Was it ever revealed why the developer just packed up and disapeared while also recomending bitlocker?

Was it ever revealed why the developer just packed up and disapeared while also recomending bitlocker?

Attached: truecrypt-security-audit-services.png (728x390, 21K)

Other urls found in this thread:

en.wikipedia.org/wiki/Paul_Le_Roux
magazine.atavist.com/the-mastermind
slashfilm.com/michael-manns-next-movie/
ostif.org/about-the-ostif-staff/
blog.quarkslab.com/resources/2016-10-17-audit-veracrypt/16-08-215-REP-VeraCrypt-sec-assessment.pdf
twitter.com/NSFWRedditGif

One of the maintainers got arrested.

Forced by law enforcement.

Warrant Canary.

what if the Warrant Canary is fake? you'll never know

It's pretty simple

Either
a) One of the maintainers quit/died/arrested and the rest didn't want to go on

b) They were told to stop by an authority above them


Consider the following:
Paul Le Roux is the supposed creator of Truecrypt
He was captive in the US since 2012
Between 2012-2014 his lackies were arrested or killed
He was found guilty by 2014
The Truecrypt Foundation organization dissolved in 2014

Coincidence?

Doesn’t matter since it passed audit.

Attached: image.jpg (1604x1958, 1.25M)

In all likeliness his professional work became more important than this volunteer side project when his product was, frankly, far less relevant than it used to be what with Bitlocker being standard in Win10.

Didn't the production go to veracrypt?

Bitlocker not recommended since M$ has your keys...unless you fork over 250$. Even if you fork over 250$ it doesn't mean NSA has a backdoor into your drive.

If it's not open source it's a placebo.

So are do you have any research that demonstrates either that Bitlocker is cryptographically unsound or at the very least that it doesn't follow any known cryptographic algorithm (although, really, those should mean the same thing)? Because if not, I can just hand-wave and say "Microsoft installed a key-logger on your computer and already knows your Veracrypt password." I'm open to reasonable skepticism.

do you really trust closed source crap

This, anyone using veracrypt is fucking retarded for falling for the under hand backdoors.

If you have something to hide why take the risk? There are two outcomes of any (((privacy))) software that isn't open source.

1.) There is an intentional backdoor in product
2.) Since it's closed source no security researchers can't attack it directly and point out the bugs. Everything is internalized at M$. A rogue employee might know the flaws and sell zeroday exploits to the Chinese for instance.

Bitlocker might be ok but I'm not willing to risk any personal data of mine or my customers on it. I would recommend veracrypt with the hidden volume feature that Bitlocker does not have. This is in case you need to disclose your password they see only the fake content of the drive.

They suffered the same fate as Lavabit.

N_ot S_afe A_nymore.

Pressured to stop development or security compromised?

3 letter agencies got rid of him

If I truly had anything to hide I wouldn't be using Windows. And TC is way too shady to be relied on as well.

>If it's not open source it's a placebo.
>do you really trust closed source crap
Just blindly believing something is safe or secure just cause it's open sauce is breddy dumb m8.

Between Veracrypt and BitLocker, is there a Jow Forums approved consensus on what to use and why?

LUKS

Old fag here. 7.1a is last safe version. Enjoy.

+1

The only reason I still use veracrypt is cross platform...

bitlocker/EFS for keeping jamal out

Veracrypt for keeping your paedo shit safe

Wasn't Truecrypt made by some drug lord, who got arrested?

en.wikipedia.org/wiki/Paul_Le_Roux

can you list the security holes in veracrypt?

Libing the drim

Attached: proxy.duckduckgo.com.jpg (634x692, 52K)

Veracrypt patches holes in the original Truecrypt design. Don't choose known bugs over hypothetical flaws. VC has also been audited.

>Children: Between 3 and 5
ayy lmao

Wasn't there an anagram on the latter he published while recommending bitlock?

TrueCrypt and VeraCrypt have been audited.

Bitlocker has not because it's closed source MS code. Therefore, it cannot be trusted.

And considering Microsoft gather information about you on Windows 10 purely for the reason of gathering data, there's even less reason to trust it.

there is no official letter
but obviously he didnt want to build a backdoor for the authorities

Attached: THIS.gif (350x188, 323K)

Why does the government hate encryption so much lmao

If the British could crack the Nazi enigma in 1940 then why can't the US superpower not crack a basement autist encryption team?

Because the US government is fascistic as fuck

you need to read this: magazine.atavist.com/the-mastermind
en.wikipedia.org/wiki/Paul_Le_Roux
slashfilm.com/michael-manns-next-movie/

thank me later

>durrr open source is more secure!
>trusting OpenSSL

the guy was an international drug and gun runner dude. it's a fascinating story desu, Breaking Bad-style en.wikipedia.org/wiki/Paul_Le_Roux

it's not "open source is more secure"
it's that it's literally impossible to audit closed source software without looking at the source
both veracrypt and truecrypt have audited versions that you (or your company or whatever) can personally double-check

with closed source software, you're left trusting MS, and MS has shown (not even through malicious "we're stealing your data and selling it", but easily documented incompetence over the years) that they can't be trusted

>comply or die order issued by deep state
>they have the resources to drop you anywhere at any time
>developer given no choice but to follow orders

The control grid just keeps growing, we're gonna hang the traitors and bring real math and real implementations back to the people. I'm gonna make them give back our past.

>TrueCrypt and VeraCrypt have been audited.
Just ot be clear - these are the people who audited it. I've personally never hard of them of their foundation.
ostif.org/about-the-ostif-staff/

If you told me tc and vc had thwaite or verisign keys that would be a different story...

>Bitlocker has not because it's closed source MS code. Therefore, it cannot be trusted.
There are such things a internal audits and that blind mistrust of closed sauce is quite telling.
You don't really need to tell Jow Forums that ms is a botnet m8. That's gilding the lily.

Attached: tumblr_nfgw9ebN341s0aorpo1_1280.jpg (1280x1918, 552K)

>Passed audit means it's safe to use forever
>meanwhile within 2 years vulnerabilities were found for it on Windows

How come veracrypt is still going strong? Obviously something fishy is going on here if truecrypt got the axe but veracrypt remains untouched.

you can their advisor.

Haley Van Lahr Principal Consultant Exactus Advisors
Samuli Seppänen Community Manager The OpenVPN Project
Daniel Davis Community Manager DuckDuckGo
Joeseph Soria Chief Executive Officer Flashrouters.net
Christel Dahlskjaer Open Source Lead London Trust Media
Markus Vervier Chief Executive Officer X41 D-sec
Fred Raynal Chief Executive Officer Quarkslab
JP Aumasson Chief Security Officer Kudelski Security
Daniel Guido Chief Executive Officer Trail of Bits
Sarang Noether Programmer and Researcher Monero Research Lab
Mounir Idrassi Technical Lead Veracrypt
Juan Leni Programmer and Researcher Quantum Resistant Ledger
Marita Markkula Community Manager F-Secure
Matt Caswell Programmer and Researcher OpenSSL
Harold Community Manager ExpressVPN
Florent Tatard Anonymous Anonymous

If you use windows, you should accept you aren't secure against a strong adversary.

>Haley Van Lahr Principal Consultant Exactus Advisors
Never heard of the org let alone the person.
>Samuli Seppänen Community Manager The OpenVPN Project
Community Manager != security or crypto credentials. Literally PR
>Daniel Davis Community Manager DuckDuckGo
Community Manager != security or crypto credentials. Literally PR
>Joeseph Soria Chief Executive Officer Flashrouters.net
Never heard of the org let alone the person.
>Christel Dahlskjaer Open Source Lead London Trust Media
Never heard of the org let alone the person. OS lead just means they had to have someone to wear the hat and that person drew the short straw
>Markus Vervier Chief Executive Officer X41 D-sec
Never heard of the org let alone the person.
>Fred Raynal Chief Executive Officer Quarkslab
Never heard of the org let alone the person.
>JP Aumasson Chief Security Officer Kudelski Security
Never heard of the org let alone the person.
>Daniel Guido Chief Executive Officer Trail of Bits
Never heard of the org let alone the person.
>Sarang Noether Programmer and Researcher Monero Research Lab
Never heard of the person. About the only valid cred in the group so far...
>Mounir Idrassi Technical Lead Veracrypt
vc advising vc on an audit - that's not very independent. If they were liaison they would have said.
>Juan Leni Programmer and Researcher Quantum Resistant Ledger
Never heard of the org let alone the person.
>Marita Markkula Community Manager F-Secure
Community Manager != security or crypto credentials. Literally PR
>Matt Caswell Programmer and Researcher OpenSSL
Some cred.
>Harold Community Manager ExpressVPN
Community Manager != security or crypto credentials. Literally PR, from a vpn that has skin in the game no less!
>Florent Tatard Anonymous Anonymous
Do I even need to comment on this one?

Like I said - if this holy grail audit people keep quoting was industry standard run by crypto mavens I'd be slightly less sceptical.

Attached: download (3).jpg (3024x3593, 885K)

I don't think mistrusting anything M$ related should be considered "blind mistrust" given their storied history of gross incompetence. And trusting any closed source software for something as important as encrypting your data is just asking for trouble. That's not blind mistrust of closed source software, it's just common sense.

CIA death threads

I would argue that simply trusting open sauce software especially because of
>muh audit
done by people who have little or no security/crypto credibility/credentials is just as foolish.
calling software os isn't just a license to suggest it's somehow more secure

At no point have I suggested that ms should be trusted - which is what you appear to be trying to conflate. The opposite in fact.
>You don't really need to tell Jow Forums that ms is a botnet m8.

Reading the audit - blog.quarkslab.com/resources/2016-10-17-audit-veracrypt/16-08-215-REP-VeraCrypt-sec-assessment.pdf
is quite interdasting. It akshully seems as tho it was done in-house and then submitted to ostif for review...

they hate it because information is the most powerful thing on the planet if you have it you control the future
they cant crack it because math

>simply trusting open sauce software
I made no such claim either so I think we are in agreement.

>I think we are in agreement.
Indeed!

I was wrong about
>It akshully seems as tho it was done in-house and then submitted to ostif for review...

>Two people from Quarkslab worked on this audit, for a total of 32 man-days of study:
>• Jean-Baptiste Bédrune, Senior Security Researcher,
>• Marion Videau, Senior Cryptographer and Chief Scientific Officer.
And I'd call both of those set of credentials valid.

Attached: Ivanka Trump2.jpg (940x627, 73K)