Jump to content



Photo
drive encryption

66 replies to this topic

#61 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 02 June 2014 - 11:46

Also your your hypotetichal situation has some huge flaws, namely the conclusion and that somehow the reviewers can't see what the "variable" does. Heck a key alone can't do anything so your whole theory is a dead end.


#62 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Fedora 20
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 12:12

The difference is that no one cares if people stop using truecrypt. If all the governments and enterprises stop using MS it affects millions of people and the company goes under along with everyone who works there and the shareholders.

If truecrypt stops being used... Well a few unknown people get todo something else in their spare time.

And you can actually find out who works on the code at MS, the names of the people wasn't the point anyway., which you know very well.

It doesn't matter if anyone cares if people stop using TrueCrypt. People will still stop using it.

Is there a log of changes to the code, with reasons for commits, and user labels? Can we know if any one coder/contributor in MS is credible (from a security stand point, not a quality stand point)?



#63 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Fedora 20
  • Phone: Lumia 928 WP8.1U1 Black

Posted 02 June 2014 - 12:19

Also your your hypotetichal situation has some huge flaws, namely the conclusion and that somehow the reviewers can't see what the "variable" does. Heck a key alone can't do anything so your whole theory is a dead end.

It doesn't matter if the backdoor details are feasible, what matters is that there is a backdoor that the reviewers find.

The 'variable' that you're talking about: if the reviewers find a reference to this key in the registry of the operating system, they won't have the original source code, only symbols for the key, so they wouldn't be able to clearly identify what the key was used for without asking for the original source code or asking the developer what the key does, and you said it yourself, Microsoft would not want to jeopardize the perception of its OS, which would make it lose tons of money, so they will do anything to make Windows seem secure, whether its by hiding things or by making it actually secure.

 

You're saying that Windows is more secure because it gets people to audit it while open source software can be less secure since people audit it themselves. Professional audits can still be done on open source software, by the same (or more extensive) process Windows would, and these audits are being done on heavily used open source software.

 

Would you rather have a government that discloses what laws it passes or a government that is closed, where no one outside of the government knows what is being done?

Yes, you can infer what laws are being passed from what happens in the country, but nothing beats having full transparent access available to the public.

 

And why are ingredients listed on food? So people can view them, and see if they are safe for them. Would you trust a blob of food with no ingredients listed? Would you eat it?



#64 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 02 June 2014 - 19:48

It doesn't matter if anyone cares if people stop using TrueCrypt. People will still stop using it.

Is there a log of changes to the code, with reasons for commits, and user labels? Can we know if any one coder/contributor in MS is credible (from a security stand point, not a quality stand point)?

'

Exactly it doesn't matter if people stop using truecrypt. it matters a LOT of people stop using MS products. 


 

The 'variable' that you're talking about: if the reviewers find a reference to this key in the registry of the operating system, they won't have the original source code, only symbols for the key, so they wouldn't be able to clearly identify what the key was used for without asking for the original source code or asking the developer what the key does

 

Of course they wouldn't it's in the sourcecode, if it's not in the sourcecode... if it's not there and doesn't do anything. 



#65 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Fedora 20
  • Phone: Lumia 928 WP8.1U1 Black

Posted 03 June 2014 - 04:53

Exactly it doesn't matter if people stop using truecrypt. it matters a LOT of people stop using MS products. 

 

Who cares what happens to the developers? People can and will stop using the software if a backdoor is found, just like they would stop using MS products.

Of course they wouldn't it's in the sourcecode, if it's not in the sourcecode... if it's not there and doesn't do anything. 

I never said it wasn't in the source code, I'm not sure what you're saying, but I'll take a guess: the key stored in the registry will not have the same name or label as a decompiled source code.



#66 Saley

Saley

    Resident One Post Wonder

  • Joined: 13-August 14

Posted 13 August 2014 - 12:57

Dear frieds,

I tryed to use Truecrypt, but it doesn't allow me to create a volume.

I found a good alternative for Windows: Rohos Mini drive application. It is freeware, can encrypt up to 8 GB of personal information. Works with USB drives, but, sure, you will find a way to create an encrypted volume on your hard drive as well.

Find it on http://rohos.com



#67 tim_s

tim_s

    Default

  • Joined: 07-January 13
  • OS: OSX (Macbook Pro i7), Windows 7 (Gaming), Gentoo
  • Phone: iPhone 5s

Posted 31 August 2014 - 16:37

*jumping into the conversation - interested in the topic.*