9/23/2023 0 Comments Truecrypt ed![]() Whodunit?Īmong the possibilities is that the developers may have lost control of the digital signing keys. ![]() That notoriety has given rise to a number of notions that entail government pressure playing a role in this development. Among the crowd that utilized this tool to keep prying eyes out were NSA whistleblower Edward Snowden and journalist Glenn Greenwald. The easily implemented software was favored by people and companies that were interested in privacy. Various theories on what events led up to these developments have emerged, none of them confirmed as the authors are difficult to identify and approach. It was notoriously updated rarely, so this announcement and release have surprised many. TrueCrypt was driven by a secretive team of anonymous developers, and was a completely open-sourced project. “They decided to quit and this is their signature way of doing it.” “I think the TrueCrypt team did this,” Green said in a phone interview. Security writer Brian Krebs also covered the issue in a story that included an interview with cryptographer and research professor Matthew Green. So, yeah: hack, troll, ragequit, whatever- silence means TrueCrypt org can’t be trusted, so neither can TrueCrypt. On Twitter, infosec guru and Security Conference ‘BSides’ Co-founder ‘Jack_Daniel’ stated: The announcement further pointed users to look to operating system embedded options such as Windows BitLocker.Ĭomments and stories related to the TrueCrypt situation are emerging throughout the web. Internet researchers have discovered that the latest download version released simultaneously with the announcement can only decrypt files, and cannot encrypt files, volumes or drives. What is known is that the warning is prominently placed on the home page and it is found in the code. The news has shaken up groups of privacy and security-minded users as the nature of the statement has not been made clear. So feel free to pick this apart if you got the technical skills to prove me wrong.The popular drive encryption software TrueCrypt issued a mysterious warning on the open-source project’s website yesterday, indicating that the product is not safe for use. I might also be wrong about everything since I know I can never know it all. My suggestion would be to generate a container for the data and enable delta sync. Which means they are back at square one where they have to trust their administration to not take a peek at their data. Most people that I know can’t do their own server and are using shared windows computers. It opens you up to data loss with undetected container changes and data theft with the provider and the admins on your client. Instead of trusting Dropbox and admins you have to trust whatever nextcloud provider you choose plus admins. I’m a little disappointed with nextcloud in the current state. So in my opinion nextcloud needs to generate a encrypted container that only the user has the password to. You need one big container with delta sync. Loading the dozens of different containers and punching in the secure passwords really is tedious. ![]() OK so now I went back and analysed my tree structure to cut the containers into reasonable size containers.īut to be honest that’s not a scenario I would like to explain to anybody not interested in encryption etc. ![]() But hey its opensource I got to figure this out it’s good for all of us. Why oh why is there no delta sync if you have to use containers. Since the sync folders get overwritten again and again there was little hope to identify the changes I needed back.Īfter going back and changing veracrypt settings so that nextcloud would not ignore my work I realised that now nextcloud was always uploading the full container size. Imagine the cold sweat on my head when I realised I lost month worth of document changes since the standard settings didn’t work for synching veracrypt containers. Holy smokes that’s a big whole in the privacy I thought and put the whole stuff in veracrypt containers (since truecrypt is…well you know) since I still loved nextcloud. ![]() I felt quite stupid talking about encryption or privacy in that context when any admin on a Windows machine can access the files. It’s even worse then that all your data is stored unencrypted on the machine you are using with the sync client by default. Meaning if you host it on one the provider that are recommended on the nextcloud homepage like ocloud they can access whatever they want since they have root access and if one of your sync folders is on a shared windows computer those administrators can also access everything directly even if they don’t even know about the next cloud server. The discussion made me realize that I overestimated the privacy promise of nextcloud. Thanks for all the detailed information guys. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |