Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] The opinions of Truecrypt



Don't get me wrong, I love truecrypt.  But their documentation is ... well
... sort of crazy.  This is the toned down version of saying "they're
totalitarian extremist and elitist, to the point of being coercive and
misleading to innocent civilians in order to drive some sort of self-serving
agenda."

 

Here's an example:

http://www.truecrypt.org/faq

In the FAQ, there's the section about TPM.  They say "The only thing that
TPM is almost guaranteed to provide is a false sense of security (even the
name itself, "Trusted Platform Module", is misleading and creates a false
sense of security). As for real security, TPM is actually redundant (and
implementing redundant features is usually a way to create so-called
bloatware). Features like this are sometimes referred to as security
theater"

 

If you read the rest of that FAQ about the TPM, they mostly rant, in almost
incoherent logic, about how TPM's can be attacked, and to back up these
opinions, they cite examples of attacks that would work even on truecrypt
without using the TPM.  Which is just ... plain ... crazy.

 

I could write about how the TPM works, and what the actual
strengths/weaknesses are of this versus other implementations, but... It's
really not needed, as long as the readers know they should take the
truecrypt documentation with a spoonful of salt.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org