top | item 37734177

(no title)

perth | 2 years ago

I’ve always heard speculation that I believe of some sort of NSA involvement. When it was taken down back in the day (yes it was pretty much a takedown, the entire website got thrashed..) there was a lot of people on Reddit that were speculating that.

discuss

didntcheck|2 years ago

The way it was announced was suspicious. Purging the website rather than just posting an "unmaintained" notice is weird for any FOSS project, but recommending people just use Bitlocker sounded like a clear "canary". Like the authors were being coerced and decided to burn their reputation on purpose rather than comply

goalieca|2 years ago

The "Not Secure Anymore" message likely refers to the weak password based key derivation function and verification steps. I suspect the NSA and other advanced computing groups had means to brute force it and it took the rest of us years to figure out the parameters weren't strong enough.

autoexec|2 years ago

The alternate theory was that the NSA forced the project to shutdown or become backdoored because they couldn't break it, and that was deemed unacceptable, resulting in the author deciding to call it quits (lavabit style) rather than compromise the application. The question then becomes "why is VeraCrypt allowed to exist"