Full Disclosure mailing list archives
Re: Full disk encryption for OS X alternative to TrueCrypt
From: "CIURANA EUGENE (pr3d4t0r - Full Disclosure)" <fulldisclosure () cime net>
Date: Thu, 29 May 2014 14:57:39 -0700
On 2014-05-29 14:46, Mike Cramer wrote:
You need to ask yourself
a question:
How well do you know coding and encryption handling to
ensure that your
software doesn't have unintentional back doors and/or
information
disclosure? This is a serious question because it requires
serious answers
when you're dealing with cryptography. The weakest
part of the security
system should not be the application. What
libraries would you use for encryption? If any? I assume you would
leverage AES. Would the library you choose to use support AES-NI? Would you
use the Intel CPU-based PRNG?
(http://en.wikipedia.org/wiki/RdRand)
I think it's reasonable to
assume that the "many eyes" approach to software
security doesn't
really work. So simply saying you'll release it as GPL I
don't think
should be considered "good enough" anymore when it comes to
encryption. The myriad of flaws in OpenSSL over the years both upstream and
in distributions should be a serious wake-up call on this one.
My recommendation would be to use FileVault/Bitlocker/OS
implementations
unless you can come up with a good reason why not to
do so. Mike, Well aware of the Intel PRNG issues and others (http://twitter.com/ciurana -- I covered them when they happened and continue to address them). Ditto on the encryption: I know it well enough to come up with an initial implementation, and be conscious of the limitations of my coding. Part of this plan consists on establishing an auditing process from the get go, not unlike OpenBSD's, where security is built into the process, not only into the code and reviewed as an after thought. I want to have more than one block encryption algorithm built into it, different digests, and so on. Libraries, features selection, etc. are still in a preliminary stage. First I want to gauge level of interest. Would you like to help? :) Cheers! pr3d _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt Mateusz Lenik (May 30)
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt Mike Cramer (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt James Lay (May 29)
- Re: Full disk encryption for OS X alternative to TrueCrypt Jeffrey Walton (May 30)
- Message not available
- Re: Full disk encryption for OS X alternative to TrueCrypt CIURANA EUGENE (pr3d4t0r - Full Disclosure) (May 29)