Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Bill Cox waywardgeek at gmail.com
Sun Oct 5 17:56:12 PDT 2014


On Thu, Oct 2, 2014 at 4:28 PM, Eleanor Saitta <ella at dymaxion.org> wrote:

> Field outcomes aren't about math.  That's the point I'm trying to make
> here.
>
> The precautionary principle and a Do No Harm approach to software
> development are incredibly important when looking at the requirements
> specification of security tools intended to be used in a hostile
> environment.  I cannot stress this strongly enough.
>
> Real-world field experience is the only reasonable and reliable guide
> for determining the appropriate design of security systems; anything
> else is at best a amateur[1].  For novel capabilities, *careful* field
> testing in moderate risk environments is necessary to establish a
> baseline.  Building a real loop with existing training programs to
> ensure that you get field feedback when systems are used is similarly
> critical.
>
> Building software because it's cool is fine, as are projects we do
> because we believe in them, but at a certain point, there's a bar.
> Recommending your tools for use in the field in hostile environments
> is that bar.  Beyond that bar, we have an ethical obligation to
> attempt to act in a professional manner.
>
>
I  am on the CipherShed project, which is working to sustain TrueCrypt
while rewriting most of it.  I'm working on it because it's cool.  I have
zero "field" experience.  You described me quite well, I'm afraid.

I really need to understand concerns about TrueCrypt.  I got the
game-theory thing.  Bad guys keep breaking your fingers because they can't
be sure you don't have more to tell.  I get it.

I will have an impact on the code going forward.  Also, I am entirely a
pragmatist.  I am an engineer, not a cryptographer, and I build stuff that
works in the real world.  Can you explain a deniable crypto-system that
fits the real world?

I have enjoyed this thread so far, and I have to say, I lean towards the
guy claiming real-world experience.  I think we who are trying to keep
TrueCrypt alive could use your advice.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141005/10e99522/attachment.html>


More information about the liberationtech mailing list