But in all honesty, that’s probably not the way I’d recommend you switch to it any way if, indeed, you switch to it at all. The one thing where it kind of fell down for me is that they supposedly won’t be able to open up and manage existing TrueCrypt volumes. If you are familiar at all with TrueCrypt then VeraCrypt will look really familiar, because it’s the same code it is the same stuff the dialogs look the same and so forth. They have fixed this particular flaw, for example and apparently a few other things as well. It is TrueCrypt plus further development. I may refer to it as “Veera” Crypt because my first Corgi’s name was Vera so it’s really hard for me not to say that but VeraCrypt was developed from a snapshot from the TrueCrypt source code at that time TrueCrypt development stopped. The one that’s coming to mind, the one that seems to be relatively solid is one called VeraCrypt. In that time, I had an opportunity to notice who were the “up and comers”, who are the suitable replacements for TrueCrypt. Now, it has been a year since TrueCrypt support was dropped. So I’m not concerned that this means anything about the quality of TrueCrypt, and as we’ve said, it has nothing to do with the encryption of TrueCrypt, but without formal support for TrueCrypt, in other words, this bug isn’t going to get fixed, because TrueCrypt development has stopped, we need to start thinking about what are the alternatives. The systems we have today are incredibly complex. That’s why we keep finding vulnerabilities all of the time everywhere. Those kinds of vulnerabilities slipped through, which, and again, not to really be too concerned about it, I mean this is really complex software. It clearly focused more on TrueCrypt’s encryption as compared to its interaction with the system but (which is where the vulnerability was found so that the encryption was fine), but the fact is some things slipped through. There was an actual security audit performed on TrueCrypt. Then with or without this particular vulnerability in TrueCrypt, you know malware could be logging your keystrokes, could be reading your data, doing whatever.īut it has got us thinking a little bit, because as we know, about a year ago now, TrueCrypt was unceremoniously dropped by its developer with some very vague notes that had everybody kind of freaking out at the time. You don’t have to worry about your data being exposed somehow, unless of course, you have malware on your machine. The really good news, of course, is that vulnerability has nothing to do with TrueCrypt’s encryption. TrueCrypt’s encryption remains solid. So, naturally, I mean the good news is that it requires the cooperation or the presence of malware to take advantage of or to exploit that vulnerability in TrueCrypt. It is likely that it’s not a huge deal, but as I understand it, the way it works is that the security flaw in TrueCrypt would allow malware on your machine to gain elevated privileges. In other words, become administrator on your machine, and once malware becomes administrator, they can do all sorts of nasty things. As I understand it, it may only apply to TrueCrypt used in a specific way, meaning whole disk encryption. So, TrueCrypt, you probably heard announced a couple of weeks ago that there had been found a security flaw in TrueCrypt itself. LastPass, we just heard a couple of days ago that they’ve been sold to LogMeIn, and then I ran into something that doesn’t portend well for the future of Boxcryptor Classic.Īll three of these are software that I’ve recommended, so I wanted to quickly take a few minutes and talk about what the issue is with each of them why you shouldn’t necessarily panic, of course, but then also what I’m looking into to move forward for each of them, in case we end up needing to make some changes. TrueCrypt, we heard about its security flaw a couple of weeks ago. In the last couple of weeks, we’ve had pieces of news, and I’ve had at least one experience with each of those three pieces of software I just mentioned. Boxcrypter, TrueCrypt, LastPass … Oh, my!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |