Does anyone remember seeing this? I really want to know if there was an update to his case. I thought I saw it on HN but I can NOT for the life of me find it now anywhere. Normally I’m not one to buy into “XYZ scrubbed QWERTY from the internet”, but I absolutely can not find this story ANYWHERE now and it seems like it should be easily found with keywords.
If anyone interested has a Twitter account, would you mind searching there for Truecrypt and Veracrypt to see what comes up? That’s the one place I haven’t looked because I don’t have an account.
I suspect you are remembering this event from April, but it was actually related to Linux LUKS encryption: https://mjg59.dreamwidth.org/66429.html .
That said, even with an older key derivation scheme, it seems unlikely they did a full brute force. Guessing they had some unreleased info that helped them open it.
I remember this also as I was contemplating my encryption options at the time. Pretty certain the individual was French. But for the life of me I can’t find anything anywhere. Makes me wonder.
VeraCrypt was created as a fork of TrueCrypt because TrueCrypt underwent a code audit and they felt it wasn’t secure enough. Older version of VeraCrypt were also found to have vulnerabilities. It’s a never ending race between castle walls and cannonballs when it comes to this stuff. Maybe the journalist had TrueCrypt or an older unpatched version of VeraCrypt.
Very scary if true. 30+ characters should be more than enough, not withstanding variables like using a password vs a pass phrase, if it was generated by a computer or human, etc, but very very scary.
Basically this goes to show that, again, if you’re on a nation states radar their is almost nothing you can do to stop them.