Jump to content

Talk:TrueCrypt: Difference between revisions

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
m Removed deprecated parameters in {{Talk header}} that are now handled automatically (Task 30)
 
(105 intermediate revisions by 31 users not shown)
Line 1: Line 1:
{{Talk header |search=yes }}
{{Talk header |search=yes }}
{{oldafdfull| date = 14 July 2014 (UTC) | result = '''speedy keep''' | page = TrueCrypt }}
{{oldafdfull| date = 14 July 2014 (UTC) | result = '''speedy keep''' | page = TrueCrypt }}
{{WikiProject banner shell|class=C|1=
{{WikiProjectBannerShell|1=
{{WikiProject Software |class=C}}
{{WikiProject Software |importance=Low}}
{{WikiProject Cryptography}}
{{WikiProject Cryptography |importance=Mid}}
{{WikiProject Computing |importance=Mid |security=y |security-importance=High |software=y |software-importance=Low}}
{{WikiProject Mass surveillance |importance=Mid}}
{{WikiProject Journalism |importance=Low}}
{{WikiProject Politics |importance=Low}}
}}
}}
{{Auto archiving notice |bot=MiszaBot I |age=3 |units=months}}
{{User:MiszaBot/config
{{User:MiszaBot/config
|archiveheader = {{aan}}
|archiveheader = {{aan}}
|maxarchivesize = 100K
|maxarchivesize = 100K
|counter = 2
|counter = 3
|minthreadsleft = 5
|minthreadsleft = 5
|algo = old(90d)
|algo = old(90d)
Line 15: Line 18:
}}
}}


== Bitlocker, really? ==
== External links modified ==
I am using professional and EFS doesn't encrypt filenames and it doesn't support BitLocker, worse I have one machine running home "premium" that doesn't even support EFS or RDP without a patch. Their site says to use BitLoc$er, but it's no replacement for TC which is free and multiplatform.


Hello fellow Wikipedians,
== Is TrueCrypt really Open Source, or just "source-available"? ==


I have just modified 12 external links on [[TrueCrypt]]. Please take a moment to review [https://en.wikipedia.org/enwiki/w/index.php?diff=prev&oldid=799652017 my edit]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:
I want to bring this up because it's not exactly a small thing, even though to those outside the tech community it may seem that way. And it affects how we describe the subject of this article in the very first line.
*Corrected formatting/usage for http://www.truecrypt.org/localizations
*Corrected formatting/usage for http://www.securstar.com/faq_drivecrypt.php
*Corrected formatting/usage for http://sourceforge.net/projects/truecrypt/
*Added archive https://archive.is/20140507093925/http://16s.us/software/TCHunt/tchunt_faq.txt to http://16s.us/software/TCHunt/tchunt_faq.txt
*Corrected formatting/usage for http://opencryptoaudit.org/
*Corrected formatting/usage for https://www.grc.com/misc/truecrypt/truecrypt.htm
*Added archive https://web.archive.org/web/20130115144156/http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf to http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf
*Corrected formatting/usage for https://www.reuters.com/article/2013/08/30/us-usa-security-snowden-nytimes-idUSBRE97T0RC20130830
*Corrected formatting/usage for http://auerfeld.wordpress.com/2013/08/31/miranda-where-is-the-uk-government-getting-its-numbers-from/
*Corrected formatting/usage for http://blogs.phoenixnewtimes.com/valleyfever/2014/02/true_crypt_software_that_hides.php
*Added archive https://archive.is/20120530131309/http://www.truecrypt.org/legal/license to http://www.truecrypt.org/legal/license
*Corrected formatting/usage for https://twitter.com/matthew_d_green/status/478721271316758528


When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
I realize it is common to refer to the software as "open source", but this is generally out of media ignorance. In the tech community (where the term originated and where it is still most often used), that term has a very specific meaning that [[Open source|implies multiple things]], the first of which being [[free license]].


{{sourcecheck|checked=false|needhelp=}}
There is debate over whether TrueCrypt (with its TrueCrypt License 3.0) meets those major freedoms that designate it to be open source and [[free software]].


Cheers.—[[User:InternetArchiveBot|'''<span style="color:darkgrey;font-family:monospace">InternetArchiveBot</span>''']] <span style="color:green;font-family:Rockwell">([[User talk:InternetArchiveBot|Report bug]])</span> 01:04, 9 September 2017 (UTC)
The recent change to the introduction seems to be quite hasty, and if I may say so, pretty sloppy. Before the change, the heading called TC "source available" and linked to the licensing section where it was explained that the "openness" of the software was in question by the tech/open source community.


== Druking ==
Now not only has that entire section been all but completely deleted, the intro paragraph has been changed to say "open source", and from the looks of it, the citations included weren't even vetted by the user that made the change. For example, the first citation doesn't even mention the words "open source" (outside of the comments section where an anonymous commenter lists it as an attribute of the program. I sure hope the user who made this change doesn't think a comment on a webpage meets [[WP:RS]].) What's even more ironic is the second cited source actually claims TC ''isn't'' open source. The sub-header of the article literally says "its claim to be open source doesn't hold water, either."


If I wasn't supposed to assume good faith I would think this was a joke.


Unless google translate is missing something, the sources do not support the claim that "In the special prosecutor investigation for [[Druking]] in [[South Korea]], the special prosecutor tried to decrypt files encrypted by TrueCrypt and he succeeded to decrypt some of them."
Given that the other two sources cited mention nothing about the licensing issues that bring the open source status of TC into question, one can only assume they are used as citations for no other reason than because they simply call TC an "open source" program. Again, this is just media ignorance. (And again, the user who made this change should be aware of that because not only did he delete the relevant information that explained this issue in the Wikipedia article, one of the very sources he cited goes into great detail and actually concludes that TC is not really considered open source.)


* http://newspim.com/news/view/20180827000369
I invite discussion on this, but given the fact that the only citation provided which actually talks about the open source status ultimately concludes the software is in fact ''not'' open source, I'm going to revert the change and put back the relevant info in the license section until we can decide how we want to address the debate in the article (because I would think we can all agree it ''is'' something that is worthy of mention in the article, and as I said, for some reason it was deleted.) {{nowrap|--[[User:Wikisian|Wikisian]] ([[User talk:Wikisian|talk]]) 02:27, 21 May 2014 (UTC)}}
* https://translate.google.com/translate?&u=http%3A%2F%2Fnewspim.com%2Fnews%2Fview%2F20180827000369
:The license is non-free.[https://gnu.org/licenses/license-list.html#Truecrypt-3.0] --[[User:Evice|Evice]] ([[User talk:Evice|talk]]) 06:03, 23 July 2014 (UTC)
* http://news.mk.co.kr/newsRead.php?year=2018&no=538301
* https://translate.google.com/translate?u=http%3A%2F%2Fnews.mk.co.kr%2FnewsRead.php%3Fyear%3D2018%26no%3D538301
* http://www.yonhapnews.co.kr/bulletin/2018/07/18/0200000000AKR20180718142500004.HTML
* https://translate.google.com/translate?u=http%3A%2F%2Fwww.yonhapnews.co.kr%2Fbulletin%2F2018%2F07%2F18%2F0200000000AKR20180718142500004.HTML
* http://news.tvchosun.com/site/data/html_dir/2018/07/18/2018071890102.html
* https://translate.google.com/translate?u=http%3A%2F%2Fnews.tvchosun.com%2Fsite%2Fdata%2Fhtml_dir%2F2018%2F07%2F18%2F2018071890102.html


--[[User:Guy Macon|Guy Macon]] ([[User talk:Guy Macon|talk]]) 15:11, 28 August 2018 (UTC)
== FreeOTFE ==


:Regarding these edits,[https://en.wikipedia.org/enwiki/w/index.php?title=TrueCrypt&type=revision&diff=856899707&oldid=856531745][https://en.wikipedia.org/enwiki/w/index.php?title=TrueCrypt&type=revision&diff=856947745&oldid=856899707][https://en.wikipedia.org/enwiki/w/index.php?title=TrueCrypt&type=revision&diff=856947745&oldid=856899707][https://en.wikipedia.org/enwiki/w/index.php?title=TrueCrypt&type=revision&diff=857254448&oldid=857218077] extraordinary claims need extraordinary evidence.
I've added a link in see-also to [[FreeOTFE]], but it was undid with comment ''don't want to call out any specific alternative unless it is particularly significant, instead the comparison of alternatives is linked'' - but this software is significant because it's features are identical to TrueCrypt's it also has a quite similar GUI. And there is also no other non-closed-source on-the-fly volume encryption software for Windows. It's now abandoned but as I know there wasn't any security issues with it. Maybe it's fault of small user base but still it is significant name to mention along TrueCrypt. I think it went dead because at the time TC was direct and promising competitor. Doesn't that spell significant ? [[User:Pwjb|pwjb]] ([[User talk:Pwjb|talk]]) 11:55, 29 May 2014 (UTC)
:The PBKDF2 key stretching used in TrueCrypt considerably slows down both brute force attacks and dictionary attacks. A dictionary attack against Truecrypt runs at 820 passwords per second on an Intel Core i7-970 system at 3.2GHz.[https://www.semanticscholar.org/paper/Dictionary-Attack-on-TrueCrypt-with-RIVYERA-S3-5000-Abbas-Rathje/87725bf440792e0a12af15bf3296f6b490a57484][http://www.h-online.com/security/features/Attacking-TrueCrypt-1735157.html]
:Unless the police in question rented time on a supercompter (something that would surely have been mentioned in the sources) or the criminal was stupid and used '''[[Swordfish (password)|"Swordfish"]]''' as his password, any claims that they cracked Truecrypt are extremely implausible, and indeed from the Google translate of the Korean sources that Berryball cited, no such claim was made. Instead, I am seeing things like
:* "The FBI can not figure it out"
:* "The Password, a combination of 4 uppercase letters, numbers, and special characters in English...will take 120,000 years"
:* "the spy team was found to have made considerable progress in the investigation.. Druking is trying to solve the secret code by substituting the pattern which is supposed to be used in the password. It is a method of estimating cipher with keywords such as 'Jami Duo' (Chinese astrology), which is known to be believed by Druke, and 'KKM', which refers to Kyosho. It usually takes nine hours to decipher a four-digit password that is a mixture of English uppercase and lowercase letters, numbers and special characters based on one high-performance computer (workstation), the spokesman said. The spokesperson said the decryption process using patterns is fast, considering that it takes a whopping 120,000 years to decipher an 8-digit password without any pattern assignment."
:* "It's encrypted with a program called Truecrypt. It was said that it was difficult for foreign investigators to solve it. That part is hard to solve anymore. I secured enough to help with the investigation. This part of the investigation took up a large part of the investigation. There is also a decryption program, but persuaded the parties. It is one of the more difficult investigations than any other investigation."


:Given the evidence available, my conclusion is that the South Korean police did '''not''' decrypt the Truecrypt-encoded files, and I have deleted the claims as being unsourced. --[[User:Guy Macon|Guy Macon]] ([[User talk:Guy Macon|talk]]) 15:04, 30 August 2018 (UTC)
: "I think it went dead because at the time TC was direct and promising competitor. Doesn't that spell significant ?" You pretty much just admitted it's not in the previous sentence when you described it as 'dead'. It might be, in future, but that's a [[WP:CRYSTALBALL]] matter. Content in articles still need to meet some degree of notability. If no-one has even heard about it (ideally major media), it just shouldn't be there.


(The following comment was moved from my talk page. Discussions about the content of an article belong on that article's talk page. --[[User:Guy Macon|Guy Macon]] ([[User talk:Guy Macon|talk]]) 06:13, 31 August 2018 (UTC))
: Quote: "Articles that present original research in the form of extrapolation, speculation, and "future history" are inappropriate. Although scientific and cultural norms continually evolve, we must wait for this evolution to happen, rather than try to predict it." -[[User:Rushyo|<span style="color: #FF00FF;">'''Rushyo'''</span>]] [[User_talk:Rushyo|<span style="color: #990099; font-size: 0.8em;"><sup>Talk</sup></span>]] 15:48, 29 May 2014 (UTC)


::I used many Korean newspapers as citations. But you just can't read Korean language at all.
: FreeOTFE has been relaunched as 'DoxBox' (https://t-d-k.github.io/doxbox/). You could try adding a link to this instead - but I don't know if it is 'significant'. I would do it myself, but I am the maintainer of DoxBox so could be seen as having a vested interest. [[User:Squte|Squte]] ([[User talk:Squte|talk]]) 16:22, 31 August 2014 (UTC)


::They are issues in South Korea, so they are written by Korean language on Korean newspapers. '''But you can't read any Korean language. It's just the problem.''' In your opinion, any Korean things can't be written on English Wikipedia until English newspaper writes about them! South Korea is not USA or Europe, so English newspapers don't write all Korean stuff! Many Korean newspapers write about them, but just you can't read Korean language, so we can't write about them on English Wikipedia? You can use Google Translate.
== Bo Chen ==


::[[Maeil Business Newspaper]] (매일 경제) is one of three major South Korean economic newspapers. [[Yonhap]] (연합 뉴스) is the major news source for all South Korean newspapers. [[Chosun Broadcasting Company]] (TV 조선) is a daughter company of [[The Chosun Ilbo]] (조선 일보) for TV broadcasting. [[The Chosun Ilbo]] is the most famous newspaper in South Korea. I used three famous South Korean newspapers as the sources, but you deleted them just because you can't read Korean language. --[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 05:34, 31 August 2018 (UTC)
As of 17 July 2014 there is a section under "Legal cases" titled Bo Chen. This section contains three separate citations from unreliable sources (From the Trenches World Report www.fromthetrenchesworldreport.com, cryptome.org, sribd). The scribd link isn't from court filings or police documents. Additionally, the other two links don't have reporting or appear to be fact checked. A Google search of "Bo Chen," and "Bo Chen Addison arrest" also doesn't turn up any verifiable information. Given the lack of verifiable sources, I have decided to remove the section on Bo Chen from the wiki.


:::I just saw [[Talk:TrueCrypt#Druking]]. I'm translating sentences one-by-one for you. You can verify them using other translation websites or programs or other Korean people. --[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 06:08, 31 August 2018 (UTC)
If anyone finds any reliable sources, please feel free to add it to the wiki.


::::I do '''not''' believe that "any Korean things can't be written on English Wikipedia until an English newspaper writes about them" please stop putting words in my mouth. Nor did I ever hint that the newspapers you cited were not reliable sources. I said that the the newspapers you cited do not appear to say what you claim they say.
[[User:Purgnostic|Purgnostic]] ([[User talk:Purgnostic|talk]]) 17:55, 17 July 2014 (UTC)
: I would additionally argue that it's a bit tangential to the article. <b>[[User:Ohnoitsjamie|OhNo<font color="#D47C14">itsJamie</font>]] [[User talk:Ohnoitsjamie|<sup>Talk</sup>]]</b> 14:12, 18 July 2014 (UTC)


::::Yes, there are difficulties when someone who doesn't speak Korean evaluates a Korean source using Google Translate. But I am pretty sure that the translation "Druking is trying to solve the secret code" is inaccurate. Please cut and past the exact entence where you believe that one of your sources say that the '''solved''' the secret code instead of saying that they '''are trying''' to solve the secret code.
== End of life and license version 3.1 ==


::::Here is your basic problem. You are claiming that Druking did something which is generally considered to be impossible (guessing a 16-character truecrypt password that consists of uppercase letters, numbers, and special characters using a dictionary attack). '''EXTRAORDINARY CLAIMS NEED TO BE BACKED UP BY EXTRAORDINARY EVIDENCE.''' --[[User:Guy Macon|Guy Macon]] ([[User talk:Guy Macon|talk]]) 06:13, 31 August 2018 (UTC)
SHOULD BE 7.1 ??! <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/178.190.110.136|178.190.110.136]] ([[User talk:178.190.110.136|talk]]) 18:11, 16 August 2014 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->


:3.1 is correct. The ''license'' version does not correspond to the ''software'' version. [[User:WOFall|WOFall]] ([[User talk:WOFall|talk]]) 18:56, 16 August 2014 (UTC)
:::::I'm sorry. I thought that you deleted these citations because of that. But you already tried to translate them yourself. --[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 07:24, 31 August 2018 (UTC)


I thought you never tried to translate them using Google Translate, but you really did it! I can translate sentences one-by-one for you. You can verify them using other translation websites or programs or asking Korean people about them.
== VeraCrypt ==


VeraCrypt is an updated fork of TrueCrypt.


-트루크립트라는 프로그램으로 암호화했다고 하는데.
Mentioned here:<ref>http://www.theinquirer.net/inquirer/news/2375599/veracrypt-fork-of-truecrypt-tips-up</ref>
webpage here:<ref>https://veracrypt.codeplex.com/</ref>


-(The documents) were encrypted by TrueCrypt.
Is it notable enough to mention in the page?

[[Special:Contributions/196.215.47.219|196.215.47.219]] ([[User talk:196.215.47.219|talk]]) 15:25, 17 October 2014 (UTC)
▲ 외국 수사기관에서도 풀기 어려운 것이라고 했는데, 중요한 건 다 풀었고 일부 풀지 못한 부분이 있다. 그 부분은 더 이상 풀기 어려운 상황이다. 수사에 도움이 될 만한 정도 확보했다. 이 부분이 수사에 많은 부분을 차지했다. 암호 해독 프로그램도 있지만 당사자를 설득했다. 다른 어떤 수사보다 힘들었던 수사 중 하나다.

We decrypted important data and we couldn't decrypt some of them though decryption is difficult even for foreign law enforcement agencies. Some of the data are difficult to decrypt. But we already got some for investigation. This is the major part for the investigation. We have decryption programs but we also persuaded suspects. It is the most difficult investigation.

([[NewsPim]] (뉴스핌) is not famous newspaper in South Korea.)

http://newspim.com/news/view/20180827000369


다만 특검팀이 출범 이후 여권의 정치 공세 속에서도 김씨와 그의 측근들을 집중 조사하고, `트루크립트(TrueCrypt)`라는 암호화 프로그램 일부를 해독해 김 지사와 김씨 간 연결고리를 비교적 상세히 밝혀낸 것은 적잖은 성과라는 평가를 받고 있다.

However, the special prosecutor team found the linkage (Kyeongsangnamdo province) governor Kim (Kyung-soo) and Mr. Kim by decryption of TrueCrypt though the investigation was hampered by the ruling party.

([[Maeil Business Newspaper]] (매일 경제) is one of three major South Korean economic newspapers.)

http://news.mk.co.kr/newsRead.php?year=2018&no=538301


보통의 암호는 해당 파일을 열면 패스워드를 입력하는 방식이지만 트루크립트는파일 자체가 눈에 보이지 않도록 해 놨다는 점이 특징이다. 이 때문에 은닉된 파일이 있는지 확인하는 것조차 어려운 상황이다.

(보통의 암호는 해당 파일을 열면 패스워드를 입력하는 방식이지만 트루크립트는 파일 자체가 눈에 보이지 않도록 해 놨다는 점이 특징이다. 이 때문에 은닉된 파일이 있는지 확인하는 것조차 어려운 상황이다.) (The author missed one space between words so I inserted a space for translation.)

Ordirnary encryption just using method to input a password, but TrueCrypt hides files. So it is difficult to find whether there is a hidden file or not. (I think it is a hidden volume.)

특검팀은 드루킹이 운영한 경제적공진화모임(경공모) 회원을 상대로 한 암호 해독에 협조를 받으려 했지만, 이들은 의미 있는 자료에 걸린 암호는 기억이 잘 나지 않는다고 주장하는 것으로 전해졌다.

The special prosecutor team tried to get help from the suspects (members of 경제적공진화모임) but they said that they don't remember the passwords for important data.

악조건 속에서도 특검팀은 전날 16자리 암호를 해독하는 등 수사에 상당한 진척을 보이는 것으로 파악됐다. 드루킹 일당이 암호에 사용했을 것으로 추정되는 패턴을 대입해 속속 암호를 풀어내고 있는 것이다.

The special prosecutor team decrypted 16 character (16 digit) password yesterday. The special prosecutor team input pattern as a password that Druking group maybe uses as a password. (The special prosecutor team conjectured the most probable password that Druking group used.)

드루킹이 신봉한 것으로 알려진 '자미두수'(중국 점성술)와 경공모를 지칭하는 'KKM' 등을 키워드로 암호를 추정하는 방식이다.

For example, the special prosecutor team tried to input [[Zi wei dou shu]] (Purple Star Astrology) and KKM as a part of the passwords. (I think it is a [[dictionary attack]].)

([[Yonhap]] (연합 뉴스) is the major news source for all South Korean newspapers.)

http://www.yonhapnews.co.kr/bulletin/2018/07/18/0200000000AKR20180718142500004.HTML


특별 검사: "저희가 지금 가장 어려운 부분이 암호, 어, 지난번에도 제가 말씀드렸지만 은닉된 파일을 찾는 것입니다." (video 00:00 - 00:12)

Special prosecutor: "For us, the most difficult part is the encryption. I said last time too, it is to find the hidden files." (video 00:00 - 00:12)

특별 검사: "이 암호의 특징은 보통 우리가 한글 파일이라든지 이런 것을 보면, 파일은 보이는데 패스워드 암호를 입력하도록 되어 있어서 눈에 보이는 암호가 대부분인데 트루크립트는 눈에 보이질 않습니다. 은닉돼있는 암호구요. 그래서 파일이 있는지 없는지조차도 확인하기 어려운데 그것을 확인하고 있습니다." (video 02:05 - 02:35)

Special prosecutor: "Ordinary encryptions use just passwords but this encryption's character (nature) is to hide files so we can't see the hidden files. It is a hidden encryption. So it is difficult to know whether there are files or not, but we tried to check there are files or not." (video 02:05 - 02:35)

(Though this video broadcasts on [[The Dong-a Ilbo]](동아 일보)'s website, this video's source is [[OBS Gyeongin TV]].)

http://voda.donga.com/3/all/39/1394189/1

경공모가 이중삼중으로 걸어놓은 암호파일들이 특검팀에 의해 풀리기 시작한 것도 이들의 진술변화에 한몫했습니다.

Kyeong-gong-mo's attitude in the investigation was changed after the encrypted files were decrypted by the special prosecutor team.

드루킹 일당은 과거 대공사범들이 주로 사용하던 '트루크립트'라는 암호화 프로그램까지 동원해 사용기록을 감췄는데, 특검팀내 검경 포렌식 전문가들이 풀기 시작한 겁니다.

Druking group used TrueCrypt that spies usually used, but forensic specialists in the special prosecutor team decrypted some of them.

([[Chosun Broadcasting Company]] (TV 조선) is a daughter company of [[The Chosun Ilbo]] (조선 일보) for TV broadcasting. The Chosun Ilbo is the most famous newspaper in South Korea.)

http://news.tvchosun.com/site/data/html_dir/2018/07/18/2018071890102.html

--[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 07:03, 31 August 2018 (UTC)

[[Druking]] didn't use random 16 character passwords. He input some words into the passwords and the special prosecutor team knows what words he likes!

And nobody uses random passwords because it is difficult to remember random passwords. Instead that, people use very long [[passphrase]]s including words to encrypt data. (For instance, 20 or 40 character passphrases.)

--[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 07:07, 31 August 2018 (UTC)

:Ah. I see where you went wrong. Above you wrote ''"For example, the special prosecutor team tried to input [[Zi wei dou shu]] (Purple Star Astrology) and KKM as a part of the passwords. (I think it is a [[dictionary attack]].)"'' That's not a dictionary attack. That's attempting to guess the passphrase based upon knowledge about the person who chose the passphrase. A dictionary attack is attempting to guess the passphrase using every word in a dictionary as the first word, plus every word in a dictionary as the second word, and so on. A guessing attack is a common technique used by police, and works well if the person picked a guessable passphrase such as his birthday, name of his dog, favorite sports team., etc. A dictionary attack doesn't work on truecrypt. It takes a very long time to check each passphrase and the attacker dies of old age before trying 0.01% of the phrases from the dictionary.

:I suggest that you re-add the material, but instead of making the false claim about a dictionary attack, you simply say that the special prosecutor team guessed his passphrase based upon information they knew about him. --[[User:Guy Macon|Guy Macon]] ([[User talk:Guy Macon|talk]]) 15:22, 31 August 2018 (UTC)

::I see. --[[User:Berryball|Berryball]] ([[User talk:Berryball|talk]]) 16:05, 31 August 2018 (UTC)

== the web page for true crypt ==

the web link to truecrypt needs to be deleted as it is discontinued [[User:Superusergeneric|Superusergeneric]] ([[User talk:Superusergeneric|talk]]) 08:23, 25 August 2021 (UTC)

== "Development continues on two forks, VeraCrypt and CipherShed" ==

VeraCrypt is active. Ciphershed is dead. The last CipherShed release was 0.7.4.0 (February 1, 2016). The last post to the CipherShed Forum was in 2016. Please correct the article.

Also see [https://github.com/CipherShed/CipherShed/issues/49 Project Dead?] and [https://www.johndstech.com/security/ciphershed-is-dead/ Giving Up on CipherShed] 22:43, 24 March 2022 (UTC)[[Special:Contributions/2600:1700:D0A0:21B0:B858:3590:F10E:CA10|2600:1700:D0A0:21B0:B858:3590:F10E:CA10]] ([[User talk:2600:1700:D0A0:21B0:B858:3590:F10E:CA10|talk]])
:Duly noted. [[User:Waysidesc|Waysidesc]] ([[User talk:Waysidesc|talk]]) 02:34, 25 March 2022 (UTC)

== Druking ==

This doesn't seem to make any sense;

"He decrypted some of encrypted files by trying words and phrases the druking group had used elsewhere as parts of the passphrase in order to make educated guesses."

That's not even how it works, is it? You can't just decrypt random files piecemeal with individual passwords. You either determine the key/password and are able to decrypt the drive, or you don't, in which case you have no access to the encrypted material whatsoever.

I see this claim has already been argued about and had been removed in the past, it should be removed again for the exact same reasons it already was. Even the translated material does not back this claim up. But the claim itself seems to be objectively impossible anyway and suggests a fundamental misunderstanding of the subject matter on the part of whoever put it there.[[User:Lordlylightofjesus|Lordlylightofjesus]] ([[User talk:Lordlylightofjesus|talk]]) 20:19, 17 March 2023 (UTC)

== merge with TrueCrypt_release_history ==

[[TrueCrypt_release_history]] [[Special:Contributions/2601:646:200:43F0:3C64:C5EC:D2E6:795C|2601:646:200:43F0:3C64:C5EC:D2E6:795C]] ([[User talk:2601:646:200:43F0:3C64:C5EC:D2E6:795C|talk]]) 17:38, 20 November 2023 (UTC)

Latest revision as of 12:27, 10 July 2024

[edit]

Hello fellow Wikipedians,

I have just modified 12 external links on TrueCrypt. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 01:04, 9 September 2017 (UTC)[reply]

Druking

[edit]

Unless google translate is missing something, the sources do not support the claim that "In the special prosecutor investigation for Druking in South Korea, the special prosecutor tried to decrypt files encrypted by TrueCrypt and he succeeded to decrypt some of them."

--Guy Macon (talk) 15:11, 28 August 2018 (UTC)[reply]

Regarding these edits,[1][2][3][4] extraordinary claims need extraordinary evidence.
The PBKDF2 key stretching used in TrueCrypt considerably slows down both brute force attacks and dictionary attacks. A dictionary attack against Truecrypt runs at 820 passwords per second on an Intel Core i7-970 system at 3.2GHz.[5][6]
Unless the police in question rented time on a supercompter (something that would surely have been mentioned in the sources) or the criminal was stupid and used "Swordfish" as his password, any claims that they cracked Truecrypt are extremely implausible, and indeed from the Google translate of the Korean sources that Berryball cited, no such claim was made. Instead, I am seeing things like
  • "The FBI can not figure it out"
  • "The Password, a combination of 4 uppercase letters, numbers, and special characters in English...will take 120,000 years"
  • "the spy team was found to have made considerable progress in the investigation.. Druking is trying to solve the secret code by substituting the pattern which is supposed to be used in the password. It is a method of estimating cipher with keywords such as 'Jami Duo' (Chinese astrology), which is known to be believed by Druke, and 'KKM', which refers to Kyosho. It usually takes nine hours to decipher a four-digit password that is a mixture of English uppercase and lowercase letters, numbers and special characters based on one high-performance computer (workstation), the spokesman said. The spokesperson said the decryption process using patterns is fast, considering that it takes a whopping 120,000 years to decipher an 8-digit password without any pattern assignment."
  • "It's encrypted with a program called Truecrypt. It was said that it was difficult for foreign investigators to solve it. That part is hard to solve anymore. I secured enough to help with the investigation. This part of the investigation took up a large part of the investigation. There is also a decryption program, but persuaded the parties. It is one of the more difficult investigations than any other investigation."
Given the evidence available, my conclusion is that the South Korean police did not decrypt the Truecrypt-encoded files, and I have deleted the claims as being unsourced. --Guy Macon (talk) 15:04, 30 August 2018 (UTC)[reply]

(The following comment was moved from my talk page. Discussions about the content of an article belong on that article's talk page. --Guy Macon (talk) 06:13, 31 August 2018 (UTC))[reply]

I used many Korean newspapers as citations. But you just can't read Korean language at all.
They are issues in South Korea, so they are written by Korean language on Korean newspapers. But you can't read any Korean language. It's just the problem. In your opinion, any Korean things can't be written on English Wikipedia until English newspaper writes about them! South Korea is not USA or Europe, so English newspapers don't write all Korean stuff! Many Korean newspapers write about them, but just you can't read Korean language, so we can't write about them on English Wikipedia? You can use Google Translate.
Maeil Business Newspaper (매일 경제) is one of three major South Korean economic newspapers. Yonhap (연합 뉴스) is the major news source for all South Korean newspapers. Chosun Broadcasting Company (TV 조선) is a daughter company of The Chosun Ilbo (조선 일보) for TV broadcasting. The Chosun Ilbo is the most famous newspaper in South Korea. I used three famous South Korean newspapers as the sources, but you deleted them just because you can't read Korean language. --Berryball (talk) 05:34, 31 August 2018 (UTC)[reply]
I just saw Talk:TrueCrypt#Druking. I'm translating sentences one-by-one for you. You can verify them using other translation websites or programs or other Korean people. --Berryball (talk) 06:08, 31 August 2018 (UTC)[reply]
I do not believe that "any Korean things can't be written on English Wikipedia until an English newspaper writes about them" please stop putting words in my mouth. Nor did I ever hint that the newspapers you cited were not reliable sources. I said that the the newspapers you cited do not appear to say what you claim they say.
Yes, there are difficulties when someone who doesn't speak Korean evaluates a Korean source using Google Translate. But I am pretty sure that the translation "Druking is trying to solve the secret code" is inaccurate. Please cut and past the exact entence where you believe that one of your sources say that the solved the secret code instead of saying that they are trying to solve the secret code.
Here is your basic problem. You are claiming that Druking did something which is generally considered to be impossible (guessing a 16-character truecrypt password that consists of uppercase letters, numbers, and special characters using a dictionary attack). EXTRAORDINARY CLAIMS NEED TO BE BACKED UP BY EXTRAORDINARY EVIDENCE. --Guy Macon (talk) 06:13, 31 August 2018 (UTC)[reply]
I'm sorry. I thought that you deleted these citations because of that. But you already tried to translate them yourself. --Berryball (talk) 07:24, 31 August 2018 (UTC)[reply]

I thought you never tried to translate them using Google Translate, but you really did it! I can translate sentences one-by-one for you. You can verify them using other translation websites or programs or asking Korean people about them.


-트루크립트라는 프로그램으로 암호화했다고 하는데.

-(The documents) were encrypted by TrueCrypt.

▲ 외국 수사기관에서도 풀기 어려운 것이라고 했는데, 중요한 건 다 풀었고 일부 풀지 못한 부분이 있다. 그 부분은 더 이상 풀기 어려운 상황이다. 수사에 도움이 될 만한 정도 확보했다. 이 부분이 수사에 많은 부분을 차지했다. 암호 해독 프로그램도 있지만 당사자를 설득했다. 다른 어떤 수사보다 힘들었던 수사 중 하나다.

We decrypted important data and we couldn't decrypt some of them though decryption is difficult even for foreign law enforcement agencies. Some of the data are difficult to decrypt. But we already got some for investigation. This is the major part for the investigation. We have decryption programs but we also persuaded suspects. It is the most difficult investigation.

(NewsPim (뉴스핌) is not famous newspaper in South Korea.)

http://newspim.com/news/view/20180827000369


다만 특검팀이 출범 이후 여권의 정치 공세 속에서도 김씨와 그의 측근들을 집중 조사하고, `트루크립트(TrueCrypt)`라는 암호화 프로그램 일부를 해독해 김 지사와 김씨 간 연결고리를 비교적 상세히 밝혀낸 것은 적잖은 성과라는 평가를 받고 있다.

However, the special prosecutor team found the linkage (Kyeongsangnamdo province) governor Kim (Kyung-soo) and Mr. Kim by decryption of TrueCrypt though the investigation was hampered by the ruling party.

(Maeil Business Newspaper (매일 경제) is one of three major South Korean economic newspapers.)

http://news.mk.co.kr/newsRead.php?year=2018&no=538301


보통의 암호는 해당 파일을 열면 패스워드를 입력하는 방식이지만 트루크립트는파일 자체가 눈에 보이지 않도록 해 놨다는 점이 특징이다. 이 때문에 은닉된 파일이 있는지 확인하는 것조차 어려운 상황이다.

(보통의 암호는 해당 파일을 열면 패스워드를 입력하는 방식이지만 트루크립트는 파일 자체가 눈에 보이지 않도록 해 놨다는 점이 특징이다. 이 때문에 은닉된 파일이 있는지 확인하는 것조차 어려운 상황이다.) (The author missed one space between words so I inserted a space for translation.)

Ordirnary encryption just using method to input a password, but TrueCrypt hides files. So it is difficult to find whether there is a hidden file or not. (I think it is a hidden volume.)

특검팀은 드루킹이 운영한 경제적공진화모임(경공모) 회원을 상대로 한 암호 해독에 협조를 받으려 했지만, 이들은 의미 있는 자료에 걸린 암호는 기억이 잘 나지 않는다고 주장하는 것으로 전해졌다.

The special prosecutor team tried to get help from the suspects (members of 경제적공진화모임) but they said that they don't remember the passwords for important data.

악조건 속에서도 특검팀은 전날 16자리 암호를 해독하는 등 수사에 상당한 진척을 보이는 것으로 파악됐다. 드루킹 일당이 암호에 사용했을 것으로 추정되는 패턴을 대입해 속속 암호를 풀어내고 있는 것이다.

The special prosecutor team decrypted 16 character (16 digit) password yesterday. The special prosecutor team input pattern as a password that Druking group maybe uses as a password. (The special prosecutor team conjectured the most probable password that Druking group used.)

드루킹이 신봉한 것으로 알려진 '자미두수'(중국 점성술)와 경공모를 지칭하는 'KKM' 등을 키워드로 암호를 추정하는 방식이다.

For example, the special prosecutor team tried to input Zi wei dou shu (Purple Star Astrology) and KKM as a part of the passwords. (I think it is a dictionary attack.)

(Yonhap (연합 뉴스) is the major news source for all South Korean newspapers.)

http://www.yonhapnews.co.kr/bulletin/2018/07/18/0200000000AKR20180718142500004.HTML


특별 검사: "저희가 지금 가장 어려운 부분이 암호, 어, 지난번에도 제가 말씀드렸지만 은닉된 파일을 찾는 것입니다." (video 00:00 - 00:12)

Special prosecutor: "For us, the most difficult part is the encryption. I said last time too, it is to find the hidden files." (video 00:00 - 00:12)

특별 검사: "이 암호의 특징은 보통 우리가 한글 파일이라든지 이런 것을 보면, 파일은 보이는데 패스워드 암호를 입력하도록 되어 있어서 눈에 보이는 암호가 대부분인데 트루크립트는 눈에 보이질 않습니다. 은닉돼있는 암호구요. 그래서 파일이 있는지 없는지조차도 확인하기 어려운데 그것을 확인하고 있습니다." (video 02:05 - 02:35)

Special prosecutor: "Ordinary encryptions use just passwords but this encryption's character (nature) is to hide files so we can't see the hidden files. It is a hidden encryption. So it is difficult to know whether there are files or not, but we tried to check there are files or not." (video 02:05 - 02:35)

(Though this video broadcasts on The Dong-a Ilbo(동아 일보)'s website, this video's source is OBS Gyeongin TV.)

http://voda.donga.com/3/all/39/1394189/1

경공모가 이중삼중으로 걸어놓은 암호파일들이 특검팀에 의해 풀리기 시작한 것도 이들의 진술변화에 한몫했습니다.

Kyeong-gong-mo's attitude in the investigation was changed after the encrypted files were decrypted by the special prosecutor team.

드루킹 일당은 과거 대공사범들이 주로 사용하던 '트루크립트'라는 암호화 프로그램까지 동원해 사용기록을 감췄는데, 특검팀내 검경 포렌식 전문가들이 풀기 시작한 겁니다.

Druking group used TrueCrypt that spies usually used, but forensic specialists in the special prosecutor team decrypted some of them.

(Chosun Broadcasting Company (TV 조선) is a daughter company of The Chosun Ilbo (조선 일보) for TV broadcasting. The Chosun Ilbo is the most famous newspaper in South Korea.)

http://news.tvchosun.com/site/data/html_dir/2018/07/18/2018071890102.html

--Berryball (talk) 07:03, 31 August 2018 (UTC)[reply]

Druking didn't use random 16 character passwords. He input some words into the passwords and the special prosecutor team knows what words he likes!

And nobody uses random passwords because it is difficult to remember random passwords. Instead that, people use very long passphrases including words to encrypt data. (For instance, 20 or 40 character passphrases.)

--Berryball (talk) 07:07, 31 August 2018 (UTC)[reply]

Ah. I see where you went wrong. Above you wrote "For example, the special prosecutor team tried to input Zi wei dou shu (Purple Star Astrology) and KKM as a part of the passwords. (I think it is a dictionary attack.)" That's not a dictionary attack. That's attempting to guess the passphrase based upon knowledge about the person who chose the passphrase. A dictionary attack is attempting to guess the passphrase using every word in a dictionary as the first word, plus every word in a dictionary as the second word, and so on. A guessing attack is a common technique used by police, and works well if the person picked a guessable passphrase such as his birthday, name of his dog, favorite sports team., etc. A dictionary attack doesn't work on truecrypt. It takes a very long time to check each passphrase and the attacker dies of old age before trying 0.01% of the phrases from the dictionary.
I suggest that you re-add the material, but instead of making the false claim about a dictionary attack, you simply say that the special prosecutor team guessed his passphrase based upon information they knew about him. --Guy Macon (talk) 15:22, 31 August 2018 (UTC)[reply]
I see. --Berryball (talk) 16:05, 31 August 2018 (UTC)[reply]

the web page for true crypt

[edit]

the web link to truecrypt needs to be deleted as it is discontinued Superusergeneric (talk) 08:23, 25 August 2021 (UTC)[reply]

"Development continues on two forks, VeraCrypt and CipherShed"

[edit]

VeraCrypt is active. Ciphershed is dead. The last CipherShed release was 0.7.4.0 (February 1, 2016). The last post to the CipherShed Forum was in 2016. Please correct the article.

Also see Project Dead? and Giving Up on CipherShed 22:43, 24 March 2022 (UTC)2600:1700:D0A0:21B0:B858:3590:F10E:CA10 (talk)

Duly noted. Waysidesc (talk) 02:34, 25 March 2022 (UTC)[reply]

Druking

[edit]

This doesn't seem to make any sense;

"He decrypted some of encrypted files by trying words and phrases the druking group had used elsewhere as parts of the passphrase in order to make educated guesses."

That's not even how it works, is it? You can't just decrypt random files piecemeal with individual passwords. You either determine the key/password and are able to decrypt the drive, or you don't, in which case you have no access to the encrypted material whatsoever.

I see this claim has already been argued about and had been removed in the past, it should be removed again for the exact same reasons it already was. Even the translated material does not back this claim up. But the claim itself seems to be objectively impossible anyway and suggests a fundamental misunderstanding of the subject matter on the part of whoever put it there.Lordlylightofjesus (talk) 20:19, 17 March 2023 (UTC)[reply]

merge with TrueCrypt_release_history

[edit]

TrueCrypt_release_history 2601:646:200:43F0:3C64:C5EC:D2E6:795C (talk) 17:38, 20 November 2023 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Talk:TrueCrypt&oldid=1233697146"