Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University.
I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. On Thursday, May 29, 2014, carlo von lynX <[email protected]> wrote: > On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote: > > While the jury is still out on how this TrueCrypt issue plays out. > > Hmmm.. > > > What are the best alternatives to TrueCrypt for the people we work > > with and train? > > http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software > > dm-crypt/LUKS and freeOTFE do provide an alternative, > but not exactly as easy to use. > > That page is missing an upcoming relevant player there.. > Dyne's Tomb: http://www.dyne.org/software/tomb/ > But for now it can only be used from command line. > > As jaromil suggests, there is no true cryptographic safety on > Windows machines, so you might as well stop trying to do that > on such a computer. > > Still, I don't get these periodic DoT*-attacks against Truecrypt. > Last year there was this rumour going around about Truecrypt not > having been properly audited, and then the code that turned out > not having been audited for years was openssl. > > Now there is again fear of backdoors in downloadables from some > well-intended website. But who thinks *he can download binaries > via the web and expect them to be free of backdoors? > > The whole approach is broken. The web is not trustworthy. You > need someone to get the source codes, look over it, make sure > it is the correct one, generate binaries and distribute them > over safe channels. > > I have been using truecrypt built from sources for a decade now, > the only trouble it gives me is performance when dealing with > legacy file systems such as NTFS. > > Please get your paranoia properly structured and oriented to the > things that are well worth being paranoid about. > > > *) denial of trust > > -- > http://youbroketheinternet.org > ircs://psyced.org/youbroketheinternet > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected] <javascript:;>. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
