wife's medical practice where everything needs to be double secured due to HIPAA and of course her financials. There's no reliable information that indicates TrueCrypt, old or new versions, has been compromised. If you're talking about HIPAA and and financial info, bitlocker is probably even overkill. I thought that the general consensus online was that something funky was going on with the most recent builds based on warrant canaries or whatever it was that was going on, at least according to people in that big GD thread we had about it. But who knows; GD is always far more paranoid than what's actually going on in reality. I know very little about the subject beyond knowing how to start the program.  If it bothers somebody that much, they can always use an older version. *shrug*
|
|
Quoted:
I thought that the general consensus online was that something funky was going on with the most recent builds based on warrant canaries or whatever it was that was going on, at least according to people in that big GD thread we had about it. But who knows; GD is always far more paranoid than what's actually going on in reality. I know very little about the subject beyond knowing how to start the program. If it bothers somebody that much, they can always use an older version. *shrug*There's no real consensus. We still to this day have no idea who built TrueCrypt or why, which is reason enough to be paranoid -- but if that's the case, all builds should worry you, not just recent ones. |
|
Quoted:
Quoted:
For all but government foes, Windows 8's Bitlocker should do fine. Assume the keys go to the government. Bitlocker is not secure. http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/ Which is pretty much what I said. If you're threat vector is "typical" -- which is to say you want to keep employees, coworkers, spouses, other users of your machine, script kiddies and even most sophisticated hackers off your data, Bitlocker is fine. If your threat vector includes nation states or the US government, then as I say -- assume those guys have your keys and if you're the type that would draw their attention (if you're a sick fuck with child porn, or someone they would "designate" as a terrorist), then you should assume zero security to Bitlocker. |
|
Quoted:
There's no real consensus. We still to this day have no idea who built TrueCrypt or why, which is reason enough to be paranoid -- but if that's the case, all builds should worry you, not just recent ones. Quoted:
Quoted:
I thought that the general consensus online was that something funky was going on with the most recent builds based on warrant canaries or whatever it was that was going on, at least according to people in that big GD thread we had about it. But who knows; GD is always far more paranoid than what's actually going on in reality. I know very little about the subject beyond knowing how to start the program. If it bothers somebody that much, they can always use an older version. *shrug*There's no real consensus. We still to this day have no idea who built TrueCrypt or why, which is reason enough to be paranoid -- but if that's the case, all builds should worry you, not just recent ones. They're still moving forward with the audit. The current work pertains to the crypto implementations so the proof will be in the pudding. For those of you looking for a good alternative, I still think very highly of FREEOTFE. Its not happy post Windows XP because of driver signing issues, but you can run it in an XP virtual machine and have the XPVM "share" the resulting encrypted drive letter with your host system in a secure way (I think in VirtualBox this would be through a "host only adapter" setup). Sounds like it is a lot of brain damage, but would be a viable way of avoiding Truecrypt. I'm watching DiskCryptor as an alternative, especially if that guy gets things working reliably with Windows 8. But the same problems arise: Its not been formally audited and who knows who the fuck the anonymous guy working on it is from or what his agenda may be. Whole Disk encryption is in a sad, sad, place right now. |
|
Quoted:
They're still moving forward with the audit. The current work pertains to the crypto implementations so the proof will be in the pudding. For those of you looking for a good alternative, I still think very highly of FREEOTFE. Its not happy post Windows XP because of driver signing issues, but you can run it in an XP virtual machine and have the XPVM "share" the resulting encrypted drive letter with your host system in a secure way (I think in VirtualBox this would be through a "host only adapter" setup). Sounds like it is a lot of brain damage, but would be a viable way of avoiding Truecrypt. I'm watching DiskCryptor as an alternative, especially if that guy gets things working reliably with Windows 8. But the same problems arise: Its not been formally audited and who knows who the fuck the anonymous guy working on it is from or what his agenda may be. Whole Disk encryption is in a sad, sad, place right now. Quoted:
Quoted:
Quoted:
I thought that the general consensus online was that something funky was going on with the most recent builds based on warrant canaries or whatever it was that was going on, at least according to people in that big GD thread we had about it. But who knows; GD is always far more paranoid than what's actually going on in reality. I know very little about the subject beyond knowing how to start the program. If it bothers somebody that much, they can always use an older version. *shrug*There's no real consensus. We still to this day have no idea who built TrueCrypt or why, which is reason enough to be paranoid -- but if that's the case, all builds should worry you, not just recent ones. They're still moving forward with the audit. The current work pertains to the crypto implementations so the proof will be in the pudding. For those of you looking for a good alternative, I still think very highly of FREEOTFE. Its not happy post Windows XP because of driver signing issues, but you can run it in an XP virtual machine and have the XPVM "share" the resulting encrypted drive letter with your host system in a secure way (I think in VirtualBox this would be through a "host only adapter" setup). Sounds like it is a lot of brain damage, but would be a viable way of avoiding Truecrypt. I'm watching DiskCryptor as an alternative, especially if that guy gets things working reliably with Windows 8. But the same problems arise: Its not been formally audited and who knows who the fuck the anonymous guy working on it is from or what his agenda may be. Whole Disk encryption is in a sad, sad, place right now. <Insert "World"> is in a sad, sad, place right now. I say this as I walk away thinking, here we are we don't know who is who. Who are the Black hat guys and White hat guys. How fucked is that? 
|
|
Quoted: I have been running TrueCrypt for a few years now and have seen what has been going on. I am migrating to Windows 8 kicking and screaming but wondered what everyone here was running for encryption software. Thanks You don't need to install it. Otherwise, "VeraCrypt" is the next "go to" for the same purpose. Note, it is NOT compatible with your previous containers so you will have to re-do everything and move your files to new containers manually. There is NO REASON to stop using TrueCrypt if you downloaded a version before the blow-up happened.
|
|
Quoted:
grc isn't a reliable source for anything. Quoted:
Quoted:
I like Truecrypt, personally. https://www.grc.com/misc/truecrypt/truecrypt.htm Take away from it what you will. grc isn't a reliable source for anything. Steve has his moments. Just use TC 7 and call it a day. |