Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Tom O winterfilth at
Thu May 29 03:51:21 PDT 2014

Truecrypt has not properly been audited.

The only audit to date is what has been organised by Matthew Green of Johns
Hopkins University.

I believe there is still more to go on this, but in light of recent events,
one wonders of this is worth it.

On Thursday, May 29, 2014, carlo von lynX <lynX at>

> On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
> > While the jury is still out on how this TrueCrypt issue plays out.
> Hmmm..
> > What are the best alternatives to TrueCrypt for the people we work
> > with and train?
> dm-crypt/LUKS and freeOTFE do provide an alternative,
> but not exactly as easy to use.
> That page is missing an upcoming relevant player there..
> Dyne's Tomb:
> But for now it can only be used from command line.
> As jaromil suggests, there is no true cryptographic safety on
> Windows machines, so you might as well stop trying to do that
> on such a computer.
> Still, I don't get these periodic DoT*-attacks against Truecrypt.
> Last year there was this rumour going around about Truecrypt not
> having been properly audited, and then the code that turned out
> not having been audited for years was openssl.
> Now there is again fear of backdoors in downloadables from some
> well-intended website. But who thinks *he can download binaries
> via the web and expect them to be free of backdoors?
> The whole approach is broken. The web is not trustworthy. You
> need someone to get the source codes, look over it, make sure
> it is the correct one, generate binaries and distribute them
> over safe channels.
> I have been using truecrypt built from sources for a decade now,
> the only trouble it gives me is performance when dealing with
> legacy file systems such as NTFS.
> Please get your paranoia properly structured and oriented to the
> things that are well worth being paranoid about.
> *) denial of trust
> --
>  ircs://
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at <javascript:;>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list