Project Zebra: slide! ►

◄ Project Zebra: stick that in yr pipe

2017-02-16 📌 A quick note on TrueCrypt

Tags 🏷 All 🏷 Personal 🏷 Tech

Given that I work in an audit/fraud/IT role I'm naturally a bit suspicious about incoming email scams, so having received this earlier my first thoughts weren't hugely charitable:

It's a pleasant surprise to discover that the article is balanced and worth checking out on the subject, rather than adfarm clickbait, and seems to be a decent tech journalism site in general.

The point about security flaws in TrueCrypt is small-c conservative, though. For another take you may want to read and/or download from Steve Gibson, who's always been a Marmite-like character but I'd be inclined to trust:

And if you're looking for an alternative, I've tried VeraCrypt on Windows and Linux and apart from window layout messing up a bit under the window manager settings I use in Xfce it's a decent continuation. For system drives I'd be inclined to use Bitlocker under Windows (although you can assume that details of any Microsoft accounts are wide open to law enforcement or anyone else that asks nicely, and that Windows itself is about as secure) or a dm-crypt based solution under Linux.

Also consider the relative sensitivity of the information most people are likely to be handling, and other ways it could be obtained. If someone wants your data enough they'll just use violence or a hardware keylogger. For securing stuff against the eventuality that drives or devices are stolen, the important things are to encrypt and to remember that strong encryption is worthless if a password isn't good enough and isn't only in your head or physically secure.

As far as that 2009 blog post goes, these days the project is mature and I rather like for finding software.

💬 Comments are off, but you can use the mail form to contact or see the about page for social media links.