Truecrypt container hacked?

John Young jya at pipeline.com
Sun Aug 23 03:43:26 PDT 2015 

Well said on skepticism of news reports concerning crypto, comsec,
infosec, natsec. Disinfo and deception are inherent in security and
survival, and best, most reliable, most trusted are typical tools of
misleading exploitation.

Where a single means and method, such as crypto (or science), is
encouraged for rock-solid assurance, at least one other means and
methods should be employed which in no way depends upon the
single means. Hoodwink wins by cheating.

A single means is certain to be continously under attack, and its
vulnerabilities concealed both by the attackers and by the promoters.

Blind faith in a single means is as old as religion, art and royalty, perhaps
as old as humans faced with unending threats from nature and
mortality -- and most of all from each other's thieving and murderous
practices. Duplicity and con-jobs were essential, along with bigger
clubs and rocks, voodoo and faux-virgin sacrifices -- ISIS hardly
different, except more modest and sane and much less wealthy,
than Los Alamos, The Vatican, JP Morgan, Ashley Madison,
Silicon Valley and the IC all fostering blind faith in their own
advertising of rockefeller-st-peter-approved STD protection.

Some HTTPS Everywheres lately have been advertising encryption
and HTTPS as condoms to protect against Internet STD, aka privacy
rape. Peddlers of these hygienics are surely donors to the of Church
of Crypto whose priests do enjoy the pleasures of insider hoo-haa.

At 02:25 AM 8/23/2015, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 08/22/2015 06:07 PM, Tomas Overdrive Petru wrote:
> >
> > This one has been puzzling me for several days.  Since I have
> > not yet been able to figure it out, I thought I would "bleg"
> > for assistance from our encryption-savvy readership.
> > According to the Sun Sentinel
> > <http://www.sun-sentinel.com/news/fl-christopher-glenn-sentenced-2
>0150731-story.html>,
> >
> >
> >
>a South Florida man was recently  convicted of stealing military
> > secrets.  I am less concerned with what he stole or why than
> > with what the story says about how the evidence against him was
> > identified and used. Here is the relevant part of the story:
> >
> > https://www.lawfareblog.com/puzzling-encryption-story
>
>Historically, the FBI has used keyloggers to defeat PGP Disc and
>Truecrypt - and also, I am sure, other encrypted file systems that
>don't have back door access as a standard feature.
>
>Since rubber hose cryptanalysis and bugging computers are well
>known FBI methods, while world + dog have failed so far to make
>real progress on breaking the ciphers used in Truecrypt, I see no
>reason to suspect the latter occurred.  None at all.
>
>The word "Truecrypt" does not appear in this summary of expert
>testimony, which describes forensics conducted at the facilities
>the classified files were borrowed from:
>
>https://regmedia.co.uk/2015/08/04/glenn_exhibit_1.pdf
>
>So, the defendant was already in the bag before somebody managed
>to type the correct pass phrase and examine the contents of his
>stash.  I found no indication of whether his guilty plea came
>before or after investigators had access to the encrypted data; it
>seems very likely that handing over the pass phrase was part of a
>plea deal.
>
>Persuading people that a cryptographic tool does not work is a
>very effective attack against it.  Should we blame ignorance or
>something else for the "Truecrypt is broken" take-away many casual
>readers will pick up from this story as written?
>
>:o)
>
>
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1
>
>iQIcBAEBAgAGBQJV2Wc8AAoJEDZ0Gg87KR0LL/cQAISyfTK7ldjCrJLmAAC+Zw/0
>DVCECa4Tqkpqskf+NxhGQF0zX91Sg5Q6QmHjHbkYALut6jwi6PjK6+yQivPWegSg
>n27XEWZsTt/fkjlrX775mj4pOlbio1X6XVQqQaKfbA4C6MUdPU/vMUXPQqH5CT/h
>t6882wtibiTPizXgan2hVZKO1vfMyGZqJFqdk7oEEr7ofb/8bnXzIKO9G2nc3rrW
>6Rsd5+3eEiChStoSoR3LTFBfdmEvJP6qx/NivyZuj+KQAG5XFfMbBMyCWMvcFeWI
>y7Hv7yXx594wGPlAH4Z6bgJnxWeKIOhdluT+DH582Q6IzgXFptmuXxs71XCtTT45
>TMQA4S67yaM21BXrd4+x2ah4fgdtk2IdqWSD/KE1q5cXnIzvkOTt8Z2v6ffM403R
>vDxaGHUPcMT4xKXS4v1LFcnDbDywhsbHvOZkc6EE0y6dQ6APuEt9AwMbTWH62a9+
>Yvb1mN+zC22Ac+qHfnRmDocDvNlbyLEPs3Ouz+DZJIi+UwwqFdyDIjQiSUQ6MVcB
>omp3veHcpB0K1jZ1D3ECEc92ZSbTKkmPeLRHRjb+Z50tlRn7ViElFC8brKvJJBvt
>WFJcaVU3xZthT3vBkKAiwKtJ89CJhChZYEcEFVCtwufTTe98S/MeGMPomRGizjVR
>3FkrfFK/LU1q6D+N+LSU
>=qEnZ
>-----END PGP SIGNATURE-----

More information about the cypherpunks mailing list