One of TrueCrypt's best features was hidden volumes. I think it's far more likely at this point that the devs, who had not updated their software in years, finally decided to call the project over and have marked it insecure because the codebase is now unmaintained and should be assumed insecure. They've also decided to modify the license terms, perhaps bringing it into compatibility with more common FOSS licenses. if it was a hack, it's a very, very good one. It's quite possible this came from 1 big developer hack, but considering how the release was done, with full source and everything for every supported platform. There's simply no reason to shut it down like this, unless the attack is just an elaborate practical joke.
#Truecrypt old version install#
A better attack would be "here, it's TrueCrypt 8, it has loads of EFI support and mad security, everyone should install it, it's the best!". Any attacker with the intelligence and patience for such an attack would surely realize how poor an execution this would be. It would only really be an effective attack against people who had TrueCrypt volumes but not a current copy of TrueCrypt as there's no compelling reason for anyone to upgrade to 7.2 and certainly they'd be skeptical after this. The most they achieved would be uninteresting to most attackers. After examining all the facts, I think it's most likely they just didn't want to develop it anymore:Īnd to top it off, let's put ourselves in the theoretical attacker's shoes, the binaries when run make no unexpected connection attempts or write to any unexpected places and don't appear to contain any unexpected imports, so if this was a hack, it's a very stealthy and very boring one.
0 kommentar(er)
