Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Re: Truecrypt 4.1 (http://www.velocityreviews.com/forums/t307306-re-truecrypt-4-1-a.html)

Borked Pseudo Mailed 11-28-2005 01:13 AM

Re: Truecrypt 4.1
 
nemo_outis wrote:

> Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in
> news:8636b28f192e1d4620f8898dcda5e615@pseudo.borke d.net:
>
>
>
> Utopian? Me? Believe me, I'm no dewy-eyed ingenu; I am as worldly-wise
> and cynical as they come.


Then maybe you're just objectivity impaired by your attachment to a piece
of software. Or maybe you're so jaded by bad experiences that you find the
commonplace noteworthy. Whatever the reason, you seem to feel that the
authors of TrueCrypt doing what everyone understands they had to do, is
something special. It's not. In fact there's some questions about how they
went about it that should be answered. Minor questions, but questions in
any case.


nemo_outis 11-28-2005 02:39 AM

Re: Truecrypt 4.1
 
Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in
news:cc9290b0f4ff404594315263b06887d0@pseudo.borke d.net:

> nemo_outis wrote:
>
>> Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in
>> news:8636b28f192e1d4620f8898dcda5e615@pseudo.borke d.net:
>>
>>
>>
>> Utopian? Me? Believe me, I'm no dewy-eyed ingenu; I am as
>> worldly-wise and cynical as they come.

>
> Then maybe you're just objectivity impaired by your attachment to a
> piece of software. Or maybe you're so jaded by bad experiences that
> you find the commonplace noteworthy. Whatever the reason, you seem to
> feel that the authors of TrueCrypt doing what everyone understands
> they had to do, is something special. It's not. In fact there's some
> questions about how they went about it that should be answered. Minor
> questions, but questions in any case.




What the authors had to do? Are you stark barking (not borking) mad?

First of all, only a very small coterie of crypt aficionados is even
aware of the CBC versus LRW issue, and only a much smaller subset of them
truly understands the issues and intricacies (which, I might add, apply
only with regard to plausible deniability, not disclosure, and then only
under conditions of repeated observation that are either unlikely, or
that would result in other, much easier to perform, forms of compromise.
IOW, we are talking about a second-order subtlety and refinement.)

No wonder the authors did not move heaven and earth to start another
forum to discuss such arcana; the issue was eminently deferrable. As
corroboration of this point I invite you to name how many commercial
encryption products use LRW or which even discuss the issue.

No, the authors need have done nothing whatsoever; they could then, as
now, discontinue the project at a whim and be none the worse for it.
They have no obligation to anybody. They may continue with the project
if it pleases them to do so - or not, if it doesn't. They owe you, me,
and everyone else exactly nothing. To the contrary, we should be glad and
grateful for what has been graciously given so far, even if they shut up
shop tomorrow.

And, if the authors continue to support and develop Truecrypt, we should
be doubly grateful - since they would be doing it despite the churlish
attitudes of those who attack them.

Now that doesn't mean that I consider Truecrypt to be above criticism -
far from it. But only constructive criticism - surely the authors have
earned that much! However, most (but not all) of the criticism directed
against them has been mere carping and whining, and can by no means be
construed as constructive.

One example of this petty whinging has been regarding the Truecrypt
forums being down. Well, Truecrypt 4.1 is now out and yet the forums
continue to be down. The site says "The forum is temporarily closed due
to maintenance." I choose to believe that statement rather than the
bullshit conspiracy theories about the forums having been taken offline
to "hide" the CBC versus LRW issue.

Regards,

PS And I am heartened to note that the authors have, in fact, been
extremely responsive to constructive criticism - that we have an LRW
implementation just three weeks after the issue was first raised amply
attests to that!



All times are GMT. The time now is 08:00 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.