* [dm-crypt] truecrypt - what's the real story behind it? @ 2015-02-08 9:45 U.Mutlu 2015-02-08 10:03 ` Milan Broz 0 siblings, 1 reply; 9+ messages in thread From: U.Mutlu @ 2015-02-08 9:45 UTC (permalink / raw) To: dm-crypt Hi, the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt. I now compiled truecrypt-7.1a, and it looks not bad. I wonder why some people say truecrypt is no more secure. Which part or method of truecrypt is allegedly broken? Can't be fixed? And: is full truecrypt functionality integrated in cryptsetup tool? I mean the create-options below. Here's a manually done "create"-session with the available options: # truecrypt -c Volume type: 1) Normal 2) Hidden Select [1]: 1 Enter file or device path for new volume: /home/testuser/truecrypt-tests/enc.tcf Enter volume size (sizeK/size[M]/sizeG): : 250M Encryption algorithm: 1) AES 2) Serpent 3) Twofish 4) AES-Twofish 5) AES-Twofish-Serpent 6) Serpent-AES 7) Serpent-Twofish-AES 8) Twofish-Serpent Select [1]: 3 Hash algorithm: 1) RIPEMD-160 2) SHA-512 3) Whirlpool Select [1]: 1 Filesystem: 1) None 2) FAT 3) Linux Ext2 4) Linux Ext3 5) Linux Ext4 Select [2]: 3 -- cu Uenal ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 9:45 [dm-crypt] truecrypt - what's the real story behind it? U.Mutlu @ 2015-02-08 10:03 ` Milan Broz 2015-02-08 11:53 ` U.Mutlu 2015-02-09 16:12 ` Sven Eschenberg 0 siblings, 2 replies; 9+ messages in thread From: Milan Broz @ 2015-02-08 10:03 UTC (permalink / raw) To: U.Mutlu, dm-crypt On 02/08/2015 10:45 AM, U.Mutlu wrote: > Hi, > the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt. > I now compiled truecrypt-7.1a, and it looks not bad. Please see the https://ciphershed.org project which tries to continue with development. > I wonder why some people say truecrypt is no more secure. > Which part or method of truecrypt is allegedly broken? Can't be fixed? There is no publicly known serious problem there. But there are license and other non-technical problems. You will get more info on devel list of project above. > And: is full truecrypt functionality integrated in cryptsetup tool? I mean the > create-options below. There is full support for mapping existing containers (with some exceptions, see man page). There is intentionally no new container creation support in cryptsetup and I am not planning to add it. We will better invest time to improving LUKS. You can use tcplay or older version of truecrypt for that (or ciphershed when released). Milan ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 10:03 ` Milan Broz @ 2015-02-08 11:53 ` U.Mutlu 2015-02-08 12:02 ` Heinz Diehl 2015-02-09 16:12 ` Sven Eschenberg 1 sibling, 1 reply; 9+ messages in thread From: U.Mutlu @ 2015-02-08 11:53 UTC (permalink / raw) To: dm-crypt Milan Broz wrote, On 02/08/2015 11:03 AM: > On 02/08/2015 10:45 AM, U.Mutlu wrote: >> Hi, >> the cryptsetup tool supports besides plain and luks, also loopaes and truecrypt. >> I now compiled truecrypt-7.1a, and it looks not bad. > > Please see the https://ciphershed.org project which tries to continue with development. > >> I wonder why some people say truecrypt is no more secure. >> Which part or method of truecrypt is allegedly broken? Can't be fixed? > > There is no publicly known serious problem there. But there are license and other > non-technical problems. You will get more info on devel list of project above. Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the authors to abondon truecrypt developement, or was there maybe a mole among the devs?... conspiracy mode off :-) The License.txt of truecrypt-7.1a says: "You may modify This Product (thus forming Your Product), derive new works from This Product or portions thereof (thus forming Your Product), include This Product or portions thereof in another product (thus forming Your Product, unless defined otherwise in Chapter I), and You may use (for non-commercial and/or commercial purposes), copy, and/or distribute Your Product." >> And: is full truecrypt functionality integrated in cryptsetup tool? I mean the >> create-options below. > > There is full support for mapping existing containers (with some exceptions, > see man page). > > There is intentionally no new container creation support in cryptsetup and > I am not planning to add it. > We will better invest time to improving LUKS. The advantage of truecrypt, as I see it, is that it is a multiplatform solution; works even under the Windows cr*p (btw. what's the status of "Microsoft Linux"? :-), they really shouldn't have dropped their Xenix; I had the pleasure to work on it for about 2 years at the end of the 1980ies... As time goes by... > You can use tcplay or older version of truecrypt for that (or ciphershed when > released). Thx, as said truecrypt-7.1a works fine here, but a maintained package is of course better, so I think I'll check the ciphershed release. And thx for the link to their project site; I didn't know of them. There I found also this link with some info about truecrypt's future: https://forum.truecrypt.ch/ > > Milan -- cu Uenal ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 11:53 ` U.Mutlu @ 2015-02-08 12:02 ` Heinz Diehl 2015-02-08 12:09 ` Alex Elsayed 2015-02-08 12:40 ` U.Mutlu 0 siblings, 2 replies; 9+ messages in thread From: Heinz Diehl @ 2015-02-08 12:02 UTC (permalink / raw) To: dm-crypt On 08.02.2015, U.Mutlu wrote: > Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the > authors to abondon truecrypt developement, or was there maybe a mole among > the devs?... conspiracy mode off :-) Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC development was rather financial ones. > The advantage of truecrypt, as I see it, is that it is a multiplatform > solution; works even under the Windows cr*p If you use Wind*ws as your platform, you'll most likely have a lot more serious security problems than a simple "how reliable is TC"... ;-) ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 12:02 ` Heinz Diehl @ 2015-02-08 12:09 ` Alex Elsayed 2015-02-08 12:10 ` Alex Elsayed 2015-02-09 16:16 ` Sven Eschenberg 2015-02-08 12:40 ` U.Mutlu 1 sibling, 2 replies; 9+ messages in thread From: Alex Elsayed @ 2015-02-08 12:09 UTC (permalink / raw) To: dm-crypt Heinz Diehl wrote: > On 08.02.2015, U.Mutlu wrote: > >> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the >> authors to abondon truecrypt developement, or was there maybe a mole >> among >> the devs?... conspiracy mode off :-) > > Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC > development was rather financial ones. > >> The advantage of truecrypt, as I see it, is that it is a multiplatform >> solution; works even under the Windows cr*p > > If you use Wind*ws as your platform, you'll most likely have a lot more > serious security problems than a simple "how reliable is TC"... ;-) Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE for opening LUKS volumes on Windows. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 12:09 ` Alex Elsayed @ 2015-02-08 12:10 ` Alex Elsayed 2015-02-09 16:16 ` Sven Eschenberg 1 sibling, 0 replies; 9+ messages in thread From: Alex Elsayed @ 2015-02-08 12:10 UTC (permalink / raw) To: dm-crypt Alex Elsayed wrote: > Heinz Diehl wrote: > >> On 08.02.2015, U.Mutlu wrote: >> >>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of >>> the authors to abondon truecrypt developement, or was there maybe a mole >>> among >>> the devs?... conspiracy mode off :-) >> >> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC >> development was rather financial ones. >> >>> The advantage of truecrypt, as I see it, is that it is a multiplatform >>> solution; works even under the Windows cr*p >> >> If you use Wind*ws as your platform, you'll most likely have a lot more >> serious security problems than a simple "how reliable is TC"... ;-) > > Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE > for opening LUKS volumes on Windows. Correction; it seems FreeOTFE died while I wasn't looking. This seems to be the replacement: https://en.wikipedia.org/wiki/DoxBox ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 12:09 ` Alex Elsayed 2015-02-08 12:10 ` Alex Elsayed @ 2015-02-09 16:16 ` Sven Eschenberg 1 sibling, 0 replies; 9+ messages in thread From: Sven Eschenberg @ 2015-02-09 16:16 UTC (permalink / raw) To: dm-crypt On Sun, February 8, 2015 13:09, Alex Elsayed wrote: > Heinz Diehl wrote: > >> On 08.02.2015, U.Mutlu wrote: >> >>> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of >>> the >>> authors to abondon truecrypt developement, or was there maybe a mole >>> among >>> the devs?... conspiracy mode off :-) >> >> Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC >> development was rather financial ones. >> >>> The advantage of truecrypt, as I see it, is that it is a multiplatform >>> solution; works even under the Windows cr*p >> >> If you use Wind*ws as your platform, you'll most likely have a lot more >> serious security problems than a simple "how reliable is TC"... ;-) > > Also, while IIRC it doesn't support encrypted rootfs, there _is_ FreeOTFE > for opening LUKS volumes on Windows. Not for -plain64 and/or GPT though. DoxBox is trying to fix these (and some further) things, after Sarah Dean disappeared alltogether and FreeOTFE is no longer maintained. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 12:02 ` Heinz Diehl 2015-02-08 12:09 ` Alex Elsayed @ 2015-02-08 12:40 ` U.Mutlu 1 sibling, 0 replies; 9+ messages in thread From: U.Mutlu @ 2015-02-08 12:40 UTC (permalink / raw) To: dm-crypt Heinz Diehl wrote, On 02/08/2015 01:02 PM: > On 08.02.2015, U.Mutlu wrote: > >> Then I wonder if the NSA/CIA/DHS etc. was involved in the decision of the >> authors to abondon truecrypt developement, or was there maybe a mole among >> the devs?... conspiracy mode off :-) > > Nobody knows but the Truecrypt devs. IMHO the reasons to abandon TC development > was rather financial ones. > >> The advantage of truecrypt, as I see it, is that it is a multiplatform >> solution; works even under the Windows cr*p > > If you use Wind*ws as your platform, you'll most likely have a lot more serious > security problems than a simple "how reliable is TC"... ;-) That's true, of course, but I was thinking of the mass of the other users ie. a million (or billion) fruit-flies can't be wrong... :-) -- cu Uenal ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] truecrypt - what's the real story behind it? 2015-02-08 10:03 ` Milan Broz 2015-02-08 11:53 ` U.Mutlu @ 2015-02-09 16:12 ` Sven Eschenberg 1 sibling, 0 replies; 9+ messages in thread From: Sven Eschenberg @ 2015-02-09 16:12 UTC (permalink / raw) To: dm-crypt On Sun, February 8, 2015 11:03, Milan Broz wrote: > On 02/08/2015 10:45 AM, U.Mutlu wrote: >> Hi, >> the cryptsetup tool supports besides plain and luks, also loopaes and >> truecrypt. >> I now compiled truecrypt-7.1a, and it looks not bad. > > Please see the https://ciphershed.org project which tries to continue with > development. > >> I wonder why some people say truecrypt is no more secure. >> Which part or method of truecrypt is allegedly broken? Can't be fixed? > > There is no publicly known serious problem there. But there are license > and other > non-technical problems. You will get more info on devel list of project > above. AFAIK the preset for number of rounds (iterations) in key derivation is rather low with truecrypt. A good key and/or keyfile with entropy should fix that though. > >> And: is full truecrypt functionality integrated in cryptsetup tool? I >> mean the >> create-options below. > > There is full support for mapping existing containers (with some > exceptions, > see man page). > > There is intentionally no new container creation support in cryptsetup and > I am not planning to add it. > We will better invest time to improving LUKS. I agree, sooner or later we will have LUKSv2 ;-). > > You can use tcplay or older version of truecrypt for that (or ciphershed > when > released). > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -Sven ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-02-09 16:16 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-02-08 9:45 [dm-crypt] truecrypt - what's the real story behind it? U.Mutlu 2015-02-08 10:03 ` Milan Broz 2015-02-08 11:53 ` U.Mutlu 2015-02-08 12:02 ` Heinz Diehl 2015-02-08 12:09 ` Alex Elsayed 2015-02-08 12:10 ` Alex Elsayed 2015-02-09 16:16 ` Sven Eschenberg 2015-02-08 12:40 ` U.Mutlu 2015-02-09 16:12 ` Sven Eschenberg
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.