Hacker News new | past | comments | ask | show | jobs | submit login

> since this information would be relevant to the developers and many state entities that use the software and its successor.

The BSI actually did communicate the findings of the report to the TrueCrypt developers in 2010, which the developers ignored:

> The results were communicated to the Truecrypt foundation, however the Truecrypt developers didn't consider them to be relevant. BSI furthermore says that the results were not intended to be published.

(From page 2 of the article)




Yes, but they neglected to tell the veracrypt developers once truecrypt stopped being developed. Though they also do know many municipalities using both applications. They should have told the veracrypt developers and advised the municipalities to switch to the newer version. And the whole argument about the information being outdated by then when both are clearly in use seems negligent of their duties.


Veracrypt didn't exist back then and Truecrypt would only be 'deprecated' five years later. This was in 2010.

Personally I would've given up after a few months of trying to get a vulnerability fixed. Can't really blame them this got buried after five years.


Those municipalities should dump Vera and TrueCrypt containers, under eIDAS they should really be using .asice for interoperability.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: