TrueCrypt compromised by ?????

alexntg

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

scottalanmiller

@technobabble said:

Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

And requires different tools on different platforms.

scottalanmiller

@alexntg said:

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

Long ago just a little. Use LUKS now.

alexntg

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

Long ago just a little. Use LUKS now.

Did you audit TrueCrypt?

scottalanmiller

@alexntg said:

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

Long ago just a little. Use LUKS now.

Did you audit TrueCrypt?

Not relevant. I'm not and was not on the security team. That's redirection.

Companies that I've worked at did code audits, certainly.

technobabble

@alexntg Good to know, thanks!

alexntg

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

Long ago just a little. Use LUKS now.

Did you audit TrueCrypt?

Not relevant. I'm not and was not on the security team. That's redirection.

Companies that I've worked at did code audits, certainly.

Completely relevant! Did the company you were working for when you used TrueCrypt audit the source code for it? If they did, great. If not, there's no difference from using a closed source product, in that you assumed/trusted that it was secure.

alexntg

@scottalanmiller said:

@technobabble said:

Unless I am mistaken Bit locker is only for enterprise which is another reason its not a good replacement.

And requires different tools on different platforms.

For Windows 8/8.1, all it requires is a computer running Windows Pro or better. Windows 7 required a computer running Windows Enterprise and either a TPM or thumb drive.

Nic

Looks like someone might pick up the torch on TrueCrypt: https://au.news.yahoo.com/thewest/business/technology/a/23969633/

scottalanmiller

@alexntg said:

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

@alexntg said:

@scottalanmiller said:

No. But every company and every individual had the right and the ability to audit. That's important. Companies have coverage tools that they use all the time on this stuff.

Have you used TrueCrypt before?

Long ago just a little. Use LUKS now.

Did you audit TrueCrypt?

Not relevant. I'm not and was not on the security team. That's redirection.

Companies that I've worked at did code audits, certainly.

Completely relevant! Did the company you were working for when you used TrueCrypt audit the source code for it? If they did, great. If not, there's no difference from using a closed source product, in that you assumed/trusted that it was secure.

Still different in that you can audit anytime and others can audit. And you can monitor changes over time.

scottalanmiller

@Nic said:

Looks like someone might pick up the torch on TrueCrypt: https://au.news.yahoo.com/thewest/business/technology/a/23969633/

Indeed. This is why open source matters. The community can protect itself. And now there are public audits going on too!

http://news.softpedia.com/news/TrueCrypt-Not-Dead-Forked-and-Relocated-to-Switzerland-444447.shtml

technobabble

But it's not open source, as it contains distribution and copyright-liability restrictions. Perhaps it is close enough especially now that it's been discontinued.

scottalanmiller

@technobabble said:

But it's not open source, as it contains distribution and copyright-liability restrictions. Perhaps it is close enough especially now that it's been discontinued.

What do you mean? It's not discontinued. Nor is it not open source. The license is odd, but those things don't limit it's openness.

Nic

Doesn't matter what the license says. The devs will never do anything if you violate their license and fork the code, as they prefer to remain anonymous.

technobabble

@scottalanmiller I should have said abandoned.

scottalanmiller

@Nic said:

Doesn't matter what the license says. The devs will never do anything if you violate their license and fork the code, as they prefer to remain anonymous.

Good point.