Search Mailing List Archives
[liberationtech] TrueCrypt Alternatives?
ella at dymaxion.org
Thu Oct 2 13:28:11 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 2014.10.02 20.39, Greg wrote:
> There are different types of deniable encryption systems, with
> very _different_ deniability properties.
What you're failing to see here, I think, is that your adversary is
almost never a cryptographer. You adversary is a goon who likes to
crush fingers, who's heard a rumor that your tool lets people hide
things from him.
He doesn't like it when people hide things from him.
He thinks you're hiding something from him.
He's going to keep crushing your fingers until you prove to him that
You don't have that many fingers left.
> Unlike you, I've done my homework and researched the deniability
> properties of encryption systems and why some are better than
Field outcomes aren't about math. That's the point I'm trying to make
The precautionary principle and a Do No Harm approach to software
development are incredibly important when looking at the requirements
specification of security tools intended to be used in a hostile
environment. I cannot stress this strongly enough.
Real-world field experience is the only reasonable and reliable guide
for determining the appropriate design of security systems; anything
else is at best a amateur. For novel capabilities, *careful* field
testing in moderate risk environments is necessary to establish a
baseline. Building a real loop with existing training programs to
ensure that you get field feedback when systems are used is similarly
Building software because it's cool is fine, as are projects we do
because we believe in them, but at a certain point, there's a bar.
Recommending your tools for use in the field in hostile environments
is that bar. Beyond that bar, we have an ethical obligation to
attempt to act in a professional manner.
: I mean this in the literal sense of the word, not to be in any
way demeaning. There are requirements for professionalism in this
field; operational field outcomes reviews are as much a requirement as
proper code review, cryptoanalytic review, UX testing, QA, and good
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the liberationtech