[Noisebridge-discuss] Which can I trust more: TrueCrypt or OSX FileVault?

travis+ml-noisebridge at subspacefield.org travis+ml-noisebridge at subspacefield.org
Tue Feb 15 11:49:27 UTC 2011


Ditto.

I've heard there's a few PGP engineers who swear TC is brain damaged,
I just can't ever seem to talk to any of them directly.  I'd love to
hear the arguments, or have a presentation at BAHA.

The best place to ask, BTW, is cryptography at randombit.net.

Almost every system has certain weaknesses.  Yes, even the FDE
systems.  But the open-source systems have a lot of scrutiny.  The OS
vendors systems tend to integrate better, but they have less scrutiny,
and tend to be a little lazy, hoping that nobody will catch them.  The
open-source guys tend to pick that not as a job, but a passion, and so
they tend to do a better job at the "fun" parts (crypto) and not as
good at the boring stuff, like documentation, reliability, etc.

In the end, it's a bit of a toss-up - ease of use versus high scrutiny
of the code.

In practical terms, the crypto is almost never the weakest link.
You'll discover how hard it really is to break when you forget your
passphrase one day.  Oh yeah, it all sounds fine in theory, but when
you're staring at ciphertext and can't do shit until you figure out
how to decrypt it, or give up and reformat, it suddenly doesn't seem
so easy any more. :-)
-- 
Effing the ineffable since 1997. | http://www.subspacefield.org/~travis/
My emails do not usually have attachments; it's a digital signature
that your mail program doesn't understand.
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20110215/b3f15ef3/attachment-0003.sig>


More information about the Noisebridge-discuss mailing list