[cryptome] Re: TrueCrypt compromised
- From: Jarrod B <jarrodsb@xxxxxxxxx>
- To: cryptome@xxxxxxxxxxxxx
- Date: Mon, 9 Jun 2014 15:51:42 -0400
So is this why I'm getting a 403 message when i go to cryptome .org?
On Mon, Jun 9, 2014 at 1:39 PM, Neal Lamb <nl1816a@xxxxxxxxxxxxx> wrote:
> http://ecowatch.com/2014/06/06/china-coal-cap-strand-assets/
>
>
> On Monday, June 9, 2014 11:55 AM, Aftermath <
> aftermath.thegreat@xxxxxxxxx> wrote:
>
>
> Some one just pointed this out too me:
>
> https://veracrypt.codeplex.com/
>
>
>
>
> from the website:
>
> *Project Description*
> VeraCrypt is a free disk encryption software brought to you by *IDRIX *(
> http://www.idrix.fr) and that is based on TrueCrypt, freely available at
> http://www.truecrypt.org/.
> It adds enhanced security to the algorithms used for system and partitions
> encryption making it immune to new developments in brute-force attacks.
>
> For example, when the system partition is encrypted, TrueCrypt uses
> PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661.
> And for standard containers and other partitions, TrueCrypt uses at most
> 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations
> for SHA-2 and Whirlpool.
>
> This enhanced security adds some delay only to the opening of encrypted
> partitions without any performance impact to the application use phase.
> This is acceptable to the legitimate owner but it makes it much more harder
> for an attacker to gain access to the encrypted data.
>
>
> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.*
>
> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format. *
> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.*
>
> (repetition is mine to highlight the fact that you cannot open truecrypt
> volumes with veracrypt)
>
> -Afterm4th
>
>
>
>
>
>
>
>
> On Tue, Jun 3, 2014 at 9:50 AM, <tpb-crypto@xxxxxxxxxxx> wrote:
>
> > Message du 03/06/14 10:51
> > De : "Shaun O'Connor"
> >
> > I take your point about the encryption dilemma(did I spell that
> > correctly). I think the Jury is out on that particular issue though...
> >
> > Personally I think we are in a perpetual game of cat and mouse with
> > those who make it their business to know everything about everyone..
> >
>
> The rewards for the spies are too great for this game to end one day.
>
> The game will continue, but because of these disclosures by half-2015, the
> spies will have to start all over again, at least against people who are
> aware and actively protect their systems. Because those that got legacy
> systems will be forever under the treat.
>
> Considering our increasing life expectancy and the fact that we are using
> Cobol and Fortran codes made 40 years ago in many financial and scientific
> institutions, we can count many exploits discovered in the last decade to
> be still exploitable in 100 years. Because those systems won't go away.
>
> An example of why this is possible, is how many webservers (not merely
> firmware routers hard to re-flash) you will find that are still vulnerable
> to heartbleed. The rate of correction seems to be asymptotic, thus always
> leaving some uncorrected systems till the end of their usable lives.
>
> Put that in an automated system like spy agencies have, and you have
> interesting data streams forever to exploit. The only solution to stop them
> is to uncover their taps and block them, those are much smaller in number
> and easier to tackle than millions of machines.
>
>
>
>
>
Other related posts:
