> In other words: how hard should we push for adding support for the > TrueCrypt on-disk format in udisks and friends? (Until 15 minutes ago, > I was convinced that it was the way to go, and prepared to go ping the > right folks about it, but now you've planted some non-negligible > amount of doubt in my mind, so I'm a bit lost in terms of strategy.)
if you want to ease your mind, all information needed regarding both on-disk formats are to be found in the cryptsetup wiki[1][2]. in short: on most systems LUKS with default settings offers a bit better protection against brute force/dictionary attacks on low entropy passphrases. the main difference is TrueCrypt fancying obscurity while LUKS is providing an unencrypted header. other than that its just a different combination of well known crypto - its the implementation that matters, the format itself seems alright. more certainty after the results of a complete crypto audit will finally be available this spring[3] regarding dbus calls to udisks for TrueCrypt support via cryptsetup: imho this doesn't help too much unless your aim is to stall development in userspace even further. from the remains of TrueCrypt another slightly different on-disk format has been established already (VeraCrypt, support will be in cryptsetup 1.7) more interesting are developments like TOTP authentication.[4] recreating the cryptsetup api on top of dbus/udisks is of course possible .. a much more flexible approach would be controlled access to the device mapper from userspace (see [5] and the linked discussion from dm-devel) since udisks and device mapper are very close friends at redhat I'd be eager to hear the pong to your ping - this is not rhetorical either ;) cheers, jasper [1]https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions [2]https://code.google.com/p/cryptsetup/wiki/TrueCryptOnDiskFormat [3]https://cryptoservices.github.io/fde/2015/02/18/truecrypt-phase-two.html [4]http://tools.ietf.org/html/rfc6238 [5]https://code.google.com/p/cryptsetup/issues/detail?id=208
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
