is truecrypt dead?
shelley at misanthropia.info
shelley at misanthropia.info
Thu May 29 01:04:01 PDT 2014
Krebs has put a post about it:
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
excerpt:
"Doubters soon questioned whether the redirect was a hoax or the result
of the TrueCrypt site being hacked. But a cursory review of the site’s
historic hosting, WHOIS and DNS records shows no substantive changes
recently.
What’s more, the last version of TrueCrypt uploaded to the site on May
27 (still available at this link) shows that the key used to sign the
executable installer file is the same one that was used to sign the
program back in January 2014 (hat tip to @runasand and @pyllyukko).
Taken together, these two facts suggest that the message is legitimate,
and that TrueCrypt is officially being retired.
That was the same conclusion reached by Matthew Green, a cryptographer
and research professor at the Johns Hopkins University Information
Security Institute and a longtime skeptic of TrueCrypt — which has been
developed for the past 10 years by a team of anonymous coders who appear
to have worked diligently to keep their identities hidden.
“I think the TrueCrypt team did this,” Green said in a phone interview.
“They decided to quit and this is their signature way of doing it.”
More information about the cypherpunks
mailing list