[liberationtech] TrueCrypt Alternatives?
Guillaume Deuchst
gdeuchst at gmail.com
Thu Oct 2 12:19:25 PDT 2014
> Truecrypt has not properly been audited.
For information, Truecrypt have been audited and agreed in version 6.0a by
ANSSI (French national IT Sec agency).
Rapport (french only) :
http://www.ssi.gouv.fr/fr/produits-et-prestataires/produits-certifies-cspn/certificat_cspn_2008_03.html
2014-10-02 18:54 GMT+05:00 Eleanor Saitta <ella at dymaxion.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2014.10.01 04.22, Greg wrote:
> > On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <ella at dymaxion.org>
> > wrote:
> >> I don't have any field stories that I have permission to share,
> >> but yes, I've heard of specific incidents.
> >
> > Incidents involving our software?
>
> No, incidents involving "deniable" encryption systems.
>
> >> More generally, it represents an utter lack of awareness on the
> >> part of developers for the security risk analysis choices faced
> >> by individuals actually at risk.
> >
> > What lack of awareness?
> >
> > How about you actually try the software before you go around
> > insulting it and its developers?
>
> Have you done field research on the real-world outcomes of deniable
> encryption systems and how they shape the outcome of hostile field
> interrogation? If so, I'd love to see the research that you've done
> that justifies the feature set you've selected, because this would be
> a seriously amazing addition to the field (I'm completely sincere here).
>
> 95+% of the time when I see people talking about deniability, they
> have no direct field experience to back up their assertions of
> utility, and the arguments they make look exactly like yours. If
> you're going to contest my statement, feel free to provide reliable
> field data. Short of that, you're simply wrong here.
>
> > You are welcome to criticize our software based on knowledge and
> > experience that you actually have, but don't go around making up
> > nonsense and applying said nonsense to software that you admit
> > having not tried.
>
> So, game theory is all well and good, but you'll have to excuse me if
> I note that adversaries in the field that are likely to rip your
> fingernails off don't do game theory proofs. Again, field data or
> nothing.
>
> E.
>
> - --
> Ideas are my favorite toys.
> -----BEGIN PGP SIGNATURE-----
>
> iF4EAREIAAYFAlQtWRkACgkQQwkE2RkM0wosIgD+P4NbMFYfFWk9c9oR2uP1pnWz
> 8FoePGWnDU9n38kEd6cA/j2ZvOtQGlUVlGnItrFBr0CFlqEK6F9srLPnZm6qKOss
> =3Tmh
> -----END PGP SIGNATURE-----
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141003/32ec36a0/attachment.html>
More information about the liberationtech
mailing list