Comment Re:Can you show vulnerabilities in TrueCrypt? (Score 1) 510
Ok, so maybe you won't find 311,000 vulnerabilities. I thought that was an obvious exaggeration, but you could have at least clicked the first 2 search results. For example:
Password stored in keyboard buffer - http://www.ivizsecurity.com/security-advisory-iviz-sr-0803.html
Cold Boot Attack - http://www.mydigitallife.info/2008/07/24/bitlocker-filevault-dm-crypt-and-truecrypt-encryption-key-crack-via-dram-cold-boot-attack-with-program-source-code-download/
If you also searched for truecrypt at http://www.nist.gov/ you would have found these four.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1738
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1589
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2183
This is from wikipedia, for more information go to http://en.wikipedia.org/wiki/Truecrypt#Security_concerns
"TrueCrypt is vulnerable to various attacks. To prevent certain types of attack, the TrueCrypt website recommends users follow various security precautions.
Listed below are known security concerns pertaining to TrueCrypt and, where possible, some ways to avoid them
Plausible deniability
Identifying TrueCrypt volumes
Passwords stored in memory
The "Stoned" bootkit
Removal of source"
It's not that I hate TrueCrypt, I don't. I don't like it when people are pushing open source products for security reasons when it's the standards that the product uses which should be pushed. Since your response was to "prove" there are vulnerabilities, I did that. Now it's your turn to start pushing open standards and not a product because it happens to work for you and you like it.
Agreed?
Password stored in keyboard buffer - http://www.ivizsecurity.com/security-advisory-iviz-sr-0803.html
Cold Boot Attack - http://www.mydigitallife.info/2008/07/24/bitlocker-filevault-dm-crypt-and-truecrypt-encryption-key-crack-via-dram-cold-boot-attack-with-program-source-code-download/
If you also searched for truecrypt at http://www.nist.gov/ you would have found these four.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1738
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1589
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2183
This is from wikipedia, for more information go to http://en.wikipedia.org/wiki/Truecrypt#Security_concerns
"TrueCrypt is vulnerable to various attacks. To prevent certain types of attack, the TrueCrypt website recommends users follow various security precautions.
Listed below are known security concerns pertaining to TrueCrypt and, where possible, some ways to avoid them
Plausible deniability
Identifying TrueCrypt volumes
Passwords stored in memory
The "Stoned" bootkit
Removal of source"
It's not that I hate TrueCrypt, I don't. I don't like it when people are pushing open source products for security reasons when it's the standards that the product uses which should be pushed. Since your response was to "prove" there are vulnerabilities, I did that. Now it's your turn to start pushing open standards and not a product because it happens to work for you and you like it.
Agreed?
Comment Re:Warning: Microsoft EFS can cause data loss. (Score 1) 510
FuturePower,
Have you noticed that TrueCrypt is the target of most attacks on Full Disk Encryption? BitLocker is a close second if not first place in the "attack me" race.
Google "truecrypt vulnerability" and see how there are 311,000 results!! Also check out the Wikipedia page (http://en.wikipedia.org/wiki/TrueCrypt). There is a reference to 'Security concerns' which needs to be seriously adhered to. While I also believe in the value and importance of Open Source, it's more important that the algorithms used to derive encryption keys are open and that the cryptographic libraries being used are FIPS certified.
With your history of positive comments on TrueCrypt, you probably work for TrueCrypt, so your posts sound a tad biased.
Have you noticed that TrueCrypt is the target of most attacks on Full Disk Encryption? BitLocker is a close second if not first place in the "attack me" race.
Google "truecrypt vulnerability" and see how there are 311,000 results!! Also check out the Wikipedia page (http://en.wikipedia.org/wiki/TrueCrypt). There is a reference to 'Security concerns' which needs to be seriously adhered to. While I also believe in the value and importance of Open Source, it's more important that the algorithms used to derive encryption keys are open and that the cryptographic libraries being used are FIPS certified.
With your history of positive comments on TrueCrypt, you probably work for TrueCrypt, so your posts sound a tad biased.
Slashdot Top Deals
16.5 feet in the Twilight Zone = 1 Rod Serling
