Re: [cryptography] TrueCrypt
Unfortunately both seem to be too stupid to run grep in their files ... they go the old fashioned way. If they had sysadmin help, maybe the documents could be perl-filtered and have the most interesting bits extracted in one big file. > Message du 29/05/14 23:56 > De : "Jeffrey Walton" > A : "Sadiq Saif" > Copie à : "Cryptography List" > Objet : Re: [cryptography] TrueCrypt > > Does anyone know if Greenwald or Poitras are holding relevant documents? > > Dr. Schneier does not have much to add: "I have no idea what's going > on with TrueCrypt". > > On Wed, May 28, 2014 at 4:35 PM, Sadiq Saif wrote: > > http://truecrypt.sourceforge.net/ > > https://gist.github.com/anonymous/e5791d5703325b9cf6d1 > > https://twitter.com/matthew_d_green > > > > So WTF happened? > > > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
Does anyone know if Greenwald or Poitras are holding relevant documents? Dr. Schneier does not have much to add: "I have no idea what's going on with TrueCrypt". On Wed, May 28, 2014 at 4:35 PM, Sadiq Saif wrote: > http://truecrypt.sourceforge.net/ > https://gist.github.com/anonymous/e5791d5703325b9cf6d1 > https://twitter.com/matthew_d_green > > So WTF happened? > ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 29.05.2014 14:15, Dave Howe wrote: Nitpick: Truecrypt is proprietary (it's source is viewable, but you aren't licensed to distribute modifications of it). Not seeing that from the licence, TBH - it has the usual "you can't call it truecrypt" stuff, and if you distribute a modified copy you have to include an ACK to the project (like the BSD licence used to) and if you make a larger product with bits of tc in it, it carries a gpl-like requirement that the resulting product be under an OSS licence; not seeing any restriction on it other than that. Maybe you could enlighten me? You're right, I too couldn't find any clear restrictions on this, besides it seems that there is already a TC fork existing for some time: http://rpmfusion.org/Package/realcrypt Sorry for the confusion. -- ?ukasz Biegaj ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 29/05/2014 09:20, Lukasz Biegaj wrote: > On 29.05.2014 09:34, David Johnston wrote: >> Someone needs to fork the code (the version prior to the most recent >> change), address the issues raised in the recent audit and host it >> outside the jurisdiction of the US government, using fresh signing keys. Build environment is a bit of a 'mare though - possibly a new group could fix that, and fold in reproducable builds too? > Nitpick: Truecrypt is proprietary (it's source is viewable, but you > aren't licensed to distribute modifications of it). Not seeing that from the licence, TBH - it has the usual "you can't call it truecrypt" stuff, and if you distribute a modified copy you have to include an ACK to the project (like the BSD licence used to) and if you make a larger product with bits of tc in it, it carries a gpl-like requirement that the resulting product be under an OSS licence; not seeing any restriction on it other than that. Maybe you could enlighten me? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
> Message du 29/05/14 10:20 > De : "Lukasz Biegaj" > A : cryptography@randombit.net > Copie à : > Objet : Re: [cryptography] TrueCrypt > > On 29.05.2014 09:34, David Johnston wrote: > > > >>> So WTF happened? > >>> > >> The same thing that happened with Lavabit. > >> > >> > > Someone needs to fork the code (the version prior to the most recent > > change), address the issues raised in the recent audit and host it > > outside the jurisdiction of the US government, using fresh signing keys. > > > > Nitpick: Truecrypt is proprietary (it's source is viewable, but you > aren't licensed to distribute modifications of it). > That seems to not be a problem, if the owner does not complain. They will lose their anonymity if they do complain. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 29.05.2014 09:34, David Johnston wrote: So WTF happened? The same thing that happened with Lavabit. Someone needs to fork the code (the version prior to the most recent change), address the issues raised in the recent audit and host it outside the jurisdiction of the US government, using fresh signing keys. Nitpick: Truecrypt is proprietary (it's source is viewable, but you aren't licensed to distribute modifications of it). -- Lukasz Biegaj ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 5/28/14, 11:16 PM, Lukasz Biegaj wrote: W dniu 28.05.2014 22:35, Sadiq Saif pisze: http://truecrypt.sourceforge.net/ https://gist.github.com/anonymous/e5791d5703325b9cf6d1 https://twitter.com/matthew_d_green So WTF happened? The same thing that happened with Lavabit. Someone needs to fork the code (the version prior to the most recent change), address the issues raised in the recent audit and host it outside the jurisdiction of the US government, using fresh signing keys. Letting the government crush all the effective security software and services with NSL letters would be a win for the forces of evil in the government. Enabling those things to continue would benefit everyone. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
W dniu 28.05.2014 22:35, Sadiq Saif pisze: http://truecrypt.sourceforge.net/ https://gist.github.com/anonymous/e5791d5703325b9cf6d1 https://twitter.com/matthew_d_green So WTF happened? The same thing that happened with Lavabit. -- Lukasz Biegaj ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 5/28/2014 4:35 PM, Sadiq Saif wrote: http://truecrypt.sourceforge.net/ https://gist.github.com/anonymous/e5791d5703325b9cf6d1 https://twitter.com/matthew_d_green So WTF happened? So encrypt with BitLocker and decrypt with TrueCrypt? Why? -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
On 5/28/2014 17:04, Kyle Maxwell wrote: > Sabu told me over lunch that Snowden revealed the NSA compromise of > TrueCrypt while having lunch with Putin in Crimea. > Good one. -- Sadiq Saif ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
Sabu told me over lunch that Snowden revealed the NSA compromise of TrueCrypt while having lunch with Putin in Crimea. On Wed, May 28, 2014 at 4:02 PM, Swair Mehta wrote: > 1) Microsoft ended support for XP. > 2) Elcomsoft claims the ability to retrieve master & secondary (XTS mode) > keys for TrueCrypt volumes/partitions from hibernation files. > 3) Passware same as above. > 4) > https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf > - header key derivation uses low iteration count > 5) not sure if there is anything else. > > > > > > > On Wed, May 28, 2014 at 1:35 PM, Sadiq Saif wrote: >> >> http://truecrypt.sourceforge.net/ >> https://gist.github.com/anonymous/e5791d5703325b9cf6d1 >> https://twitter.com/matthew_d_green >> >> So WTF happened? >> >> -- >> Sadiq Saif >> ___ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography > > > > > -- > Swair Mehta > > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > -- @kylemaxwell ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] TrueCrypt
1) Microsoft ended support for XP. 2) Elcomsoft claims the ability to retrieve master & secondary (XTS mode) keys for TrueCrypt volumes/partitions from hibernation files. 3) Passware same as above. 4) https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf- header key derivation uses low iteration count 5) not sure if there is anything else. On Wed, May 28, 2014 at 1:35 PM, Sadiq Saif wrote: > http://truecrypt.sourceforge.net/ > https://gist.github.com/anonymous/e5791d5703325b9cf6d1 > https://twitter.com/matthew_d_green > > So WTF happened? > > -- > Sadiq Saif > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > -- Swair Mehta ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] TrueCrypt
http://truecrypt.sourceforge.net/ https://gist.github.com/anonymous/e5791d5703325b9cf6d1 https://twitter.com/matthew_d_green So WTF happened? -- Sadiq Saif ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography