[Noisebridge-discuss] Which can I trust more: TrueCrypt or OSX FileVault?
John Menerick
ponies at mayhemiclabs.com
Sun Feb 13 03:20:39 UTC 2011
Lets not talk about your unencrypted user account password(s) left in
the swap file. Whole disk encryption for the win. According to many
cypherpunks, truecrypt is the win when compared to FileVault.
On Sun, Feb 13, 2011 at 12:11 AM, Micah Lee <twopointfour at riseup.net> wrote:
> I trust TrueCrypt more because it's open source and you have control
> over everything, like which cipher to use and the key length. But on the
> other hand, I don't believe it's possible to use TrueCrypt to encrypt
> your whole home folder or your whole hard drive on a Mac.
>
> The reason FileVault isn't enough for the sufficiently paranoid is
> because there are serious attacks that are easy to pull off if you only
> encrypt your home folder. For example, let's say at a border crossing
> they take your computer into another room for half an hour and then
> return it. They might not have access to /Users/youraccount, but they
> have access to everything else. They could have added a rootkit that
> runs on startup, or a keylogger. They could replaced /usr/bin/ssh with a
> trojan version that still works, but records and sends home all the ssh
> credentials you type in. All it takes to decrypt your home folder in the
> future is your user's password, so the attacker could have made a copy
> of your encrypted home folder and added a malicious version of sudo that
> steals your password, or any number of other things.
>
> And I believe there are other math-based attacks against FileVault. And
> FileVault has other issues too. I've heard it doesn't play nice with
> Time Machine backups, and I once had a problem with it not storing my
> default web browser and email client settings for some reason.
>
> It all depends on your paranoia level, but the only way to have real
> full-disk encryption on a Mac (that I know of) is PGP Whole Disk
> Encryption, but it's proprietary and expensive:
> http://www.symantec.com/business/whole-disk-encryption
>
> For Windows, TrueCrypt is your best bet since it has great support for
> whole disk encryption. For Linux I would suggest the built-in encryption
> that comes with Debian/Ubuntu/Fedora and most other distros, luks/dm-crypt.
>
> Micah
>
> On 02/11/2011 11:44 PM, Sai wrote:
>> Assume whatever attack profile you want. Are they equal or is one better?
>>
>> - Sai
>>
>>
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
More information about the Noisebridge-discuss
mailing list