Search Mailing List Archives
[liberationtech] TrueCrypt Alternatives?
winterfilth at gmail.com
Thu May 29 03:51:21 PDT 2014
Truecrypt has not properly been audited.
The only audit to date is what has been organised by Matthew Green of Johns
I believe there is still more to go on this, but in light of recent events,
one wonders of this is worth it.
On Thursday, May 29, 2014, carlo von lynX <lynX at time.to.get.psyced.org>
> On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
> > While the jury is still out on how this TrueCrypt issue plays out.
> > What are the best alternatives to TrueCrypt for the people we work
> > with and train?
> dm-crypt/LUKS and freeOTFE do provide an alternative,
> but not exactly as easy to use.
> That page is missing an upcoming relevant player there..
> Dyne's Tomb: http://www.dyne.org/software/tomb/
> But for now it can only be used from command line.
> As jaromil suggests, there is no true cryptographic safety on
> Windows machines, so you might as well stop trying to do that
> on such a computer.
> Still, I don't get these periodic DoT*-attacks against Truecrypt.
> Last year there was this rumour going around about Truecrypt not
> having been properly audited, and then the code that turned out
> not having been audited for years was openssl.
> Now there is again fear of backdoors in downloadables from some
> well-intended website. But who thinks *he can download binaries
> via the web and expect them to be free of backdoors?
> The whole approach is broken. The web is not trustworthy. You
> need someone to get the source codes, look over it, make sure
> it is the correct one, generate binaries and distribute them
> over safe channels.
> I have been using truecrypt built from sources for a decade now,
> the only trouble it gives me is performance when dealing with
> legacy file systems such as NTFS.
> Please get your paranoia properly structured and oriented to the
> things that are well worth being paranoid about.
> *) denial of trust
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech