Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Borked Pseudo Mailed
November 28, 2005, 1:13 am
rate this thread
Then maybe you're just objectivity impaired by your attachment to a piece
of software. Or maybe you're so jaded by bad experiences that you find the
commonplace noteworthy. Whatever the reason, you seem to feel that the
authors of TrueCrypt doing what everyone understands they had to do, is
something special. It's not. In fact there's some questions about how they
went about it that should be answered. Minor questions, but questions in
Re: Truecrypt 4.1
What the authors had to do? Are you stark barking (not borking) mad?
First of all, only a very small coterie of crypt aficionados is even
aware of the CBC versus LRW issue, and only a much smaller subset of them
truly understands the issues and intricacies (which, I might add, apply
only with regard to plausible deniability, not disclosure, and then only
under conditions of repeated observation that are either unlikely, or
that would result in other, much easier to perform, forms of compromise.
IOW, we are talking about a second-order subtlety and refinement.)
No wonder the authors did not move heaven and earth to start another
forum to discuss such arcana; the issue was eminently deferrable. As
corroboration of this point I invite you to name how many commercial
encryption products use LRW or which even discuss the issue.
No, the authors need have done nothing whatsoever; they could then, as
now, discontinue the project at a whim and be none the worse for it.
They have no obligation to anybody. They may continue with the project
if it pleases them to do so - or not, if it doesn't. They owe you, me,
and everyone else exactly nothing. To the contrary, we should be glad and
grateful for what has been graciously given so far, even if they shut up
And, if the authors continue to support and develop Truecrypt, we should
be doubly grateful - since they would be doing it despite the churlish
attitudes of those who attack them.
Now that doesn't mean that I consider Truecrypt to be above criticism -
far from it. But only constructive criticism - surely the authors have
earned that much! However, most (but not all) of the criticism directed
against them has been mere carping and whining, and can by no means be
construed as constructive.
One example of this petty whinging has been regarding the Truecrypt
forums being down. Well, Truecrypt 4.1 is now out and yet the forums
continue to be down. The site says "The forum is temporarily closed due
to maintenance." I choose to believe that statement rather than the
bullshit conspiracy theories about the forums having been taken offline
to "hide" the CBC versus LRW issue.
PS And I am heartened to note that the authors have, in fact, been
extremely responsive to constructive criticism - that we have an LRW
implementation just three weeks after the issue was first raised amply
attests to that!
- » Please review and comment the audit checklist for a firewall
- — Previous thread in » Computer Software Security