It just took someone to figure out the vulnerability and now there is no answer.īottom line, don't use Truecrypt if you really don't want someone to access your data. The commercial tools are themselves just optimized versions of open source tools which have been widely available for decades.
It's so fundamental to how machines work, it's doubtful there can be a solution any time soon. You can look it up, Passware and Elcomsoft released tools in 2012 that capitalize on fundamentally how things work by parsing out the unencrypted keys in memory whenever the partition or disk is mounted. The approach is just fundamentally flawed as of today. Some really interesting comments on Reddit - your link, it looks to me like just a lot of uninformed speculation and imagination gone wild.Īs I described, there is a fundamental flaw to (yes, the whole family) of encryption solutions that function like Truecrypt, and that includes Microsoft's much-bally-hooed Bitlocker. The audit this week, but he said this wasn't what was planned, to his They were going to make some sort of announcement about Had a few minor issues they found, but nothing critical or particularlyĮarthshattering. He said that the version used in the review - 7.1a.
People involved in the code/security audit, who said that he hasn't beenĪble to reach the developers (whom he apparently knows) to find out What I read about this yesterday included a comment from one of the Would advise (a) not panicing, and (b) wait until more information is
Until we have news from someone with actual knowledge of the situation, I "decryption-only" version may be compromised as well. In addition, there's a suggestion floating around that the 7.2 > Yeah, the version they are providing now only decrypts, and does not
0 kommentar(er)
