Re: Truecrypt 4.1

Discussion in 'Computer Security' started by Borked Pseudo Mailed, Nov 28, 2005.

  1. nemo_outis wrote:

    > Borked Pseudo Mailed <> wrote in
    > news::
    >
    >> nemo_outis wrote:
    >>
    >>> Borked Pseudo Mailed <> wrote in
    >>> news::
    >>>
    >>>
    >>>
    >>> Utopian? Me? Believe me, I'm no dewy-eyed ingenu; I am as worldly-wise
    >>> and cynical as they come.

    >>
    >> Then maybe you're just objectivity impaired by your attachment to a
    >> piece of software. Or maybe you're so jaded by bad experiences that you
    >> find the commonplace noteworthy. Whatever the reason, you seem to feel
    >> that the authors of TrueCrypt doing what everyone understands they had
    >> to do, is something special. It's not. In fact there's some questions
    >> about how they went about it that should be answered. Minor questions,
    >> but questions in any case.

    >
    >
    >
    > What the authors had to do? Are you stark barking (not borking) mad?
    >
    > First of all, only a very small coterie of crypt aficionados is even aware
    > of the CBC versus LRW issue, and only a much smaller subset of them truly


    So what? It's not necessary to understand the physics of combustion to
    know your car won't run.

    Red herring noted.

    > understands the issues and intricacies (which, I might add, apply only
    > with regard to plausible deniability, not disclosure, and then only under
    > conditions of repeated observation that are either unlikely, or that would
    > result in other, much easier to perform, forms of compromise. IOW, we are
    > talking about a second-order subtlety and refinement.)
    >
    > No wonder the authors did not move heaven and earth to start another forum


    Oh the DRAMA!

    > to discuss such arcana; the issue was eminently deferrable. As
    > corroboration of this point I invite you to name how many commercial
    > encryption products use LRW or which even discuss the issue.
    >
    > No, the authors need have done nothing whatsoever; they could then, as
    > now, discontinue the project at a whim and be none the worse for it. They


    What sort of tap dance are you doing here nemo? Isn't discontinuing
    development "doing something"? If it's done as a result of some flaw that
    for whatever reason isn't fixed, why would they do this rather than simply
    continue producing the same buggy software?

    Concentrate real hard. No time limit.

    > have no obligation to anybody. They may continue with the project if it
    > pleases them to do so - or not, if it doesn't. They owe you, me, and
    > everyone else exactly nothing. To the contrary, we should be glad and


    They owe people exactly what they say they'll provide.

    > grateful for what has been graciously given so far, even if they shut up
    > shop tomorrow.
    >
    > And, if the authors continue to support and develop Truecrypt, we should
    > be doubly grateful - since they would be doing it despite the churlish
    > attitudes of those who attack them.


    I'm not attacking them, I'm attacking you and your silly infatuation with
    trying to pump up a normal response to a problem as some sort of special
    case. MOST security software developers respond to problems. Some do it
    faster, some slower. Usually it varies from case to case.

    Personally I like TrueCrypt. I think it's a fine piece of software and
    it's authors top notch. I'm just not in love with them the way you seem to
    be. It's just another piece of software nemo, not your puppy.

    >
    > Now that doesn't mean that I consider Truecrypt to be above criticism -
    > far from it. But only constructive criticism - surely the authors have
    > earned that much! However, most (but not all) of the criticism directed
    > against them has been mere carping and whining, and can by no means be
    > construed as constructive.
    >
    > One example of this petty whinging has been regarding the Truecrypt
    > forums being down. Well, Truecrypt 4.1 is now out and yet the forums


    I think an explanation is in order, even if it's a line or two saying
    "technical difficulties" or whatever. It does look "odd", and its in their
    interest to at least attempt to address the questions.

    > continue to be down. The site says "The forum is temporarily closed due
    > to maintenance." I choose to believe that statement rather than the
    > bullshit conspiracy theories about the forums having been taken offline
    > to "hide" the CBC versus LRW issue.
    >
    > Regards,
    >
    > PS And I am heartened to note that the authors have, in fact, been
    > extremely responsive to constructive criticism - that we have an LRW
    > implementation just three weeks after the issue was first raised amply
    > attests to that!


    Three weeks? I'd call that an average response time. Maybe a little on the
    slow side in fact, but not so much co that it's notable. OTOH, I
    distinctly remember years ago downloading a version of PGP that had a
    moderately bothersome bug in it and seeing it patched and replaced within
    48 hours. And yes, I realize that different problem require different
    solutions.
    Borked Pseudo Mailed, Nov 28, 2005
    #1
    1. Advertising

  2. Borked Pseudo Mailed

    nemo_outis Guest

    Borked Pseudo Mailed <> wrote in
    news::

    ....
    >> What the authors had to do? Are you stark barking (not borking) mad?
    >>
    >> First of all, only a very small coterie of crypt aficionados is even
    >> aware of the CBC versus LRW issue, and only a much smaller subset of
    >> them truly

    >
    > So what? It's not necessary to understand the physics of combustion to
    > know your car won't run.




    How adroitly you miss the point! "Car won't run," you say? What an apt
    analogy - I guess Truecrypt must have seized up solid. No, m'boy, in the
    red herring department, I have nothing on you.

    Lackadaisical me, I didn't notice that Truecrypt had ceased to run.
    Somehow or other I didn't pick up on its sudden loss of functionality.
    Moreover, it somehow escaped me that Truecrypt had been outclassed by all
    the other encryption programs, commercial and non-commercial, which had
    already switched to LRW.

    No, regarding LRW, hardly anyone knows about the issue and even fewer
    care. It is a minor and subtle aspect which only bears on plausible
    deniability and then only under rather contrived conditions. The impact
    of LRW's presence or absence on the number of users of the program would
    be vanishingly small in any case. Moreover, Truecrypt, even without LRW,
    already outclassed anything else out there.

    ....
    >> No, the authors need have done nothing whatsoever; they could then,
    >> as now, discontinue the project at a whim and be none the worse for
    >> it. They

    >
    > What sort of tap dance are you doing here nemo? Isn't discontinuing
    > development "doing something"? If it's done as a result of some flaw
    > that for whatever reason isn't fixed, why would they do this rather
    > than simply continue producing the same buggy software?



    You contend they fixed a flaw; a more accurate characterization would be
    that they added an enhancement and did so in advance of most similar
    programs, commercial and non-commercial, virtually all of which still use
    CBC.

    The clamouring of the public for LRW and the desperate need to implement
    it immediately can be assessed by noting how sales of programs like
    Bestcrypt and Drivecrypt have plummeted for lack of it. NOT!

    No, awareness of LRW, caring about it, and requesting, let alone
    requiring, its implementation is limited to so few people that they would
    not be crowded in a broom closet. It is a testament to the
    responsiveness of the Truecrypt team that they nonetheless implemented
    this feature, did so quickly, and continue in the technical vanguard of
    encryption programs.


    >> have no obligation to anybody. They may continue with the project if
    >> it pleases them to do so - or not, if it doesn't. They owe you, me,
    >> and everyone else exactly nothing. To the contrary, we should be glad
    >> and

    >
    > They owe people exactly what they say they'll provide.



    No, a gratutitous promise is unenforceable. Is there any other self-
    serving nonsense you would like to spout? Perhaps you'd like me to
    acquaint you with the law regarding when "promissory estoppel" applies
    and then beat you over the head with it?



    >> grateful for what has been graciously given so far, even if they shut
    >> up shop tomorrow.
    >>
    >> And, if the authors continue to support and develop Truecrypt, we
    >> should be doubly grateful - since they would be doing it despite the
    >> churlish attitudes of those who attack them.

    >
    > I'm not attacking them, I'm attacking you and your silly infatuation
    > with trying to pump up a normal response to a problem as some sort of
    > special case. MOST security software developers respond to problems.
    > Some do it faster, some slower. Usually it varies from case to case.
    >
    > Personally I like TrueCrypt. I think it's a fine piece of software and
    > it's authors top notch. I'm just not in love with them the way you
    > seem to be. It's just another piece of software nemo, not your puppy.



    In love with the authors of Truecrypt? Not I! However, unlike you, I do
    give credit where credit is due.


    ....
    >> One example of this petty whinging has been regarding the Truecrypt
    >> forums being down. Well, Truecrypt 4.1 is now out and yet the forums

    >
    > I think an explanation is in order, even if it's a line or two saying
    > "technical difficulties" or whatever. It does look "odd", and its in
    > their interest to at least attempt to address the questions.



    Are you incapable of reading? I have already posted that the Truecrypt
    forum prominently displays "The forum is temporarily closed due to
    maintenance." What part of that do you fail to grasp? Perhaps they
    should have put up a new forum where you can lament the unavailability of
    the first forum?


    >> PS And I am heartened to note that the authors have, in fact, been
    >> extremely responsive to constructive criticism - that we have an LRW
    >> implementation just three weeks after the issue was first raised
    >> amply attests to that!

    >
    > Three weeks? I'd call that an average response time. Maybe a little on
    > the slow side in fact, but not so much co that it's notable. OTOH, I
    > distinctly remember years ago downloading a version of PGP that had a
    > moderately bothersome bug in it and seeing it patched and replaced
    > within 48 hours. And yes, I realize that different problem require
    > different solutions.



    You can call it whatever you will. The Truecrypt team is too slow for
    you? Well, why don't you demand a refund of all the hard-earned dollars
    you spent for it?

    But, as I said before, I'm eager to be corrected and learn. So, please,
    embarrass me by citing all the encryption programs that have beaten
    Truecrypt to the draw and implemented LRW ahead of it!

    Regards,
    nemo_outis, Nov 28, 2005
    #2
    1. Advertising

  3. Borked Pseudo Mailed

    Jeremy Guest

    "Borked Pseudo Mailed" <> wrote in message

    >
    > They owe people exactly what they say they'll provide.
    >


    Agreed. Read their Terms and then come back and tell us if they violated
    them.
    Jeremy, Nov 28, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nemo outis

    Truecrypt 3.0 has been released

    nemo outis, Dec 10, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    593
    Anonymous
    Dec 11, 2004
  2. Ari Silversteinn

    Re: Truecrypt 4 Released!

    Ari Silversteinn, Nov 2, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    542
    traveler
    Nov 2, 2005
  3. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 26, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    461
    nemo_outis
    Nov 26, 2005
  4. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 27, 2005, in forum: Computer Security
    Replies:
    8
    Views:
    716
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
  5. Borked Pseudo Mailed

    Re: Truecrypt 4.1

    Borked Pseudo Mailed, Nov 27, 2005, in forum: Computer Security
    Replies:
    11
    Views:
    1,262
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
Loading...

Share This Page