[dm-crypt] Truecrypt audit
arno at wagner.name
Sat May 17 13:42:01 CEST 2014
On Sat, May 17, 2014 at 09:08:06 CEST, Heinz Diehl wrote:
> On 16.05.2014, Arno Wagner wrote:
> > I just want to warn everybody not to place too great stock
> > into these results. I have participated in similar, non-public
> > analyses and they can only ever go so deep. Cleverly hidden or
> > disguised backdoors may easily be overlooked...
> I agree.
> I posted the article because of TC's widespread use, and I'm not aware
> of any comprehensive review/audit of its source (I'm not using TC
Posting it is fine. It does contain valuable information.
For example, I think from the report one can deduce that
TrueCrypt is not very likely to have low-value vulnerabilities,
hence, for example, ordinary law-enforcement and ordinary
criminals will likely not get in and more widely available
forensics tools will likely also not work.
I just wanted to give context which may be non-obvious to
people that have not done something like this themselves.
And yes, I am using TC, but not for secret things. "Business
Confidential" is the highest level I am willing to trust it
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt