Full Disclosure mailing list archives
Re: Full disk encryption for OS X alternative to TrueCrypt
From: Mike Cramer <mike.cramer () outlook com>
Date: Thu, 29 May 2014 17:46:13 -0400
You need to ask yourself a question: How well do you know coding and encryption handling to ensure that your software doesn't have unintentional back doors and/or information disclosure? This is a serious question because it requires serious answers when you're dealing with cryptography. The weakest part of the security system should not be the application. What libraries would you use for encryption? If any? I assume you would leverage AES. Would the library you choose to use support AES-NI? Would you use the Intel CPU-based PRNG? (http://en.wikipedia.org/wiki/RdRand) I think it's reasonable to assume that the "many eyes" approach to software security doesn't really work. So simply saying you'll release it as GPL I don't think should be considered "good enough" anymore when it comes to encryption. The myriad of flaws in OpenSSL over the years both upstream and in distributions should be a serious wake-up call on this one. My recommendation would be to use FileVault/Bitlocker/OS implementations unless you can come up with a good reason why not to do so. -Mike -----Original Message----- From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf Of CIURANA EUGENE (pr3d4t0r - Full Disclosure) Sent: Thursday, May 29, 2014 17:18 To: fulldisclosure () seclists org Subject: [FD] Full disk encryption for OS X alternative to TrueCrypt Greetings. I'm a happy long-time user of TrueCrypt, and was as dismayed as anyone else to see the news. I'm considering starting a full disk image encryption alternative to TrueCrypt that will target OS X (maybe others too, but right now OS X is my priority). Asking here for interest in such an endeavor. My system still uses TrueCrypt 7.1a and I managed to rescue the binaries, but I suspect they may break Real Soon Now and, with nobody to maintain the code... well, OS X needs an alternative. And no, Apple's partition encryption isn't an option since it's suspect of having back doors. My intention is to release the code under an open source license (GPLv2 or Apache). Please let me know your thoughts. Working now on understanding how Fuse might play in this setup, or whether to write a low-level driver altogether and mount it via the kernel w/o Fuse. Cheers! pr3d -- _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt Mateusz Lenik (May 30)
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt Mike Cramer (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt James Lay (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt Jeffrey Walton (May 30)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)