h3artbl33d  1d ago

Another day, another hit of a clusterfuck dropped by Microslop...

https://techcrunch.com/2026/04/08/veracrypt-encryption-software-windows-microsoft-lock-boot-issues/

Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account | TechCrunch

The maker of the popular open-source file encryption software VeraCrypt said Microsoft locked his online account, which may prevent device owners from booting up their computers.

TechCrunch
Show threadh3artbl33d  1d ago

Oh they did the same honors to Wireguard: https://news.ycombinator.com/item?id=47687884

WTAF.

Gooooo #OpenBSD

This is the same problem I'm currently facing with WireGuard. No warning at all,... | Hacker News

Show threadPLA_90611417h ago

On the lemmy wires I've read that it has happened with three specific accounts

It's a coordinated attack. Microsoft wants these programs to disappear from its ecosystems. No one has access to drives and systems which are encrypted with these programs apart from the owner.

https://lemmy.world/post/45356143

@h3artbl33d

#InfoSec #programming #encryption #VeraCrypt #WireGuard #WindScribe #technology #microSlop

Microsoft Mysteriously Freezes Accounts for VeraCrypt, WireGuard, Windscribe - Lemmy.World

Lemmy

Show threadh3artbl33d  14h ago

@PLA_906114

Yeah - there was a bypass for BitLocker because of the rather complex design of it ("enterprise customers").

A bypass. For full disk encryption. I repeat: a bypass.

Show threadh3artbl33d  14h ago

@PLA_906114

I think it was this one: https://media.ccc.de/v/39c3-bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets

BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets

media.ccc.de
Show threadRairii   14h ago
@h3artbl33d @PLA_906114 not just one. https://github.com/Wack0/bitlocker-attacks
GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker

A list of public attacks on BitLocker. Contribute to Wack0/bitlocker-attacks development by creating an account on GitHub.

GitHub
Show threadh3artbl33d  14h ago

@Rairii @PLA_906114

Indeed. I am aware of the history - exactly the reason why if a Microslop desktop is a must, so is VeraCrypt.

Encryption that can be bypassed shouldn't be referred to as encryption.

Show threadRairii   14h ago
@h3artbl33d @PLA_906114 technically it's only the default settings that allow for attacks that lead to dumping the derived volume keys

like, if you have osdevice bitlocker key protector set to TPM+PIN+USB, the only way an attacker is deriving the volume key is by having that PIN and USB (so would require an evil cleaner attack to exploit those vulns).

unfortunately almost nobody changes the settings from the defaults

and yet people have still had actual data loss due to automatic bitlocker, which should never have been a fucking thing in my opinion. MS says it's fine because the recovery key gets escrowed to MS account on login (which also gives a way for law enforcement to get it without needing exploits!), but this is never ever mentioned in setup and people log in with like school accounts that get deleted later and such...
Show threadh3artbl33d  14h ago

@Rairii @PLA_906114

Yeah - I believe that it is (or was?) an option to disable the TPM in the group policy editor and enforce the combination of a passphrase + keydrive.

Perhaps I am a bit much of a tinfoil hat wearer, but I do not trust BitLocker at all. I do not trust Microslop or their sloperating system. Still, need to encrypt all the things, so this is where VeraCrypt comes in for me. The least worst option.

Show threadPLA_90611414h ago

One of my first interactions with encryptions was PGP, by Philip Zimmermann

I wanted certain emails to be encrypted with a public private key pair combination

In reading Zimmermann, documentation I noticed that there could be something wrong.

Source code openness and other eyeballs were needed.

## We got that in openGPG

I've NEVER trusted closed source encryption schemes.

I sometimes also verify if the shadow that's following me is actually mine

@h3artbl33d @Rairii

#InfoSec #programming #encryption #VeraCrypt #WireGuard #WindScribe #technology #microSlop

Show threadR.L. Dane    🍵 14h ago

@PLA_906114 @h3artbl33d @Rairii

Absolutely. I kinda see the hierarchy like this:

Frequently audited FOSS encryption > audited ONCE FOSS encryption > unaudited FOSS encryption > closed source encryption > closed source encryption with "new and innovative/experimental" encryption algorithms > closed source encryption with unspecified/proprietary/secret encryption algorithms.

@Dendrobatus_Azureus

Show threadRairii   14h ago
@rl_dane @PLA_906114 @h3artbl33d @Dendrobatus_Azureus if it's popular, it will (eventaully) get researched. "closed source" can otherwise be written as "reversing skill issue"
Show threadRairii   14h ago
@rl_dane @Dendrobatus_Azureus @PLA_906114 @h3artbl33d and "closed source encryption with "new and innovative/experimental" encryption algorithms" and "closed source encryption with unspecified/proprietary/secret encryption algorithms" definitely can attract reversers, if they know about it and can get the samples.
Show threadR.L. Dane    🍵 

@Rairii @h3artbl33d @Rairii @Dendrobatus_Azureus @PLA_906114

I'm not saying that novel encryption schemes are inherently bad, but "encryption math is very hard," and you can't trust the implementation, yeah.

And too many times, the "new and innovative encryption scheme" is just glorified XOR/ROT13 anyway. XD

4:42pmWeb
Show threadPLA_90611413h ago

Glorified ROT13 spawned a ROTFL 😂 here ;)

@rl_dane @Rairii @h3artbl33d @Dendrobatus_Azureus

Show threadroyal11h ago
@rl_dane @Rairii @h3artbl33d @Dendrobatus_Azureus @PLA_906114 rot26