Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
The story I heard is that the creator got a national security letter, which forced him to add backdoors or go to prison, and so he did the minimum necessary by law, meaning the last few versions of it are probably compromised, but also took out a clause from the user agreement that stated that he had not received a NSL. That was sort of a canary to get around the gag order and stuff at the time.
Honestly who knows though? That was over 10 years ago when I heard that.
If I had to guess he was using his own encryption method that wasn't crackable. It is well known that the NSA bought up some standard setting organizations for encryption. Normally rolling your own encryption would be risky if you dont know how to depattern it. I suspect that many common encryption standards are picked because they have a shortcut to cracking them.
All of these claims are easily able to be checked from the archived version of the site . It was not using home grown encryption algorithm.
The last version released was independently audited and "found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances"
I had never heard of the warrant canary for TrueCrypt, and quickly searching for news of the time, was unable to find anything to indicate that there was ever a mention of NSL on the website, so nothing to remove if they were served with a NSL.
If he received a national security letter that had an indication of the government possibly taking over the project and adding in their own back door, that would be a reason to say the software wasn't safe (from future changes). If there wasn't follow through then it would pass an audit.
TrueCrypt used the encryption method you chose, it didn't have a custom one. Usually that entailed triple layer encryption such as AES-Twofish-Blowfish, but you could use weaker encryption if you desired to.