Unit 8-10: Collaborative Discussion 2 Summary - TrueCrypt
From the report, we can see that there are vulnerabilities contained within TrueCrypt ranging from low to medium severity (Junestam & Guigo, 2014),. In addition, these issues are bugs rather than intentional. Thus, the article “Using TrueCrypt is not secure as it may contain unfixed security issues”, (I would say) is true in some ways.
Using TrueCrypt was secure back then. But after the end of Windows XP, the project was discontinued and it’s becoming a legacy software. Left behind with a lot of potential bugs unknown to the users as well as the maintainer themselves, TrueCrypt Foundation. As time goes by, these unsolved issues will raise security concerns. Cybercriminal might use this security loophole opportunity to target those whose device is still using TrueCrypt.
If only the report were published when project TrueCrypt is still going, probably it’s going to be another story. As part of the SDLC, after release developers have to maintain the software. One activity during this stage is to release fixes and patches to mitigate bugs. In this condition, TrueCrypt can be said as secure.
The anonymous writer also emphasized clearly in the first sentence of the second paragraph about the discontinuation, and end of life of TrueCrypt. From that point, I’d like to argue that the author is trying to tell that it will not be secure to use TrueCrypt, rather than it is not secure to use TrueCrypt.
Will I recommend TrueCrypt? Absolutely not. Try your best to avoid a program that is no longer maintained. Other than unpatched security issues, the program might also experience incompatibilities with future systems or programs (Steinberg, 2017).
References
Anon., n.d. WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. [Online] Available at: http://truecrypt.sourceforge.net/
Junestam, A. & Guigo, N., 2014. Open Crypto Audit Project TrueCrypt Security Assessment. [Online] Available at: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
Steinberg, J., 2017. Why You Should Not Use Software That Is No Longer Supported. [Online] Available at: https://www.inc.com/joseph-steinberg/why-you-should-not-use-software-that-is-no-longer-.html
Comments