[liberationtech] TrueCrypt Alternatives?
Hi everyone, While the jury is still out on how this TrueCrypt issue plays out. With TC such a big part of the furniture in LibTech community practises, lessons, manuals, advice, etc., the question I'm sure a lot of us are thinking is: What are the best alternatives to TrueCrypt for the people we work with and train? Is there anything that comes close in terms of open source, cross platform etc? (Pity about the TC license issues as it would be great to see people in the community who might want to fork it and carry it on.) All the best, Rory -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Not an Emergency: Has TrueCrypt.org been Hijacked?
On Wed, May 28, 2014 at 07:42:02PM -0400, Griffin Boyce wrote: My suspicion is that either they were hacked (and had their key stolen), or that they were ordered to shutdown and recommend Microsoft's (presumably backdoored) BitLocker as a replacement. BitLocker's enterprise documentation makes me *incredibly* suspicious that it is susceptible to monitoring by third-parties. If it's the latter, and I'll certainly grant that's a possibility, then it was a short-sighted move on the part of whoever's responsible, since TrueCrypt's source is available to anyone who wants to restart the project elsewhere. Someone will, and they'll use the results of the just-completed code audit to improve it. (And yes, I presume BitLocker is quite thoroughly backdoored.) Pardon my tinfoil hat. Not a problem: the bar for tinfoil hat has been raised considerably in the last year. ---rsk -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote: While the jury is still out on how this TrueCrypt issue plays out. Hmmm.. What are the best alternatives to TrueCrypt for the people we work with and train? http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software dm-crypt/LUKS and freeOTFE do provide an alternative, but not exactly as easy to use. That page is missing an upcoming relevant player there.. Dyne's Tomb: http://www.dyne.org/software/tomb/ But for now it can only be used from command line. As jaromil suggests, there is no true cryptographic safety on Windows machines, so you might as well stop trying to do that on such a computer. Still, I don't get these periodic DoT*-attacks against Truecrypt. Last year there was this rumour going around about Truecrypt not having been properly audited, and then the code that turned out not having been audited for years was openssl. Now there is again fear of backdoors in downloadables from some well-intended website. But who thinks *he can download binaries via the web and expect them to be free of backdoors? The whole approach is broken. The web is not trustworthy. You need someone to get the source codes, look over it, make sure it is the correct one, generate binaries and distribute them over safe channels. I have been using truecrypt built from sources for a decade now, the only trouble it gives me is performance when dealing with legacy file systems such as NTFS. Please get your paranoia properly structured and oriented to the things that are well worth being paranoid about. *) denial of trust -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University. I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. On Thursday, May 29, 2014, carlo von lynX l...@time.to.get.psyced.org wrote: On Thu, May 29, 2014 at 09:10:08AM +0100, Security First wrote: While the jury is still out on how this TrueCrypt issue plays out. Hmmm.. What are the best alternatives to TrueCrypt for the people we work with and train? http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software dm-crypt/LUKS and freeOTFE do provide an alternative, but not exactly as easy to use. That page is missing an upcoming relevant player there.. Dyne's Tomb: http://www.dyne.org/software/tomb/ But for now it can only be used from command line. As jaromil suggests, there is no true cryptographic safety on Windows machines, so you might as well stop trying to do that on such a computer. Still, I don't get these periodic DoT*-attacks against Truecrypt. Last year there was this rumour going around about Truecrypt not having been properly audited, and then the code that turned out not having been audited for years was openssl. Now there is again fear of backdoors in downloadables from some well-intended website. But who thinks *he can download binaries via the web and expect them to be free of backdoors? The whole approach is broken. The web is not trustworthy. You need someone to get the source codes, look over it, make sure it is the correct one, generate binaries and distribute them over safe channels. I have been using truecrypt built from sources for a decade now, the only trouble it gives me is performance when dealing with legacy file systems such as NTFS. Please get your paranoia properly structured and oriented to the things that are well worth being paranoid about. *) denial of trust -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu javascript:;. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote: Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University. I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. You mean Heartbleed? Nothing in the whole industry is properly audited, some stuff is just sufficiently old. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
No I mean TrueCrypt Site is is truecryptauditedyet.com Heartbleed was a vuln found by researchers at Google (Heel Mehta), not the result of an audit. I assure you that there are significant software projects that go through intense auditing. Nothing is secure, but there are some things less secure than others. On 29 May 2014 22:37, carlo von lynX l...@time.to.get.psyced.org wrote: On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote: Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University. I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. You mean Heartbleed? Nothing in the whole industry is properly audited, some stuff is just sufficiently old. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
Sorry the link should be www.istruecryptauditedyet.com On 29 May 2014 22:37, carlo von lynX l...@time.to.get.psyced.org wrote: On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote: Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University. I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. You mean Heartbleed? Nothing in the whole industry is properly audited, some stuff is just sufficiently old. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] TrueCrypt Alternatives?
For those with imminent interest: http://rpmfusion.org/Package/realcrypt cheers /t -Original Message- From: liberationtech [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of carlo von lynX Sent: Thursday, May 29, 2014 2:37 PM To: liberationtech Subject: Re: [liberationtech] TrueCrypt Alternatives? On Thu, May 29, 2014 at 08:51:21PM +1000, Tom O wrote: Truecrypt has not properly been audited. The only audit to date is what has been organised by Matthew Green of Johns Hopkins University. I believe there is still more to go on this, but in light of recent events, one wonders of this is worth it. You mean Heartbleed? Nothing in the whole industry is properly audited, some stuff is just sufficiently old. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Thomas Piketty, Karl Marx and the Internet
Fuchs, Christian. 2014. Thomas Piketty’s Book “Capital in the Twenty-First Century”, Karl Marx and the Political Economy of the Internet. tripleC: Communication, Capitalism Critique 12 (1): 413-430. http://www.triple-c.at/index.php/tripleC/article/view/575 Abstract Thomas Piketty’s book Capital in the Twenty-First Century has resulted in a sustained political and academic debate about capitalism in the 21st century. This article discusses the relevance of the book in the context of Karl Marx’s works and the political economy of the Internet. It identifies 3 common reactions to Piketty’s book: 1) dignification; 2) denigration of the work’s integrity; 3) the denial of any parallel to Marx. I argue that all three reactions do not help the task of creating a New Left that is urgently needed in the situation of sustained capitalist crisis. Marxists will certainly view Piketty’s analysis of capitalism and political suggestions critically. I argue that they should however not dismiss them, but like Marx and Engels aim to radicalise reform suggestions. In relation to the Internet, this paper discusses especially how insights from Piketty’s book can inform the discussion of tax avoidance by transnational Internet companies such as Google, Facebook and Amazon. For establishing an alternative, non-commercial, non-capitalist Internet one can draw insights about institutional reforms and progressive capital taxation from Piketty that can be radicalised in order to ground radical-reformist Internet politics. “The daily struggle for reforms, for the amelioration of the condition of the workers within the framework of the existing social order, and for democratic institutions, offers to the social democracy the only means of engaging in the proletarian class war and working in the direction of the final goal-the conquest of political power and the suppression of wage labor. Between social reforms and revolution there exists for the social democracy an indissoluble tie. The struggle for reforms is its means; the social revolution, its aim” (Rosa Luxemburg 1899, 41). -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Would you like to help improve our beginner's guide to email encryption?
Hello everyone, On Thursday, June 5th, the FSF is planning to release a getting-started guide to GnuPG with Enigmail in Thunderbird-like email clients. We're looking for new and experienced GnuPG users to test out the guide and give us feedback, in the hopes of making a guide like no other. If you'd like to help, please email z...@fsf.org to let me know no later than this Tuesday, June 3rd. -- Zak Rogoff Campaigns Manager Free Software Foundation GPG ID: B5090AC8 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Here is a list of TrueCrypt compatible disk encryption tools
Here's a list of Truecrypt compatible file encryption software .. some compromises required, but maybe it will suffice for the time being http://www.hacker10.com/encryption-software-2/list-of-truecrypt-compatible-encryption-software/ -Nick -- Nicholas Merrill Executive Director The Calyx Institute 287 Spring Street New York, NY 10013 email: n...@calyx.com xmpp: n...@calyxinstitute.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.