My “to blog” hopper is overflowing with linkage. However there have been a number of challenges keeping up with the onslaught of “real-life” work and family needs lately.
The hopper is much neglected.
I anticipate there will be a series of upcoming posts that cover very old (in Internet time) topics that I still want to get up for my own reference.
This is one of such posts.
I use TrueCrypt to encrypt my primary personal laptop. The protection is against data-loss due to common theft.
The TrueCrypt project shut down suddenly, freaked a bunch of folks out, and spawned an independent security audit of the source code. Many folk fled in panic. I decided to stick it out and leave TrueCrypt in place rather than migrate to another solution. In April 2014 the first phase of the Audit was completed (PDF link) and things generally seemed fairly solid.
The second phase of the audit was finished up (PDF link) in April 2015 and things again looked relatively positive for the core security integrity of the software.
Here’s the rest of the story:
- A Few Thoughts on Cryptographic Engineering: Truecrypt report - Matthew Green’s blog
- Cryptography Services Final Report - TrueCrypt (PDF link) - Open Crypto Audit Project
- TrueCrypt Security Audit Completed - Schneier on Security
- TrueCrypt security audit is good news, so why all the glum faces? - Ars Technica
- TrueCrypt's Security Audit Is Finally Done, with (Mostly) Good Results - Lifehacker
- TrueCrypt doesn't contain NSA backdoors - Betanews
- TrueCrypt Audit Phase II completed: 4 vulnerabilities identified - gHacks Tech News
- VeraCrypt 1.0f-2 update fixes TrueCrypt audit vulnerability - gHacks Tech News
- TrueCrypt: No backdoors - Caschys Blog (Google page translation)
Now that the dust has settled, I remain confident in sticking with the current TrueCrypt deployment on my system. If/when I upgrade to Win 10 I’ll have to remove the TrueCrypt encryption and begin looking for the next alternative. But until then, it’s good enough for me.