[liberationtech] TrueCrypt Alternatives?
Tom O
winterfilth at gmail.com
Thu May 29 03:51:21 PDT 2014
Truecrypt has not properly been audited.
The only audit to date is what has been organised by Matthew Green of Johns
Hopkins University.
I believe there is still more to go on this, but in light of recent events,
one wonders of this is worth it.
On Thursday, May 29, 2014, carlo von lynX <lynX at time.to.get.psyced.org>
wrote:
> On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
> > While the jury is still out on how this TrueCrypt issue plays out.
>
> Hmmm..
>
> > What are the best alternatives to TrueCrypt for the people we work
> > with and train?
>
> http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
>
> dm-crypt/LUKS and freeOTFE do provide an alternative,
> but not exactly as easy to use.
>
> That page is missing an upcoming relevant player there..
> Dyne's Tomb: http://www.dyne.org/software/tomb/
> But for now it can only be used from command line.
>
> As jaromil suggests, there is no true cryptographic safety on
> Windows machines, so you might as well stop trying to do that
> on such a computer.
>
> Still, I don't get these periodic DoT*-attacks against Truecrypt.
> Last year there was this rumour going around about Truecrypt not
> having been properly audited, and then the code that turned out
> not having been audited for years was openssl.
>
> Now there is again fear of backdoors in downloadables from some
> well-intended website. But who thinks *he can download binaries
> via the web and expect them to be free of backdoors?
>
> The whole approach is broken. The web is not trustworthy. You
> need someone to get the source codes, look over it, make sure
> it is the correct one, generate binaries and distribute them
> over safe channels.
>
> I have been using truecrypt built from sources for a decade now,
> the only trouble it gives me is performance when dealing with
> legacy file systems such as NTFS.
>
> Please get your paranoia properly structured and oriented to the
> things that are well worth being paranoid about.
>
>
> *) denial of trust
>
> --
> http://youbroketheinternet.org
> ircs://psyced.org/youbroketheinternet
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu <javascript:;>.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140529/bd0164e2/attachment.html>
More information about the liberationtech
mailing list