> Truecrypt has not properly been audited. For information, Truecrypt have been audited and agreed in version 6.0a by ANSSI (French national IT Sec agency).
Rapport (french only) : http://www.ssi.gouv.fr/fr/produits-et-prestataires/produits-certifies-cspn/certificat_cspn_2008_03.html 2014-10-02 18:54 GMT+05:00 Eleanor Saitta <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 2014.10.01 04.22, Greg wrote: > > On Sep 30, 2014, at 2:48 PM, Eleanor Saitta <[email protected]> > > wrote: > >> I don't have any field stories that I have permission to share, > >> but yes, I've heard of specific incidents. > > > > Incidents involving our software? > > No, incidents involving "deniable" encryption systems. > > >> More generally, it represents an utter lack of awareness on the > >> part of developers for the security risk analysis choices faced > >> by individuals actually at risk. > > > > What lack of awareness? > > > > How about you actually try the software before you go around > > insulting it and its developers? > > Have you done field research on the real-world outcomes of deniable > encryption systems and how they shape the outcome of hostile field > interrogation? If so, I'd love to see the research that you've done > that justifies the feature set you've selected, because this would be > a seriously amazing addition to the field (I'm completely sincere here). > > 95+% of the time when I see people talking about deniability, they > have no direct field experience to back up their assertions of > utility, and the arguments they make look exactly like yours. If > you're going to contest my statement, feel free to provide reliable > field data. Short of that, you're simply wrong here. > > > You are welcome to criticize our software based on knowledge and > > experience that you actually have, but don't go around making up > > nonsense and applying said nonsense to software that you admit > > having not tried. > > So, game theory is all well and good, but you'll have to excuse me if > I note that adversaries in the field that are likely to rip your > fingernails off don't do game theory proofs. Again, field data or > nothing. > > E. > > - -- > Ideas are my favorite toys. > -----BEGIN PGP SIGNATURE----- > > iF4EAREIAAYFAlQtWRkACgkQQwkE2RkM0wosIgD+P4NbMFYfFWk9c9oR2uP1pnWz > 8FoePGWnDU9n38kEd6cA/j2ZvOtQGlUVlGnItrFBr0CFlqEK6F9srLPnZm6qKOss > =3Tmh > -----END PGP SIGNATURE----- > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected]. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
