In a weird announcement on the TrueCrypt page it says that the software is unsaf

Question

In a weird announcement on the TrueCrypt page it says that the software is unsafe so we should migrate to BitLocker.

If it is a prank it's sure not funny especially when it comes to data.

Since I want to switch to Linux as my primary OS, I was thinking about Encrypted LVM.

1. Is this secure just as TrueCrypt full-disk encryption ?
2. Is it susceptible to cold boot attacks ?
3. Are there any holes that can allow data recovery ?

Please shed a light on this topic because I bet the TrueCrypt message today raised a lot of panic.

Explanation / Answer

Well given that sourceforge recently requested a reset of users' password I would not be too fast to panic. It could still be a joke.

Nevertheless, regarding your questions:

1. LVM is as secure as any other software - until proven otherwise, i.e. until a vulnerability is found. There's no guarantee of security ever.

2. Cold boot attacks depend on how long your RAM stores data - regardless of the encryption software you use. One could use a cold boot attack to read your poetry, not necessarily your passwords.

3. The developers aren't leaving any holes intentionally for data recovery. They are working hard to avoid that - as it would be a serious vulnerability waiting to happen.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.