by buddylw on 5/30/14, 2:51 AM
by tptacek on 5/30/14, 3:43 AM
It would be nice if the people who pick up and run with the "reboot" of Truecrypt's project management had a background in cryptography. Do these people?
by callahad on 5/30/14, 2:30 AM
I don't believe the TrueCrypt license allows this kind of redistribution, does it?
Then again, with anonymous developers and unknown jurisdiction, it may be moot.
by bitJericho on 5/30/14, 1:14 PM
My opinion, the fact that some security researcher was going to be getting more money than the actual developer ever made off the project must have been infuriating. I think that's good enough reason to burn the project to the ground.
by voltagex_ on 5/30/14, 2:16 AM
The signatures and binaries are not served over HTTPS. It would be prudent to compare them to other sources.
by nhayden on 5/30/14, 2:45 AM
This looks like a bootstrap site that was thrown together in an hour by two guys with twitter accounts and $10 for a domain name. I really doubt they're going to be doing any dev work.
by 100rsa on 5/30/14, 12:01 PM
Still have no idea what's the "unfixed security issues", and few guys mention about it.
I image there the "security issues" will be (if it exist):
1. because key are easy to stolen by coolboot or trojan.
2. because it has backdoor, will save key to a hidden place.
3. because it will leave some information in other place, like 2 but it's implantation problem.
4. because it use a vulnerable algorithm to generate key.
5. because pbkdf2 or aes256 is broken but nobody known it.
exclude 2 and 3, change to other software it's not help at all, algorithm almost same.
by Istof on 5/30/14, 3:32 AM
if the developers of Truecrypt are anonymous and the license doesn't allow something like this, would this allow us to find out who the developers are if they sue?
by throwaway7767 on 5/30/14, 10:32 AM
Honestly, I was hoping this drama would result in the implementation of hidden containers for other crypto solutions (dm-crypt, etc).
Hopefully that may still happen.
by Sir_Cmpwn on 5/30/14, 3:52 AM
This is a bad idea. TrueCrypt should be put to bed for good. An event of this magnitude is easy justification for dropping TrueCrypt. It serves an extremely delicate purpose and this raises far too many red flags to ignore.
Place your energy in the alternatives. I wish you could downvote things on HN, if only because this is downright dangerous and needs to be read by as few people as possible.
by Paul12345534 on 5/30/14, 4:11 AM
I would love to see it live on with no new unneeded features, no changes made unless they are to fix bugs. Keep a stable long-term product and get as many people as possible looking over that code for flaws.
by christianbryant on 5/30/14, 10:47 PM
Search off the phrase "TrueCrypt Developers Association. All rights reserved." and you will find many other projects that include embedded TrueCrypt code. Food for thought...
by read on 5/30/14, 11:29 AM
Anonymous development on a security relevant Project is no longer an option.Why not?
by thought_alarm on 5/30/14, 3:53 AM
Why don't you send TrueCrypt.org a few dollars then?