TrueCrypt shuts down, the debacle ensues

Status
Not open for further replies.
I have played with Linux in the past (I loved Mandrake) and have used Ubuntu as well. My favorite though has to be Mint in the Cinnamon "edition". I do not know nearly as much about Linux as I do Windows, though it should not be too difficult to master the basics. Time to dust off one of my old laptops and see how it works.

Thanks for all of the information sharing gang!
 
Originally Posted By: uc50ic4more
Originally Posted By: Mystic
Nobody even knows today if they did have a backdoor for a while in OpenBSD.


Good heavens, no. Theo De Raadt, the main OpenBSD developer, is a staunch proponent of privacy and security. OpenBSD is by a long shot the most audited and meticulously (read: pathologically) developed OS's on the planet. Theo is also, by all accounts, nowhere near very friendly and I cannot imagine some soulless police-state suit from the NSA having his attention for too long without being unceremoniously shown the door. OpenBSD is also Canadian so they are not under the authority of the U.S. government.

The BSD family of OS's are also developed in a much more tightly integrated manner than Linux. Linux-based OS's are cobbled-together projects with a kernel (Linux), userland tools (usually from GNU) and user applications from a variety of developers. How they are cobbled together by the enormously large number of distributions and organizations producing them is anarchic and highly chaotic; some are secure and stable, others are bleeding-edge and crashy. The BSD's, in contrast, are an entire OS (kernel + userland utilities) with the applications running atop it. There is a lot more auditing, a lot more consistency and standardization of the code base and fewer developers.


There was a claim in 2010 of the FBI trying to backdoor OpenBSD.

http://www.cnet.com/news/report-of-fbi-back-door-roils-openbsd-community/

I'm surprised the recent events somehow are a 'revelation' to what is being attempted.

An ATT employee reported in 2006 that he spliced an optic cable into a gov't installation.

http://en.wikipedia.org/wiki/Room_641A

US phone companies provide data to US gov't without a warrant the response is to retroactively protect the phone company's from lawsuits.

http://en.wikipedia.org/wiki/Hepting_v._AT%26T

It is unclear why mass amnesia takes place every few years.

Snowden did not have to reveal anything, we needed a conscious populace to add 1 and 1 and get two.
 
Last edited:
Originally Posted By: Mystic
To make a long story short that guy's laptop computer WAS FULL OF MALWARE! I was stunned. I can do a better job defending my computers from malware than that guy. And he was supposed to be an expert!

I can believe it. I've had to provide tech support to the tech installing the camera system at one of my businesses, since the server was Linux and he was out of his element there. In fairness to him, though, I had him to some simple wiring this past week, because I'd rather stay away from that if at all possible.

Many of the security experts, as you indicate, aren't experts at all. They're salesmen. The real issue that they face is that to properly secure a computer doesn't involve the purchase of product, and switching to a more robust operating system (with a bunch of friendly, free help on the net) isn't a model for making money down the road in more consulting fees.
 
Originally Posted By: Garak
Didn't they have some kerfuffle about the licensing of TrueCrypt in the past, too?


Yes, although I do not recall what is was. I know that no Linux distro bundled it by default nor provided it in their repositories. For some reason I also believe there is an issue with "exporting" cryptographic software from the U.S.
 
For what it's worth, I just checked the Wikipedia article, and it seems there had been some controversy about the TrueCrypt License (they had their own) not being really an open source type license, and that the Open Source Initiative said it wouldn't pass for certification as open source if submitted. And, given what's already available in Linux, I wouldn't even bother with TrueCrypt. Also, I had thought that the strong cryptography export restriction in the States was pretty much gone (aside from, perhaps, providing it to certain rogue regimes).
 
Originally Posted By: Garak
And, given what's already available in Linux, I wouldn't even bother with TrueCrypt.


True, but Truecrypt is/ was a handy tool to get encrypted files around different OS's.

Originally Posted By: Garak
(aside from, perhaps, providing it to certain rogue regimes).


I do not at all trust police states to define "rogue regimes". I think police states themselves are rogue regimes when they attempt to control by force of law what software one can and cannot use and redistribute.
 
Staying out of the political argument, we may not trust any state to define rogue regimes, but they can and will define which countries are subject to receiving their exports. Of course, things get much more complicated when it's software or literature or music and the like, versus a shipment of F-16s.

TrueCrypt might have been handy for that, but I think PGP is very useful for that, and is ahead in that matter, even in such a niche market. That's one thing that bugs me about encryption. Getting anyone else to use it, even those with some technical skills, is exceedingly difficult. And, if they're not sure what they're doing, security goes down the toilet. If it's too easy to use, the same thing happens. Obviously, a PGP/GPG key where the private key isn't secured in any fashion and the passphrase is 123456 isn't going to provide a lot of security.

Also, getting people to back up their data is difficult. Try getting them to back up their keys and explain why that's important.
wink.gif
 
Originally Posted By: Garak
That's one thing that bugs me about encryption. Getting anyone else to use it, even those with some technical skills, is exceedingly difficult.


It's been several years that I have trying to get my immediate circle of friends, family and neighbours set up with Thunderbird + Enigmail using GPG keys. It does not help that email encryption buggers up webmail providers' ability to scan the contents of your data in order to cater your advertising.

I really wish it would be part of an OS install, where you would either supply an existing key to import during system install or create one right there; and that key would be automatically set up system-wide: In the file managers' right-click "Encrypt this file/ folder", SSH keys for remote logins to and from others' systems, GPG/ PGP email encryption, etc. Seahorse in Gnome is pretty easy to use (as is, I am sure, the equivalent application in KDE), as is Enigmail.
 
Yep, I've never had problems with them, be it PGP back in the Windows days, or GPG and its front ends in Linux. Oddly enough, in Mint with MATE, one doesn't get an encrypt option in the context menu when setting up encryption, like automatically happens in Ubuntu. That doesn't bug me, since I prefer the command line anyhow, but I can see it bothering many people. Enigmail works exactly the same as it does in Ubuntu.

I wonder what Google would do if everyone started encrypting every thing to and from a gmail account all at once.
wink.gif
 
Originally Posted By: Garak
I wonder what Google would do if everyone started encrypting every thing to and from a gmail account all at once.
wink.gif



They'd start charging a fee, likely!
 
Husmail is, of course, a good alternative, but not really that highly publicized. The Slashdot article could do a better job of distinguishing between actual private key cryptography of contents versus encryption in transit.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Kicking the Microsoft Habit
Replies
15
Views
3K
ToyotaNSaturn
Back
Top