Unit 8-10: Collaborative Discussion 2 Summary - TrueCrypt

Yusuf
Written by Yusuf on
Unit 8-10: Collaborative Discussion 2 Summary - TrueCrypt

From the report, we can see that there are vulnerabilities contained within TrueCrypt ranging from low to medium severity (Junestam & Guigo, 2014),. In addition, these issues are bugs rather than intentional. Thus, the article “Using TrueCrypt is not secure as it may contain unfixed security issues”, (I would say) is true in some ways.

Using TrueCrypt was secure back then. But after the end of Windows XP, the project was discontinued and it’s becoming a legacy software. Left behind with a lot of potential bugs unknown to the users as well as the maintainer themselves, TrueCrypt Foundation. As time goes by, these unsolved issues will raise security concerns. Cybercriminal might use this security loophole opportunity to target those whose device is still using TrueCrypt.

If only the report were published when project TrueCrypt is still going, probably it’s going to be another story. As part of the SDLC, after release developers have to maintain the software. One activity during this stage is to release fixes and patches to mitigate bugs. In this condition, TrueCrypt can be said as secure.

The anonymous writer also emphasized clearly in the first sentence of the second paragraph about the discontinuation, and end of life of TrueCrypt. From that point, I’d like to argue that the author is trying to tell that it will not be secure to use TrueCrypt, rather than it is not secure to use TrueCrypt.

Will I recommend TrueCrypt? Absolutely not. Try your best to avoid a program that is no longer maintained. Other than unpatched security issues, the program might also experience incompatibilities with future systems or programs (Steinberg, 2017).

References

Anon., n.d. WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. [Online] Available at: http://truecrypt.sourceforge.net/

Junestam, A. & Guigo, N., 2014. Open Crypto Audit Project TrueCrypt Security Assessment. [Online] Available at: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

Steinberg, J., 2017. Why You Should Not Use Software That Is No Longer Supported. [Online] Available at: https://www.inc.com/joseph-steinberg/why-you-should-not-use-software-that-is-no-longer-.html

Yusuf

Yusuf

My world spins around data and games. Currently helping an eSport team to sit on the SEA throne through data and a master student.

Comments

comments powered by Disqus

Explore more like this

ssd
SSD Reflection

SSD Reflection

As technology advances, there is a security trade-off along with it – that is new vulnerabilities (Scheneier, 2014). An article said that the rate of cybercrime is growing consistently with...

Yusuf Yusuf 30 May 2022
Final Project Evaluation

Final Project Evaluation

Our final product is different from our design proposal document. Several features that we committed earlier was deprioritized. Those features are Trust-based authorization and encrypt-decrypt based on user key. Trust-based...

Yusuf Yusuf 28 May 2022
Minutes of Meeting: SSD/VIII

Minutes of Meeting: SSD/VIII

A. Agenda

Yusuf Yusuf 16 May 2022