Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] TrueCrypt Alternatives?

Jonathan Wilkes jancsika at yahoo.com
Tue Sep 30 10:01:17 PDT 2014


Hi Eleanor,
     I understand the logic of the argument, but are there news stories about people being harmed in the field due specifically (or mainly) to deniability of the software they are using?  (Or research on the topic, though I'm not sure how it could be a falsifiable or reproducible.)

-Jonathan


On Tuesday, September 30, 2014 11:58 AM, Eleanor Saitta <ella at dymaxion.org> wrote:
 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.09.28 04.15, Greg wrote:
> Dear Rory,
> 
> See this list on ArsTechnica's forum:
> 
> http://arstechnica.com/civis/viewtopic.php?f=21&t=1245367
> 
> I work for Tao Effect LLC, our software is on that list, and you
> can read about how its plausible deniability compares to
> TrueCrypt's here (forgive this subreddit's insane color scheme):
> 
> http://www.reddit.com/r/security/comments/2b5icu/major_advancements_in_deniable_encryption_arrive/cj24a1n
>
>  In case anyone on this list wants a license, here's a code for
> 15% off: LIBERATIONTECH
> 
> There are 10 of them and you can use them on espionageapp.com 
> <http://espionageapp.com/>. They expire November 1st.

While code available is nice, it's sadly not really sufficient to make
this relevant for the activist world.  Non-multiplatform tools aren't
a replacement for Truecrypt, and having to pay for licenses makes your
tool completely inaccessible to most folks in authoritarian regimes or
in the majority world who may actually need it.  Furthermore, when
dealing with the exigencies of security in the field, having to deal
with license keys at all imposes a serious overhead to expedient
solutions in emergencies.

And finally, the least useful part of Truecrypt is the deniability.
There are very good reasons why tools that attempt to provide
deniability may actually significantly harm field outcomes, something
which developers seem to not understand.  (Also, it's bloody hard to
get right, and almost everyone fails, although I haven't looked at
this solution in particular.)

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlQq0xAACgkQQwkE2RkM0wq0hwD/a/cWXFzWRDtBR9YtzxNvtZra
zDovJhYWMG4mS/SIBjcBAIh6gCKBZOIXcPJ13TasQy9V3H/h4Gu0kIZz5eMBFGci
=K6CP
-----END PGP SIGNATURE-----
-- 
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140930/4a974fc7/attachment-0001.html>


More information about the liberationtech mailing list