[liberationtech] TrueCrypt Alternatives?

[Security First]

Hi everyone,

While the jury is still out on how this TrueCrypt issue plays out.
With TC such a big part of the furniture in LibTech community
practises, lessons, manuals, advice, etc., the question I'm sure a lot
of us are thinking is:

What are the best alternatives to TrueCrypt for the people we work
with and train?

Is there anything that comes close in terms of open source, cross
platform etc? (Pity about the TC license issues as it would be great
to see people in the community who might want to fork it and carry it
on.)

All the best,
Rory
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Not an Emergency: Has TrueCrypt.org been Hijacked?

[Rich Kulawiec]

On Wed, May 28, 2014 at 07:42:02PM -0400, Griffin Boyce wrote:
   My suspicion is that either they were hacked (and had their key
 stolen), or that they were ordered to shutdown and recommend
 Microsoft's (presumably backdoored) BitLocker as a replacement.
 BitLocker's enterprise documentation makes me *incredibly*
 suspicious that it is susceptible to monitoring by third-parties.

If it's the latter, and I'll certainly grant that's a possibility,
then it was a short-sighted move on the part of whoever's responsible,
since TrueCrypt's source is available to anyone who wants to restart
the project elsewhere.  Someone will, and they'll use the results of
the just-completed code audit to improve it.

(And yes, I presume BitLocker is quite thoroughly backdoored.)

   Pardon my tinfoil hat.

Not a problem: the bar for tinfoil hat has been raised considerably
in the last year.

---rsk
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[carlo von lynX]

On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
 While the jury is still out on how this TrueCrypt issue plays out.

Hmmm..

 What are the best alternatives to TrueCrypt for the people we work
 with and train?

http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

dm-crypt/LUKS and freeOTFE do provide an alternative,
but not exactly as easy to use.

That page is missing an upcoming relevant player there..
Dyne's Tomb:   http://www.dyne.org/software/tomb/
But for now it can only be used from command line.

As jaromil suggests, there is no true cryptographic safety on
Windows machines, so you might as well stop trying to do that
on such a computer.

Still, I don't get these periodic DoT*-attacks against Truecrypt.
Last year there was this rumour going around about Truecrypt not
having been properly audited, and then the code that turned out
not having been audited for years was openssl.

Now there is again fear of backdoors in downloadables from some
well-intended website. But who thinks *he can download binaries
via the web and expect them to be free of backdoors?

The whole approach is broken. The web is not trustworthy. You
need someone to get the source codes, look over it, make sure
it is the correct one, generate binaries and distribute them
over safe channels.

I have been using truecrypt built from sources for a decade now,
the only trouble it gives me is performance when dealing with
legacy file systems such as NTFS.

Please get your paranoia properly structured and oriented to the
things that are well worth being paranoid about.


*) denial of trust

-- 
http://youbroketheinternet.org
 ircs://psyced.org/youbroketheinternet
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[Tom O]

Truecrypt has not properly been audited.

The only audit to date is what has been organised by Matthew Green of Johns
Hopkins University.

I believe there is still more to go on this, but in light of recent events,
one wonders of this is worth it.

On Thursday, May 29, 2014, carlo von lynX l...@time.to.get.psyced.org
wrote:

 On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote:
  While the jury is still out on how this TrueCrypt issue plays out.

 Hmmm..

  What are the best alternatives to TrueCrypt for the people we work
  with and train?

 http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

 dm-crypt/LUKS and freeOTFE do provide an alternative,
 but not exactly as easy to use.

 That page is missing an upcoming relevant player there..
 Dyne's Tomb:   http://www.dyne.org/software/tomb/
 But for now it can only be used from command line.

 As jaromil suggests, there is no true cryptographic safety on
 Windows machines, so you might as well stop trying to do that
 on such a computer.

 Still, I don't get these periodic DoT*-attacks against Truecrypt.
 Last year there was this rumour going around about Truecrypt not
 having been properly audited, and then the code that turned out
 not having been audited for years was openssl.

 Now there is again fear of backdoors in downloadables from some
 well-intended website. But who thinks *he can download binaries
 via the web and expect them to be free of backdoors?

 The whole approach is broken. The web is not trustworthy. You
 need someone to get the source codes, look over it, make sure
 it is the correct one, generate binaries and distribute them
 over safe channels.

 I have been using truecrypt built from sources for a decade now,
 the only trouble it gives me is performance when dealing with
 legacy file systems such as NTFS.

 Please get your paranoia properly structured and oriented to the
 things that are well worth being paranoid about.


 *) denial of trust

 --
 http://youbroketheinternet.org
  ircs://psyced.org/youbroketheinternet
 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu javascript:;.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[carlo von lynX]

On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote:
 Truecrypt has not properly been audited.
 
 The only audit to date is what has been organised by Matthew Green of Johns
 Hopkins University.
 
 I believe there is still more to go on this, but in light of recent events,
 one wonders of this is worth it.

You mean Heartbleed?

Nothing in the whole industry is properly audited,
some stuff is just sufficiently old.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[Tom O]

No I mean TrueCrypt

Site is is truecryptauditedyet.com

Heartbleed was a vuln found by researchers at Google (Heel Mehta), not the
result of an audit.

I assure you that there are significant software projects that go through
intense auditing.

Nothing is secure, but there are some things less secure than others.
On 29 May 2014 22:37, carlo von lynX l...@time.to.get.psyced.org wrote:

 On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote:
  Truecrypt has not properly been audited.
 
  The only audit to date is what has been organised by Matthew Green of
 Johns
  Hopkins University.
 
  I believe there is still more to go on this, but in light of recent
 events,
  one wonders of this is worth it.

 You mean Heartbleed?

 Nothing in the whole industry is properly audited,
 some stuff is just sufficiently old.

 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[Tom O]

Sorry the link should be www.istruecryptauditedyet.com
On 29 May 2014 22:37, carlo von lynX l...@time.to.get.psyced.org wrote:

 On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote:
  Truecrypt has not properly been audited.
 
  The only audit to date is what has been organised by Matthew Green of
 Johns
  Hopkins University.
 
  I believe there is still more to go on this, but in light of recent
 events,
  one wonders of this is worth it.

 You mean Heartbleed?

 Nothing in the whole industry is properly audited,
 some stuff is just sufficiently old.

 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] TrueCrypt Alternatives?

[taxakis]

For those with imminent interest:
http://rpmfusion.org/Package/realcrypt

cheers
/t

 -Original Message-
 From: liberationtech
[mailto:liberationtech-boun...@lists.stanford.edu]
 On Behalf Of carlo von lynX
 Sent: Thursday, May 29, 2014 2:37 PM
 To: liberationtech
 Subject: Re: [liberationtech] TrueCrypt Alternatives?
 
 On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote:
  Truecrypt has not properly been audited.
 
  The only audit to date is what has been organised by Matthew Green
of
  Johns Hopkins University.
 
  I believe there is still more to go on this, but in light of recent
  events, one wonders of this is worth it.
 
 You mean Heartbleed?
 
 Nothing in the whole industry is properly audited, some stuff is just
 sufficiently old.
 
 --
 Liberationtech is public  archives are searchable on Google.
Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing
moderator
 at compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Thomas Piketty, Karl Marx and the Internet

[Christian Fuchs]

Fuchs, Christian. 2014. Thomas Piketty’s Book “Capital in the 
Twenty-First Century”, Karl Marx and the Political Economy of the 
Internet. tripleC: Communication, Capitalism  Critique 12 (1): 413-430.


http://www.triple-c.at/index.php/tripleC/article/view/575

Abstract
Thomas Piketty’s book Capital in the Twenty-First Century has resulted 
in a sustained political and academic debate about capitalism in the 
21st century. This article discusses the relevance of the book in the 
context of Karl Marx’s works and the political economy of the Internet. 
It identifies 3 common reactions to Piketty’s book: 1) dignification; 2) 
denigration of the work’s integrity; 3) the denial of any parallel to 
Marx. I argue that all three reactions do not help the task of creating 
a New Left that is urgently needed in the situation of sustained 
capitalist crisis. Marxists will certainly view Piketty’s analysis of 
capitalism and political suggestions critically. I argue that they 
should however not dismiss them, but like Marx and Engels aim to 
radicalise reform suggestions. In relation to the Internet, this paper 
discusses especially how insights from Piketty’s book can inform the 
discussion of tax avoidance by transnational Internet companies such as 
Google, Facebook and Amazon. For establishing an alternative, 
non-commercial, non-capitalist Internet one can draw insights about 
institutional reforms and progressive capital taxation from Piketty that 
can be radicalised in order to ground radical-reformist Internet politics.


“The daily struggle for reforms, for the amelioration of the condition 
of the workers within the framework of the existing social order, and 
for democratic institutions, offers to the social democracy the only 
means of engaging in the proletarian class war and working in the 
direction of the final goal-the conquest of political power and the 
suppression of wage labor. Between social reforms and revolution there 
exists for the social democracy an indissoluble tie. The struggle for 
reforms is its means; the social revolution, its aim” (Rosa Luxemburg 
1899, 41).


--
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

[liberationtech] Would you like to help improve our beginner's guide to email encryption?

[Zak Rogoff]

Hello everyone,

On Thursday, June 5th, the FSF is planning to release a getting-started
guide to GnuPG with Enigmail in Thunderbird-like email clients. We're
looking for new and experienced GnuPG users to test out the guide and
give us feedback, in the hopes of making a guide like no other.

If you'd like to help, please email z...@fsf.org to let me know no later
than this Tuesday, June 3rd.


-- 
Zak Rogoff

Campaigns Manager
Free Software Foundation
GPG ID: B5090AC8
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Here is a list of TrueCrypt compatible disk encryption tools

[Nicholas Merrill]

Here's a list of Truecrypt compatible file encryption software .. some
compromises required, but maybe it will suffice for the time being

http://www.hacker10.com/encryption-software-2/list-of-truecrypt-compatible-encryption-software/

-Nick

-- 
Nicholas Merrill
Executive Director
The Calyx Institute
287 Spring Street
New York, NY 10013
email: n...@calyx.com
xmpp:  n...@calyxinstitute.org

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.