[arch-general] truecrypt 1:7.1a-3 is broken now for five month

Levente Polyak anthraxx at archlinux.org
Sat May 7 11:29:23 UTC 2016

On 05/07/2016 01:08 PM, Abderrahman Najjar wrote:
> On Sat, May 7, 2016 at 10:58 AM, Carsten Mattner <carstenmattner at gmail.com>
> wrote:
>> tc-play
> ​Why not VeraCrypt?​

For cryptography its also about trust and TrueCrypt still has zero
problems that are related to its cryptographic security.

I don't say VeraCrypt is bad and don't want to judge about that at all
in this statement, but it also depends from whom you want to protect
your data and TrueCrypt has built up a very high trust level over a very
long time period. Especially because of the anonymity of the dev(s) it
was not able to think about upstream backdoor scenarios by blackmailing
them (which is not a too absurd if you look at the current political
discussions all over the world and 3-letter agencies going nuts).

TL;DR: It is still bad that it is broken... but I have already
investigated this issue some time ago as I wanted to help to fix this
(at the end I just forgot about it -.-). I'm volunteering to aid the
current maintainer and propose a simple fix around next week. I still
see enough value for TrueCrypt to keep it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160507/c84e260d/attachment-0001.asc>

More information about the arch-general mailing list