Search Mailing List Archives
[liberationtech] TrueCrypt Alternatives?
waywardgeek at gmail.com
Sun Oct 5 17:56:12 PDT 2014
On Thu, Oct 2, 2014 at 4:28 PM, Eleanor Saitta <ella at dymaxion.org> wrote:
> Field outcomes aren't about math. That's the point I'm trying to make
> The precautionary principle and a Do No Harm approach to software
> development are incredibly important when looking at the requirements
> specification of security tools intended to be used in a hostile
> environment. I cannot stress this strongly enough.
> Real-world field experience is the only reasonable and reliable guide
> for determining the appropriate design of security systems; anything
> else is at best a amateur. For novel capabilities, *careful* field
> testing in moderate risk environments is necessary to establish a
> baseline. Building a real loop with existing training programs to
> ensure that you get field feedback when systems are used is similarly
> Building software because it's cool is fine, as are projects we do
> because we believe in them, but at a certain point, there's a bar.
> Recommending your tools for use in the field in hostile environments
> is that bar. Beyond that bar, we have an ethical obligation to
> attempt to act in a professional manner.
I am on the CipherShed project, which is working to sustain TrueCrypt
while rewriting most of it. I'm working on it because it's cool. I have
zero "field" experience. You described me quite well, I'm afraid.
I really need to understand concerns about TrueCrypt. I got the
game-theory thing. Bad guys keep breaking your fingers because they can't
be sure you don't have more to tell. I get it.
I will have an impact on the code going forward. Also, I am entirely a
pragmatist. I am an engineer, not a cryptographer, and I build stuff that
works in the real world. Can you explain a deniable crypto-system that
fits the real world?
I have enjoyed this thread so far, and I have to say, I lean towards the
guy claiming real-world experience. I think we who are trying to keep
TrueCrypt alive could use your advice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech