TrueCrypt – No longer safe?

Bad news.  A serious flaw in TrueCrypt has been found that potentially allows full system compromise.  The worse news?  There’s no truly trustworthy TC successor for Windows out there in the wilds so far.  Microsoft and Symantec both offer encryption solutions, but surely they’re rife with back doors.  VeraCrypt is a fork of TC, but so far there’s nothing to generate any confidence that it too isn’t compromised.

The good news, I suppose, is that so far it appears that TrueCrypt on Linux doesn’t have this newly found flaw.  Also, it seems this flaw requires the machine to be on and in Windows.  In other words, if your fully disk encrypted machine is powered down, or your drives are removed or are external and the machine isn’t with them, your data remains safe.  Cold comfort, really.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">