Farewell TrueCrypt?

Posted on May 29, 2014 by Phil Tyler Leave a comment

The future of the widely used and much relied upon TrueCrypt whole disk encryption software has come under question this week after the open source project’s web page was redirected to a statement claiming that  as of May 2014 TrueCrypt is no longer under active development.

2014-05-29 19_26_19-TrueCrypt

The page claims that the software is not secure as “it may contain unfixed security issues”, which is an odd statement as, lets face it, any security issues that exist within TrueCrypt now have most likely been there in previous versions that were deemed to be secure – the only difference now is that if any major issues are discovered, they will never be fixed. That said, TrueCrypt has so far stood the test of time, and there have been no indications up until now that we should be concerned about the crypto. In fact an ongoing crowd funded audit of the software has so far offered some pleasing results with no major causes for concern.

Worryingly, the page encourages Windows users to migrate their encrypted system drive over to Microsoft’s closed source and unauditable BitLocker technology! Given the evidence contained within the Snowden leaks, can Microsoft be trusted with securing our data? Furthermore, why would the developers behind TrueCrypt be recommending the very thing that they have been working to help us avoid for years? Is this a Joke, or is something more sinister going on behind the scenes?

There are a lot of conspiracy theories flying around about TrueCrypt going the way of LavaBit and bowing to governmental pressure. Other plausible explanations suggest that the developers are rebelling against the media backlash on the open source community in the wake of the OpenSSL Heart Bleed vulnerability. After all, why would you give up your free time to help an ungrateful, uninformed and uncommitted community who take open source software for granted? I am inclined to lean towards the latter, but I certainly wouldn’t rule out any of the conspiracy theories, particularly with this years revelations in mind.

So, the question is should we still use TrueCrypt? This has to be an individual decision as data privacy is a personal thing; I am personally going to wait to see if any further information emerges before making a decision.

I have raised a lot of questions in this post, many of which we will most likely never know the answers to, but one thing we do know is that the apparent demise of TrueCrypt, if true, will leave a gaping hole in the open source and security communities. I fear that the world is somewhat of a less secure place without TrueCrypt.

Tagged with: , ,
Posted in Cryptography, Open-Source, TrueCrypt, Uncategorized

Cryptosolic Update and a Change of IDE

Posted on December 27, 2013 by Phil Tyler 2 Comments

OK, so it has been a while since I posted an update on the progress of my Cryptosolic project, and even longer since I committed anything to the source code repository. I have been working on this offline and expect to commit my progress sometime during the next few weeks.

I just want to state now that Cryptosolic is not dead! I think it is fair to say that I had not anticipated that it would take me this long to get the security library up and running, and I completely underestimated the learning curve required to be able to implement a framework which is easy to use and at the same time, flexible and  cryptographically sound. Read more ›

Tagged with: ,
Posted in Cryptosolic, Open-Source, Personal Project, SharpDevelop

Database Testing with tSQLt

Posted on July 26, 2013 by Phil Tyler Leave a comment

tSQLt logoI have recently become a big fan of Unit Testing, in particular Test Driven Development. As the majority of my work involves database development, I thought that I would investigate the possibilities of extending my new-found interest and apply it to my work in SQL Server. I spent some time looking at the database project option in Visual Studio, which allows unit tests to be created against various elements within a database schema, but it seemed clunky to use and setup, and I didn’t like the fact that I had to leave SQL Server Management Studio (SSMS) every time I wanted to run a test.

Fortunately, in my despair and desperation, I stumbled across a fantastic open source project called tSQLt,  which allows database developers to create tests using T-SQL, and run them in SSMS!  Read more ›

Tagged with: , , , ,
Posted in SQL Server, Unit Testing

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2 other subscribers
My Open-Source Project