If there are alternatives, I would very much like to hear about them!īased on the other comments you've made in this thread, it seems like you wouldn't have recommended anyone to use Truecrypt even when talk of auditing it started.
#Truecrypt news software#
At least it was/is the only software that I know of which allows you to do that.
So if you don't want to use Windows 8, again, you are kind of screwed.
#Truecrypt news windows 7#
Plus, BitLocker is not available on Vista Business and Windows 7 Pro.
And frankly, I don't see Apple and Microsoft either supporting the TrueCrypt container format natively or getting together to define a new one. I think I remember reading about LUKS supporting TrueCrypt's container format - but that, of course, only works on Linux. It would be relly nice if there was some common container format you could mount natively on these operating systems without the need for 3rd party software. Maybe the number of people who need/want that is small compared to the number of people who want some form of whole disk encryption, but if you are one of those people, you are pretty much screwed without TrueCrypt. What guarantee is there any of the new developers are going to be as trustworthy as the original developers, or as skilled?Īlas, TrueCrypt was/is the only free solution that allows you to encrypt a USB flash drive (or create an encrytped container file on it) and thus exchange data between, a Mac, a Windows machine, and a Linux machine. All it told us was something every truecrypt user was assuming already, and it cost us all Truecrypt. Personally, though, I think this audit was a colossal waste of time and resources. It would have taken twice as long to get the audit funded, but maybe then the developer wouldn't have been hounded away. If it's worth spending a dollar to audit software, it's worth spending a dollar to keep that project alive and show the developer you care. I think one way would be to match every single audit donation with a donation to the upstream developers. How can we ensure security in open-source software without driving the developers away in the future? If you were the developer of a project that you knew was solid, and you knew had no backdoors, how would you feel about people essentially maligning you being able to generate more cash than you've ever seen for your side project? That'd make me want to quit too.Īt the end of the day, which is more preferable - a TrueCrypt that was never audited professionally, or a TrueCrypt with active developers? Funding this audit required ~$65k in donations, probably more than the Truecrypt project ever saw. The Truecrypt developers supposedly left because it wasn't interesting/fun for them anymore.
#Truecrypt news how to#
I think the interesting lesson from this is less about crypto, more about free-software projects and how to grow them.