[cryptome] Re: TrueCrypt compromised
- From: Aftermath <aftermath.thegreat@xxxxxxxxx>
- To: cryptome@xxxxxxxxxxxxx
- Date: Mon, 9 Jun 2014 13:39:22 -0700
403 here as well
On Mon, Jun 9, 2014 at 12:51 PM, Jarrod B <jarrodsb@xxxxxxxxx> wrote:
> So is this why I'm getting a 403 message when i go to cryptome .org?
>
>
> On Mon, Jun 9, 2014 at 1:39 PM, Neal Lamb <nl1816a@xxxxxxxxxxxxx> wrote:
>
>> http://ecowatch.com/2014/06/06/china-coal-cap-strand-assets/
>>
>>
>> On Monday, June 9, 2014 11:55 AM, Aftermath <
>> aftermath.thegreat@xxxxxxxxx> wrote:
>>
>>
>> Some one just pointed this out too me:
>>
>> https://veracrypt.codeplex.com/
>>
>>
>>
>>
>> from the website:
>>
>> *Project Description*
>> VeraCrypt is a free disk encryption software brought to you by *IDRIX *(
>> http://www.idrix.fr) and that is based on TrueCrypt, freely available at
>> http://www.truecrypt.org/.
>> It adds enhanced security to the algorithms used for system and
>> partitions encryption making it immune to new developments in brute-force
>> attacks.
>>
>> For example, when the system partition is encrypted, TrueCrypt uses
>> PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661.
>> And for standard containers and other partitions, TrueCrypt uses at most
>> 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations
>> for SHA-2 and Whirlpool.
>>
>> This enhanced security adds some delay only to the opening of encrypted
>> partitions without any performance impact to the application use phase.
>> This is acceptable to the legitimate owner but it makes it much more harder
>> for an attacker to gain access to the encrypted data.
>>
>>
>> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.*
>>
>> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format. *
>> *VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format.*
>>
>> (repetition is mine to highlight the fact that you cannot open truecrypt
>> volumes with veracrypt)
>>
>> -Afterm4th
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 3, 2014 at 9:50 AM, <tpb-crypto@xxxxxxxxxxx> wrote:
>>
>> > Message du 03/06/14 10:51
>> > De : "Shaun O'Connor"
>> >
>> > I take your point about the encryption dilemma(did I spell that
>> > correctly). I think the Jury is out on that particular issue though...
>> >
>> > Personally I think we are in a perpetual game of cat and mouse with
>> > those who make it their business to know everything about everyone..
>> >
>>
>> The rewards for the spies are too great for this game to end one day.
>>
>> The game will continue, but because of these disclosures by half-2015,
>> the spies will have to start all over again, at least against people who
>> are aware and actively protect their systems. Because those that got legacy
>> systems will be forever under the treat.
>>
>> Considering our increasing life expectancy and the fact that we are using
>> Cobol and Fortran codes made 40 years ago in many financial and scientific
>> institutions, we can count many exploits discovered in the last decade to
>> be still exploitable in 100 years. Because those systems won't go away.
>>
>> An example of why this is possible, is how many webservers (not merely
>> firmware routers hard to re-flash) you will find that are still vulnerable
>> to heartbleed. The rate of correction seems to be asymptotic, thus always
>> leaving some uncorrected systems till the end of their usable lives.
>>
>> Put that in an automated system like spy agencies have, and you have
>> interesting data streams forever to exploit. The only solution to stop them
>> is to uncover their taps and block them, those are much smaller in number
>> and easier to tackle than millions of machines.
>>
>>
>>
>>
>>
>
Other related posts:
