Posts Tagged Cryptography

Is TrueCrypt Secure?

From Krebs On Security:

Sometime in the last 24 hours, began forwarding visitors to the program’s home page on, a Web-based source code repository. That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitLocker, the proprietary disk encryption program that ships with every Windows version (Ultimate/Enterprise or Pro) since Vista. The page also includes this ominous warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”

“This page exists only to help migrate existing data encrypted by TrueCrypt.”

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

, ,

No Comments

A Prize Is Needed For Easy Encryption

From the Electronic Frontier Foundation:

In an era when email and messaging services are being regularly subject to attacks, surveillance, and compelled disclosure of user data, we know that many people around the world need secure end-to-end encrypted communications tools so that service providers and governments cannot read their messages. Unfortunately, the software that has traditionally been used for these purposes, such as PGP and OTR, suffers from numerous usability problems that make it impractical for many of the journalists, activists and others around the world whose lives and liberty depend on their ability to communicate confidentially. Read the rest of this entry »

, , , , , , , ,

No Comments

RSA Paid $10 Million By NSA To Keep Backdoor In Crypto

From Ars Technica:

Security company RSA was paid $10 million to use the flawed Dual_EC_DRBG pseudorandom number generating algorithm as the default algorithm in its BSafe crypto library, according to sources speaking to Reuters.

, , , ,

No Comments

Did the NSA Build a Backdoor into U.S. Crypto?

From: Threat Level

… The talk was only nine slides long (.pdf). But those nine slides were potentially dynamite. They laid out a case showing that a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.


, , , ,

No Comments

LastPass Vetted by Steve Gibson of GRC

LastPass is a cross-platform ( Windows, Mac, Linux, iPhone, BlackBerry, Android) password manager and multi-factor authentication  tool. I have been using it in a limited test for almost a year now and I am very pleased to say that my confidence in the security of this system is high and I am adopting it as my go-to application for managing secure passwords and for multi-factor authentication. There is a free version with almost all the functionality. This is a well thought out system.

Steve Gibson of and the Security Now podcast  goes into some detail about the LastPass CRYPTO and why this is a secure and redundant system in the podcast linked bellow . The real meat isn’t until about the 53rd minute so fast forward if you find yourself nodding off in the first part of the show.

Security Now Episode 256.

Here is a transcript of the show.

, , ,

No Comments