New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TrueCrypt and its forks. #995
Comments
Well… that was weird. Even weirder when you realise TrueCrypt was still being recommended by people like Bruce Schneier and that the audit has not turned up anything new recently. But none of that is weirder than the reason stated on the site:
TrueCrypt was cross-platform, how is it in anyway linked to Windows XP support?! Worth of note however is that the audit will continue, as Green reported to Krebs on Security:
Who knows what the future will bring. |
Wikipedia is still nicely keeping a track of the TrueCrypt story so you do not have to follow everything in the blogosphere yourself. Some key points:
The Gibson Research Corporation is also keeping track of the latest news on their “TrueCrypt Latest Release Repository” where you can still download the latest 7.1a releases from their SSL signed domain. (Do not go downloading from just any TrueCrypt mirror, that’s how people will try to spread back-doored versions.) So far most security researchers I have heard give their opinion have said there is no reason to believe any security problems as of yet and there should be no immediate thread associated with continued use. |
Some more information for readers. I agree that there shouldn't be any immediate threat to continued use, but I still think it may be compromised. |
Reproducing @BigBroza’s take here from #1003:
I am not sure who is behind AdminThe.Net or what their security credentials are, but most of the things mentioned there have been mentioned before. And I mostly agree with this stance, I think there is no real problem with recommending TrueCrypt 7.1a. The way I see it there are two main points for not reinstating TrueCrypt:
|
The developer(s) also recommended using closed source products from large companies which are known to cooperate with the NSA according to Snowden leaked documents (project Bullrun), are you going to follow these recommendations too? I hope not. What I'm trying to say is these recommendations are just way too suspicious to be taken literally. There ought to be something going on we don't know about.
it's not that old, 7.1a was released in 2012, but that doesn't even matter, what matters is no other encryption software has been audited as deeply and as seriously as truecrypt, which makes it by far the most reliable solution at the moment, so unless we are to learn about a concrete flaw by the end of the second phase of the audit, I see no reason to remove truecrypt 7.1a from recommendations Also why were all old revisions, binaries and sources alike, wiped off from the site? To replace them with a version that can not encrypt anymore. These extreme measures are very unusual from developers who would have just lost interest in maintaining a project. This whole affair has actually enforced my conviction about truecrypt being the way to go. If the NSA is trying to put such a drastic end to truecrypt, it ought to mean it is exactly what I should use. And I hope the prism-break project does not exist to relay the NSA desire to know everything about everyone. |
BigBroza makes a lot of sense. The idea is to make it harder for the NSA i and the Swiss Group taking the repository over Seem like encouraging steps... I would more appreciated the validation of The message from TrueCrypt about not to be depended upon since XP isn't Lets be real and look at the bigger picture along with the code. thanks, On Mon, Jun 2, 2014 at 3:53 AM, BigBroza notifications@github.com wrote:
|
so is this it? |
Reopening this to keep people from opening new issues all the time. I was originally planning only to reopen this when new arguments became available.
Maybe. But “something going on we don’t know about” is hardly a valid reason to go against the developers’ wishes in my book. Note that I am not saying their claim that TrueCrypt is suddenly insecure has any merit, I am merely saying I believe a developer has the right to ask for his software to be removed from PRISM Break. If cryptocat were to write a message tomorrow saying they deem their project a failure and urge people to move away from it PRISM Break would remove it from the list. Sure, there would be no reason why people cannot keep using it, the source is out there, and it might still be safe. But why should PRISM Break go against the developers’ wishes?
Only extreme if you believe the encryption works. If the TrueCrypt developers have some hidden reason to brand it “not secure” (as they put it on the website), they may not want to see any continued use of the old versions. (Again, I do not really believe it, but this would be a reasonable explanation.) So are we “[relaying] the NSA desire” or the developers’? Obviously there is no way of knowing. Also note that there is always EncFS. Which is audited and available on several platforms. There is no reason to think TrueCrypt is/was the only alternative. To address your points in #1016:
This is simply not true. The audit “found 8 vulnerabilities, and 3 informational issues”. (Source.) And from an earlier comment by you:
I guess that is ignoring Defuse Security’s audit of EncFS?
To elaborate on @hasufell’s comment back in #1016: if your OS really is backdoored then it would be a walk in the park for the NSA to grab the passkey to your TrueCrypt volumes. You have bigger problems then using TrueCrypt or not. As far as reinstating TrueCrypt: which one do you want? Gibson’s (with independent hashes)? The Swiss? The recreated TrueCrypt website? The archive? Or a more promising fork like CipherShed? For the philosophical or the conspiracy theorists: the message on the TrueCrypt website could be a Lavabit-like situation. They could have received a sealed court-order to implement a backdoor in any and all future versions of TrueCrypt. Part of such an order (like a national security letter) could restrict the developers from speaking about it. Levison chose to shut-down Lavabit, TrueCrypt can’t shut-down a piece of software so they did the next best thing: discredit themselves and make their next and final version only able to decrypt. |
Thank you for reopening this issue, I am sorry to insist on it but I am under the impression it is important enough to think it further.
I am very much aware there is no direct proof so far, sadly, but that shouldn't stop up from using our reason. We do not have a proof that truecrypt has a critical flaw at this point either. But there are just too many whys. We have a message "may contain unfixed security issues" not "it does have that issue". why may instead of does, why is there no detail about the issue, why other versions were removed and why do they advise the use of NSA backdoored solutions instead of credible alternative? If we stick to facts, we have a software which has been audited by crowd funds (about 70,000 USD iirc) exceeding all expectations and showing a real interest in that software, audit which has not revealed any serious flaw. Yes I am aware some minor flaws were discovered, but it just shows the audit has been thorough so far. Another fact, truecrypt is what Snowden himself used, as well as some of the journalists he leaked documents to. http://www.dailydot.com/technology/truecrypt-dead-unsecure/ Yes the truecrypt developers do not claim they have received a national security letter, but we know anybody receiving such a letter could not talk about it. About the nature of the threat encryption softwares pose to NSA access to windows operating systems, we do not know the details about their current level of access and I do not want to enter speculations. We can not assume their methods have not evolved since the Snowden revelations. I wish I could tell you exactly through which module windows will steal your private data but I can't, and even if I knew the methods used are not set into stone and can evolve update after update. What we know for sure according to Microsoft former security advisors such as Caspar Bowden is "We can not trust Microsoft Windows" period. But sometimes we do not have a choice but to use it sadly. What I'm making out of it is, was truecrypt hindering NSA intelligence gathering, and would they need to put an end to it, things could not have happened any differently. Why would they target truecrypt and not other viable options? Perhaps because truecrypt had a lot more potential to get widely used. I am aware this is an opinion and not a fact. But I can not see a more plausible explanation to all of the whys I mentioned before. My problem is right now the prism break website claims "truecrypt has security issues" but we don't know that for sure. The organizer of the TrueCrypt audit, Matthew Green, a security expert and cryptography professor, rather hopes a "volunteer group of programmers can be brought together to continue development of the TrueCrypt code". |
This I can agree with, even if we do not yet reinstate TrueCrypt. Feel free to open-up a pull request with a better message. |
Administrative note: I have changed the title of this issue and labelled it for discussion. Please add all further discussion on reinstating TrueCrypt or substituting one of its forks here. |
i just started using truecrypt about two weeks ago and it works perfectly for me. |
Which version? |
7.1a |
I think what @Cathryne probably meant to say was, "which fork?" |
No, I did mean the version ;-) If @mpmks11 would have said "7.2" I would have recommended one of the 7.1a-forks. |
http://www.theverge.com/2014/12/28/7458159/encryption-standards-the-nsa-cant-crack-pgp-tor-otr-snowden Among the encryption tools the NSA could not crack, surprise, surprise, truecrypt Sarcasm, I'm not really surprised at all, I always knew truecrypt was stopped by a national security letter since that was the only logical explanation and have never stopped using it myself I suggest you read the rest of the article for most useful info about other tools the NSA could not crack |
err what? Did you read the part about "AES implementation susceptible to cache-timing attacks"? The interesting part is now: who will fix it? |
I did not, as I have only had the time to read the surrounding media coverage (e.g. Schneier). Interesting how none of the articles I have seen have highlighted that in the slightest. |
In addition, read
I'm not sure I'd consider an audit anywhere near complete if it doesn't closely examine the Program Flow. |
hasufell, did you miss the documents establishing that even the NSA could not crack truecrypt? ok so if you wouldn't rely on truecrypt, then on what else? based on what? your crusade is a bit suspicious I am highly disappointed in the prism-break project, something certainly isn't right if a project that was originally supposed to make it harder for the nsa, has been warning users against truecrypt for so long, although it was obviously a ploy from the nsa, and although it is established to be one of a select few softwares that cause difficulty to the nsa |
@BigBroza, I would like to point out that none of this are @hasufell’s words. It is the direct findings of the independent audit. Page 14 of the recently released Phase Ⅱ:
I am not a security researching, but the words ‘recover’ and ‘secret keys’ are not something I like to see in a single sentence. The Risk Summary (page 5) puts this vulnerability on a very high risk level, while the ‘sophistication required for an attacker’ is only middle-ish. You can probably assume the NSA has high sophistication, so they would definitely be able to make use of this vulnerability. If that’s the case, who says the NSA wouldn’t be able to start using this vulnerability to obtain your keys? Or aren’t already doing so? |
Honestly, my opinion is that we should _really_ stop pretending that Windows is viable to use whilst persuing this goal of hindering the NSA. If dm-crypt is not a solution because it is not cross platform, then that is complete nonsense. I understand the "stepping stone theory" (i.e. using things on proprietary systems is not completely pointless as it may serve to ease the process to switch to a free system), but you cannot stay on Windows forever and proclaim "I'm secure". Why are you so insistent on something which still has confirmed flaws as hasufell and Zegnat points out? Not only does it have this vulnerability, but I feel the need to reiterate what hasufell said, "who will fix it?". Confirmed flaws and no one to fix it, at least for now. So you seem suspicious if anyone really. I cannot believe you still trust it and use it. Maybe I'm wrong and you're right and it was some successful ploy by the NSA, but I feel the best course of action at the moment is clearly to treat it as lost. Better safe than sorry. |
@vyp
@Zegnat @BigBroza I don't use any sort of disk-encryption, because I think it is useless, unless you are using a laptop abroad. The main attack vector is not to steal your hard drive and decrypt it... it's getting into your pc while you are online and all files are already accessible. But I dare say that dm-crypt is currently a very sensible choice, because it is maintained within the kernel and every code change in the kernel goes through a huge hierarchy of reviewers until it ends up at Linus repo. Sure, that's no guarantee, but developer workflow is an extremely important point when arguing about security/reliability. |
Besides all (and sometimes too sophisticated) debates about truecrypt and its right now completed OSCP-Audit of v7.1a for Windows (see #995 and diverse „closed“ forks), please let us (also) remember what really counts! Some facts about this „Snowden-proven“ piece of disk encryption-software out-on-fire/in-the-wild: Operation Satyagraha In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them. United States v. John Doe In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives. The court's ruling noted that FBI forensic examiners were unable to get past TrueCrypt's encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe's Fifth Amendment right to remain silent legally prevented the Government from making him or her do so. David Miranda On 18 August 2013 David Miranda, partner of journalist Glenn Greenwald, was detained at London's Heathrow Airport by Metropolitan Police while en route to Rio de Janeiro from Berlin. He was carrying with him an external hard drive said to be containing sensitive documents pertaining to the 2013 global surveillance disclosures sparked by Edward Snowden. Contents of the drive were encrypted by TrueCrypt, which authorities said "renders the material extremely difficult to access." Detective Superintendent Caroline Goode stated the hard drive contained around 60 gigabytes of data, "of which only 20 have been accessed to date." She further stated the process to decode the material was complex and "so far only 75 documents have been reconstructed since the property was initially received." Guardian contributor Naomi Colvin concluded the statements were misleading, stating that it was possible Goode was not even referring to any actual encrypted material, but rather deleted files reconstructed from unencrypted, unallocated space on the hard drive, or even plaintext documents from Miranda's personal effects. Glenn Greenwald supported this assessment in an interview with Democracy Now!, mentioning that the UK government filed an affidavit asking the court to allow them to retain possession of Miranda's belongings. The grounds for the request were that they could not break the encryption, and were only able to access 75 of the documents that he was carrying, which Greenwald said "most of which were probably ones related to his school work and personal use." James DeSilva In February 2014, IT department employee James DeSilva was arrested on charges of sexual exploitation of a minor through the sharing of explicit images over the Internet. His computer, encrypted with TrueCrypt, was seized, and DeSilva refused to reveal the password. Forensics detectives from the Maricopa County Sheriff's Office were unable to gain access to his stored files. |
@izmine how does any of the help after the disclosure of high-severity vulnerabilities? You want to recommend software that is both discontinued and known to be vulnerable? Those two elements don't play well together. So I ask again: who is going to fix it? Who is properly maintaining that codebase? |
As far as forks go, I had high hopes for CipherShed. They shared their thoughts on the Phase Ⅰ very openly and you can look up exactly who are leading the project. They have been terribly silent as of late though. A lot of what we are talking about here depends on your personal threat level. Like @hasufell said, you probably do not even need full-disk encryption simply because someone stealing your drives isn’t part of your personal threat model. PRISM Break however deals with the highest threat level possible: a nation-size opponent targeting you specifically. You are trying to keep your hard drive encrypted when facing an organisation that has been able to cast a dragnet over the entire internet, bringing in all sorts of communications, like the NSA. Or an organisation that has spend 20 years developing tools to wiretap you using firmware, something essential to use any of your hardware, like the Equation Group. These two may even be the same organisation. I can certainly belief that the local sheriff’s office’s ‘forensics detectives’ were unable to crack AES. Or that the limited time U.K. officials had with Miranda’s hard drives would allow them to do any sort of statistical inference on the secret key. But if you are a nation-sized player with no concern for time or money, what are the chances the Phase Ⅱ report is the first time you hear about TrueCrypt’s flawed AES implementation? Probably slim. And if you already knew about these flaws, would you already have developed the software needed to automate the timing attacks on TrueCrypt volumes? Probably so. As a website that is trying to stop the such a big opponent from storing a copy of your hard drive and slowly hack away at its protection, should PRISM Break recommend a tool that now has a publicly documented flaw? No. And there-in lies the real crutch. Sure you can do just as Bruce Schneier and keep using TrueCrypt to protect your data. And you will probably be fine. However, PRISM Break should be recommending the many other encryption implementations that do not have known flaws. If dm-crypt is using an AES implementation that is not vulnerable to timing attacks, it is obvious we have to recommend that over TrueCrypt. |
"how does any of the help after the disclosure of high-severity vulnerabilities?" (hasufell) CryptAcquireContext may silently fail in unusual scenarios - Cryptography - High "should PRISM Break recommend a tool that now has a publicly documented flaw?" (zegnat) YES! (1) It does what it should do. "I can certainly belief that the local sheriff’s office’s ‘forensics detectives’ were unable to crack AES. Or that the limited time U.K. officials had with Miranda’s hard drives would allow them to do any sort of statistical inference on the secret key." "Belief" forgot these above examples: FBI, "limited"? NSA, "un"limited? Remember: considering TC to be 'catastrophic', the NSA and GHCQ aren't amused. Also remember: an absolute insider-in-exile confirmed they can't crack. (2) "Not a security researching", but security researchers say: The cache-timing issue is not a problem unless you're on a server like setting. Their conclusion in general: There is no real vulnerability despite the high rating given by the report. (3) None of the alternatives is more and better audited by scientific experts. |
"As far as forks go, I had high hopes for CipherShed. They shared their thoughts on the Phase ? very openly and you can look up exactly who are leading the project. (1) Besides that: "very openly ... terribly silent", does "hope" really know "who are leading the CS-project"? For example: Jason Pyeron, a member of the project management committee and one of the security developers works for DISA, a government agency. We should do our research on each and every project member. (2) All open-source solutions are vulnerable to pre-computed digest attacks. (3) There is no scientific audit by independent experts for all of them. |
… except decrypt and encrypt your data without opening you up for attacks.
I don’t know what their limits are, I just know the examples you gave me and they don’t tell me much. Even if I want to believe in what Snowden says, it is not like he told us about e.g. the Equation Group who may have messed with the hardware currently in your PC. Snowden was a contractor, and within the NSA people are questioning why a contractor would have been able to see as much as he did. We may easily assume there are complete servers full of higher-classified material that Snowden never saw. But to refute some more of your examples:
3 independent researchers from the nccgroup have stated that the cache timing attack has a high risk and only medium sophistication, making it a high severity vulnerability. 1 not-so-independent developer of a TrueCrypt fork then said it wasn’t as high a vulnerability as the report made it seem. Whenever I am asked to make the choice I would probably side with the published report rather than a forum post, but that is just me.
This I agree with. This is also why CipherShed is telling you to use the now-audited TrueCrypt rather than their fork ’til it comes out of beta. That does not mean PRISM Break should be recommending TrueCrypt though. As for security people being associated with a government organisation, I wish you good luck trying to find a mathematician that has not at some point received government funding. Believe it or not, governments fund the lionshare of security research because nobody else cares. Even the Tor project is funded that way. Seeing someone the government trusts with their security work on something for the masses is a plus in my book. As long as other people keep them straight. Also, I would rather have someone working on my security who I know works for the government than a group of anonymous programmers. But again, that might just be me. Nothing you have said is really making a case for including anything new on PRISM Break, so I am not sure what we are arguing about, but I hope I have made my personal views clear on the current TrueCrypt-et-al-sphere. |
So they are not going to fix it? |
"So they are not going to fix it?" (hasufell) In your eyes, if so important just do it! Fixing this cache-timing issue would be much appreciated. But... (1) As security researchers said, there seems to be no REAL need at the moment:
Therefore, work on other issues has priority. (2) Your alternative PRISM Break-favorites are vulnerable too. Maybe you got more detailed information. Are they going to fix their pre-computed digest issue? (3) And again, there isn't any scientific audit by independent experts for all of the other disc-encryption solutions! None of its alternatives is more and better audited than TrueCrypt*. So, their results and the above both said in mind: Yes, I do recommend! Because TC v7.1a is both mature and stable and up-to-date: "Not perfect, but secure". At the moment I see hardly any better. *) (Thx for linking to: http://caselaw.findlaw.com/us-11th-circuit/1595245.html) |
What “security researchers” (multiple?) said this? I only see the VeraCrypt developer himself say this and no independent researchers. The three independent researchers that are known to have done an audit flagged this with a high rating.
Again, only the VeraCrypt developer has said this. In the forum thread you linked user AndreasAll says “multi-user systems” will be affected, which I belief to include your completely standard Windows installation in an average home.
Which ones? dm-crypt? DiskCryptor? PRISM Break is not recommending any form of TrueCrypt at the moment.
EncFS is recommended by PRISM Break and has been audited. This is even flagged on the website with a green label. So saying none have had a publicised audit is simply false. |
I will probably never use VeraCrypt or any of the TrueCrypt forks. I don't even use dm-crypt or any other disk-encryption tool. So why should I fix it? The point was that in order to recommend a TrueCrypt fork it is important to know how upstream behaves and that includes their reaction to an audit (and I'm not sure if arguing about the severity of vulnerabilities is something I like to see). |
Please, allow one word according to (off-topic) ENCFS and its recommendation: (1) By the way. The only one found, is a one-year-old "paid" security audit of "10 hours". Sure, it's not a "joke"? Because, What a contrast to the crowd-funded one-and-half-a-year scientific audit by independent experts around Matthew Green/Kenny Wright! (2) But seriously.
High - Stream Cipher Used to Encrypt Last File Block. Medium - Generating Block IV by XORing Block Number - MACs Not Compared in Constant Time - 64-bit MACs - Editing Configuration File Disables MACs. Low - Same Key Used for Encryption and Authenticatin - File Holes are Not Authenticated. Furthermore, there are 4 POTENTIAL problems mentioned in the paper.
It ignores many STANDARD best-practices in cryptography. Several previously KNOWN vulnerabilities have been reported, which have NOT been completely fixed. (3) In FACT, also according to user-space encrypted file systems is to repeat: "Your alternative PRISM Break-favourites are vulnerable too." So, wonder why PRISM Break does recommend encfs. Will you guys really continue recommending it seriously? While bashing a well-done piece of crypto-software for vulnerabilities under quite NON-REALISTIC circumstances at the same time! |
(1) "EncFS is recommended by PRISM Break. EncFS has been audited. This is even flagged on the website with a green label." (zegnat) Don't COMPARE DIFFERENT kind of solutions! If doing so wrong nevertheless, at least it would be nice to mention clearly that container-based crypto is much stronger by concept than file-system solutions (f.e. metadata-problems*). (2) "So saying none have had a publiced audit is simply false." (zegnat) No, it is not "simply false"! As you can see easily... "There isn't any scientific audit by independent experts for all of the other disc-encryption [!] solutions! None of its [!] alternatives is more and better audited than TrueCrypt" (izmine) http://www.ssi.gouv.fr/IMG/qualification/2009-08-17_2088_sgdn_anssi_sr.pdf In so far, it's absolutely right to say what I say: "Their results and the above both [1+2 in former post] said in mind, TC v7.1a is both mature and stable and up-to-date: 'Not perfect, but secure'. At the moment I see hardly any better." (izmine) (3) What's really wrong, is your citation! And that's not nice changing what is said and meant obviously. Here and now we are discussing the DISCS-AND-PARTITIONS-encryption tool TrueCrypt! Therefore could and should it be compared with its alternatives of same kind of crypto, for example freeOTFE**, VeraCrypt, CipherShed or so but nothing else. The same according to an user-space encrypted file system like encFS! It could and should be compared with the PRISM Break-recommended never audited eCryptfs***. *) Maybe an alternative, because the 7z FORMAT of open source-software 7-ZIP solves this issue of the off-topic encfs-tool: **) freeOTFE offers a portable mode, eliminating the need to install to the computer. There is also freeOTFE Explorer, a system which allows freeOTFE volumes to be accessed without installing software, and on computers where no administrator rights are available. Supporting numerous hash (including SHA-512, RIPEMD-320, Tiger) and encryption algorithms (Including AES, Twofish, and Serpent) in several modes (CBC, LRW, AND XTS), providing a much greater level of flexibility than a number of other OTFE systems. Support for encryped Linux volumes (Cryptoloop "losetup," dm-crypt, and LUKS). ***) This IBM-developed and -maintained (off-topic) crypto-tool isn't audited ever. But it is to believe much harder, that PRISM Break really does and/or wants to continue recommending a tool like ECRYPTFS seriously. |
This will be my last reply on this to hopefully make my stance on both TrueCrypt and its forks clear, and to address some of @izmine’s points. Note that PRISM Break is a community project and my thoughts are in no way indicative of what will and will not end up on the website. Everyone is free to create a pull request for whatever software they want to recommend and make a case for it. If they can gain traction within the community chances are it will be merged in. Regarding TrueCrypt: Thank you for the link to the Ubuntu Privacy Remix Team’s audit of TrueCrypt. I had not seen it before. Even so this only means we now have a second audit of TrueCrypt, and an older version at that. In a previous discussion I made clear that I was against adding software on PRISM Break that was abandoned by their development team. This still holds true for me, even when talking about TrueCrypt. That leaves one of the many forks. As far as I know none of the forks have been audited. So that part of the discussion goes out the window. It becomes a debate of what fork is the best, gets the best support, and if it should be included. The TrueCrypt licence has still not been reviewed by the #IsTrueCryptAuditedYet project which is an issue for PRISM Break. We have previously excluded solutions that were public-source rather than open-source, and we would have to apply the same ruling to TrueCrypt. This is also a potential problem for forks, I previously found a problem with VeraCrypt where it wasn’t complying with the licence by still including the name TrueCrypt in certain files. In fact a problem also noticed by the Ubuntu Privacy Remix Team (p. 7), emphasis mine:
You read that right: “illicit”, forbidden by law. Not to mention how TrueCrypt itself was based on E4M and might itself be infringing on some copyrights there. (I kid you not, this is one of the points on the Roadmap for CipherShed to fix.) I feel much better telling people to use any of the dm-crypt LUKS tutorials linked to on PRISM Break than pointing them at TrueCrypt. If they have no choice but to use a portable encryption solution with the possibility of plausible deniability through hidden volumes, I might tell them to try out TrueCrypt. I will also tell them other people in the security community are using it (e.g. Schneier) and that it has been audited. But I will never use it myself or actively recommend it. Personally I belief there are just too many pitfalls with TrueCrypt, not to mention @hasufell’s legitimate concern about who will be fixing the issues that are being brought up now. Regarding EncFS: I am not comparing EncFS and TrueCrypt on a feature-to-feature basis, only as far as both having had published audits and both wanting to encrypt your files. Mostly I wanted to point out that PRISM Break does include publicly audited encryption software. Wether you belief this audit is enough is up to you. All the points made in the audit are accessible in EncFS’ issue list on the GitHub project and can be discussed there. They are very open about fixing all of the points.
So you do respect an audit when it is paid for by several people, but when one man wants to make software more secure and pays for 20 hours of fulltime work by a security researcher you call it a joke? Igor Sviridov paid Defuse Security for 20 hours of work, 10 hours on EncFS and 10 hours on eCryptfs. Taylor Hornby did this work and published the results. This sounds like a security audit to me. And what “one-and-half-a-year” are you talking about? The Phase Ⅱ audit took more like a month to a month and a half. When Matthew Green posted an update on his blog mid-February only a few weeks had passed since contracting the NCC Group with an open starting date, and the final report was finished mid-March. And what about Hornby’s results? We have included a summary of his conclusion on the PRISM Break website. We felt alright with keeping it as a recommendation because the audit found “EncFS is probably safe as long as the adversary only gets one copy of the ciphertext”. That is reasonable for the number one reason to use encryption: protection in case of hardware theft. If you have made a different conclusion from reading the audit and checking up on EncFS’ current development, please open a new issue and make your case for having it removed. |
CipherShed's Compul wrote (April 2015): "They [4 vulnerabilities found: 1 low - 1 medium - 2 high] do NOT seem to pose a great threat immediately, but are nonetheless ISSUES that will be resolved in CipherShed; first and foremost the AES issue, I would presume, which currently seems more annoying than one may think." https://forum.ciphershed.org/viewtopic.php?f=5&t=80 @hasufell@zegnat: One more vote to cool down and relax a little bit, imho. |
I suggest Gostcrypt |
https://news.ycombinator.com/item?id=7812133
truecrypt.org => truecrypt.sourceforge.net
https://gist.github.com/anonymous/e5791d5703325b9cf6d1
The text was updated successfully, but these errors were encountered: