
Newly found TrueCrypt flaw allows full system compromise - cantrevealname
http://www.itworld.com/article/2987438/newly-found-truecrypt-flaw-allows-full-system-compromise.html
======
cantrevealname
Anyone have any opinions on the following questions? (where my opinion is in
parentheses)

1) Did the TrueCrypt developer introduce the bugs? (extremely doubtful in my
opionion)

2) Is this what the TrueCrypt developer meant when he said "Don't use it; it's
not secure"? (also very doubtful IMO)

3) Do these bugs compromise the encryption directly? Obviously the bad guys
can install a keylogger, etc., as in a zillion other privilege escalation bugs
that afflict Windows. But does it allow bad guys to break the encryption in a
powered-off TrueCrypt-encrypted laptop that the bad guys seize, find, or
steal? (very doubtful I think)

It'll be interesting to know since when the bugs existed for further insight
into questions 1 and 2.

~~~
strangecasts
VeraCrypt fixes the issues, and lists them as local privilege escalation bugs:
[https://veracrypt.codeplex.com/wikipage?title=Release%20Note...](https://veracrypt.codeplex.com/wikipage?title=Release%20Notes)

So no, the encryption itself isn't compromised. "It's not secure" specifically
referred to potentially unfixed security issues, though.

