[dm-crypt] truecrypt - what's the real story behind it?

Sven Eschenberg sven at whgl.uni-frankfurt.de
Mon Feb 9 17:12:47 CET 2015


On Sun, February 8, 2015 11:03, Milan Broz wrote:
> On 02/08/2015 10:45 AM, U.Mutlu wrote:
>> Hi,
>> the cryptsetup tool supports besides plain and luks, also loopaes and
>> truecrypt.
>> I now compiled truecrypt-7.1a, and it looks not bad.
>
> Please see the https://ciphershed.org project which tries to continue with
> development.
>
>> I wonder why some people say truecrypt is no more secure.
>> Which part or method of truecrypt is allegedly broken? Can't be fixed?
>
> There is no publicly known serious problem there. But there are license
> and other
> non-technical problems. You will get more info on devel list of project
> above.

AFAIK the preset for number of rounds (iterations) in key derivation is
rather low with truecrypt. A good key and/or keyfile with entropy should
fix that though.

>
>> And: is full truecrypt functionality integrated in cryptsetup tool? I
>> mean the
>> create-options below.
>
> There is full support for mapping existing containers (with some
> exceptions,
> see man page).
>
> There is intentionally no new container creation support in cryptsetup and
> I am not planning to add it.
> We will better invest time to improving LUKS.

I agree, sooner or later we will have LUKSv2 ;-).

>
> You can use tcplay or older version of truecrypt for that (or ciphershed
> when
> released).
>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

-Sven




More information about the dm-crypt mailing list