Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Tom O winterfilth at gmail.com
Thu May 29 03:51:21 PDT 2014


Truecrypt has not properly been audited.

The only audit to date is what has been organised by Matthew Green of Johns
Hopkins University.

I believe there is still more to go on this, but in light of recent events,
one wonders of this is worth it.

On Thursday, May 29, 2014, carlo von lynX <lynX at time.to.get.psyced.org>
wrote:

> On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
> > While the jury is still out on how this TrueCrypt issue plays out.
>
> Hmmm..
>
> > What are the best alternatives to TrueCrypt for the people we work
> > with and train?
>
> http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
>
> dm-crypt/LUKS and freeOTFE do provide an alternative,
> but not exactly as easy to use.
>
> That page is missing an upcoming relevant player there..
> Dyne's Tomb:   http://www.dyne.org/software/tomb/
> But for now it can only be used from command line.
>
> As jaromil suggests, there is no true cryptographic safety on
> Windows machines, so you might as well stop trying to do that
> on such a computer.
>
> Still, I don't get these periodic DoT*-attacks against Truecrypt.
> Last year there was this rumour going around about Truecrypt not
> having been properly audited, and then the code that turned out
> not having been audited for years was openssl.
>
> Now there is again fear of backdoors in downloadables from some
> well-intended website. But who thinks *he can download binaries
> via the web and expect them to be free of backdoors?
>
> The whole approach is broken. The web is not trustworthy. You
> need someone to get the source codes, look over it, make sure
> it is the correct one, generate binaries and distribute them
> over safe channels.
>
> I have been using truecrypt built from sources for a decade now,
> the only trouble it gives me is performance when dealing with
> legacy file systems such as NTFS.
>
> Please get your paranoia properly structured and oriented to the
> things that are well worth being paranoid about.
>
>
> *) denial of trust
>
> --
>             http://youbroketheinternet.org
>  ircs://psyced.org/youbroketheinternet
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu <javascript:;>.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140529/bd0164e2/attachment.html>


More information about the liberationtech mailing list