Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Greg greg at
Fri Oct 3 12:24:09 PDT 2014

On Oct 3, 2014, at 12:04 PM, Steve Weis <steveweis at> wrote:

> Hi Greg. The burden of proof is on Espionage to convince people that
> it is safe. I can't trust it based on marketing claims alone.
> There is not a sufficiently detailed design document on the website,
> much less a battle-tested, peer-reviewed design.

And how many free opensource source encryption utilities like Espionage fit that description?

None? Maybe the defunct TrueCrypt?

As far as crypto goes, we are using scrypt (free/open source) [1] and Apple's disk images (100% closed source).


We're not thrilled about the Apple part. I linked to a review by @ioerror (and someone he worked with) that contains their analysis of it in the r/security link that was mentioned earlier in this thread.

We are investigating ways of removing our dependence on Apple's sparsebundles.

> I don't see any reference to independent third-party audits.

I would love to do a professional audit once we can safely afford one.

In the meantime, those who would like to audit us pro-bono are welcome to so long as they sign the NDA:

BTW, does anyone here want to donate to an audit of Espionage? Cause that would be swell! (Should we start a TrueCrypt-like campaign? I'm not sure that would go over well given that we charge for it.)

> I can't find any indication the development team has security or crypto expertise and I
> cannot personally sign an NDA to view the source code.

I have security expertise, but am not a cryptographer, and therefore I use existing code, like Colin Percival's scrypt.

> If I'm missing something or you're willing to give source access
> without an NDA, please let me know.

Why are you unable to sign the NDA?

> Otherwise, I have to advise people to avoid Espionage.

I'm sorry to hear that. :-(

Here is a list of other software that supports deniability (but not the same kind that Espionage does) that you might want to recommend in its place:

Kind regards,
Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

> On Thu, Oct 2, 2014 at 5:50 PM, Greg <greg at> wrote:
>> Stating a thing does not make it true, not matter how many times it is repeated.
>> It is not "apply". It is apply.
>> Anyone is welcome, so long as they:
>> 1. Are software security professionals. (Nobody else matters in this context, after all.)
>> 2. Don't work for government intelligence agencies.
>> 3. Sign the NDA we give them, the salient points of which are enumerated on our site.
>> They will be given a free license to Espionage.
>> Also, you convince me how to keep providing high quality software and support while simultaneously making Espionage completely free and open source and I will do it in a flash.
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: Unsubscribe, change to digest, or change password by emailing moderator at companys at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list