A quick review of the code shows it is littered with changes and comments such as the rather alarming “INSECURE_APP”. The source code and binaries (installers) for TrueCrypt on the site have been heavily modified. The announcement advocates users migrate from TrueCrypt to Microsoft BitLocker, but this change is far more than a recommendation and warning page. That said, caution is strongly advised as you will see below. Tempting though it is to think of this as a fake, there is far more evidence to support the fact that this is a genuine (albeit oddly styled) announcement and that the widely used open source encryption solution is no more. As you can see below the page looks somewhat basic and the announcement is widely regarded as rather abrupt (even to some of those involved in the project). There has been no announcement to suggest SourceForge was hacked and they have clearly stated it is to enhance their security procedures for storing passwords, perhaps learning from the mistakes of eBay. On first inspection I was convinced this must be some kind of hoax, hijack or perhaps a hack given Sourceforge last week forced users through a password change process. Such integrated support is also available on other platforms… You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform” Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues… The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. If you have not come across TrueCrypt and why it has become so popular see the below section ‘why do people use TrueCrypt’. Over the past 24 hours the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is “considered harmful” and should not be used. Or as some in the industry would put it, or is it? Establishing trust in crypto (and thus in technology as a whole), now more than ever with the revelations of the past 18 months, is difficult and the following news therefore potentially comes as a significant blow to online privacy and security. From protecting your sensitive details when you log on to Internet banking to protecting data on your laptop or mobile phone if it is lost or stolen, ‘crypto’ (the oft used shortened version of cryptography which includes the wonderful art and science of encrypting information) is a supporting pillar of the global economy and most of the digital world we all touch day to day. running owncloud on a remote server outside your country / running an sftp server which keeps your tomb file).Encryption is a silent, unsung hero of our modern connected society. Today it is pretty easy to store data at some server you can trust (e.g. No sensitive data should be stored on your local drives in case of a house search. IMO the same goes for people which sensitive data. A live GNU/Linux distribution plus access to your data via sshfs or sftpfs will most likely work pretty transparent since your can use FUSE to access your remote data like a local drive. After they arrive they should access their data stored on an external server via secure connection and download their stuff. They are best of with a clean HDD without any data / OS on it (dd if=/dev/zero of=/dev/your-drive). Persons who travel to the US for example should not port a notebook with date anyhow. Those who steal your notebook or want to copy your data will make a full clone of your drive anyhow and most likely will be able to find out about hidden partitions since nothing can really be "hidden" if you need to retrive / open the container to work with it. Those with a serious interest in your data would torture you so long until you tell them that there is a hidden container. $ umount /your/desired/mountpoint & cryptsetup luksClose crypt & losetup -d I disagree !Ī hidden encrypted container will not help in any scenario. # For closing you would use something like: $ losetup /dev/loop0 ~/Dropbox/luksfile & cryptsetup luksOpen /dev/loop0 crypt & mount -t xfs /dev/mapper/crypt /your/desired/mountpoint # For mounting you would use something like: $ losetup -d /dev/loop0 # free the loopdevice $ cryptsetup -c aes-xts-essiv:sha256 -y -s 512 luksFormat /dev/loop0 If uploading the whole container is ok for you (since you used truecrypt) you can try using a luks container it would be something like: $ dd if=/dev/zero of=/luksfile bs=1M count=2100 You should place the encrypted folder in dropbox and the mount point elsewhere.įrom cli should look like this: encfs ~/Dropbox/.crypt ~/crypt #for mounting/creating The only solution, as far as I see it, is using encfs with cryptkeeper(GUI), just "apt-get install cryptkeeper" and use either the GUI or the encfs (man encfs).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |