Category Archives: Musings

Ramble on.

The Mysterious TrueCrypt Abandonment

Speaking of TrueCrypt, the open source encryption project was mysteriously brought to a halt last week.  The website url now redirects to their SourceForge page with a strange message:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.  Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images...You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Now, at a glance this is a bit of a confusing statement.

The warning does not indicate that there are any actual security issues.  It is more of a blanket statement to warn users of the possible implications of using any unsupported piece of software.

In fact, since the Heartbleed bug there has been a movement to audit critical open source software to try and catch vulnerabilities.  The Open Crypto Audit Project has already completed a phase 1 audit report of TrueCrypt searching for backdoors.  Phase 2 would include a deeper look at the encryption algorithms and, despite the now abandoned status of the software, I hope it still happens.

Looking back at the above statement, Microsoft support ending for Windows XP doesn’t really have anything to do with TrueCrypt, which is a multi-platform encryption solution.  The only way to really connect these two separate events is that they are both ending support.  The whole recommendation of OS level encryption seems an odd recommendation from security experts when there are better alternatives out there.

The initial thought is this was a website hack, but I have personally checked the cryptographic signatures on the updated (crippled) version’s files (version 7.2) and everything looks legitimate (ie: they were released by the same people who released version 7.1a).  Others verify this and now we are left dealing with the reality of it.  Lots of people are reading between the lines and coming up with all sorts of conspiracy theories, but I won’t get into those here.

What it comes down to is that I trust the existing software and their proposed migration does not work for my cross-platform uses.  The latest stable version of TrueCrypt (version 7.1a) was released over two years ago, and has been publicly tested by security experts, law enforcement, and time.  The fact that the NSA has been unable to crack its encryption in court shows just how strong it really is.

People over at truecrypt.ch are organizing a future for users of the TrueCrypt software.  Likely, it will fork into a new project with a new name from this point forward.  I will closely follow security experts, like Steve Gibson of Security Now, for updated information.  But for now I will continue use my existing TrueCrypt encryption, and hopefully migrate to the new fork in the future.

UPDATE (June 18th, 2014): VeraCrypt is joining hands with truecrypt.ch in working together towards retaining truecrypt functionality and improving the project. (source)

On: Learning.

I have been thinking a lot on learning these days; how it is an ongoing and important aspect of life to continually search out learning in our day-to-day activities.  I believe this is the key to continued personal growth, and avoiding the plateau that a lot of people seem to find themselves on as they get older.

To quote Thom Fougere, a humble furniture designer who spoke on his quick rise to success at a Pecha Kucha Winnipeg event a few months ago:

You know you are in the right situation when you are uncertain about what you are doing.  You may fail, or you may succeed, but you will learn a lesson.  Keep looking for these situations and keep growing.

Accepting failure is hard.  Personally, I find that it goes against my perfectionist tendencies.  But it is true: better to fail and learn from it than to never have tried at all.  In fact, you can turn the whole idea of failure on its head and recognize it as a good thing.  Fear of failure is natural and not something to be overlooked, but it is also not something that should be allowed to take control your life.

When you find yourself at a point in life where you are no longer learning, I think you owe it to yourself to do something about it.  Whether it’s creatively looking for opportunities within your current situation or a more drastic uprooting, .  Life is a pretty amazing thing and I think you owe it to yourself to explore your full potential.  Learning seems to go in tandem with pushing yourself, but the responsibility of that push falls on your own shoulders.