Twitter | Search | |
Matthew Green 23 Oct 13
I had forgotten this, but the data seized from 's partner David Miranda was encrypted w. Truecrypt.
Reply Retweet Like
Andreas Lindh 23 Oct 13
Wouldn't have mattered if it was quantum crypto, password on paper defeats anything.
Reply Retweet Like
Glenn Greenwald 23 Oct 13
HE HAD NO PASSWORD THAT ALLOWED ACCESS TO THOSE DOCS
Reply Retweet Like
Matthew Green
Could I make a suggestion? Please take this as helpful advice, not criticism: STOP USING TRUECRYPT for the time being.
Reply Retweet Like More
رائد Raed667 23 Oct 13
so you are telling me that TrueCrypt could be compromised ?
Reply Retweet Like
Glenn Greenwald 23 Oct 13
I've seen what you've written about on that lately. Do you have superior alternatives?
Reply Retweet Like
Matthew Green 23 Oct 13
Use GnuPG or OpenSSL on the command line. Yes it sucks. But the provenance is more trustworthy. I can send a HOWTO.
Reply Retweet Like
Jurre van Bergen 23 Oct 13
Reply Retweet Like
Glenn Greenwald 23 Oct 13
That'd be great, thanks - I've done some of that on command lines - it is horrible, but if it's necessary, then I will
Reply Retweet Like
Matthew Green 23 Oct 13
If you're on the fence, spend a few minutes (of your no doubt copious free time) researching the Truecrypt Foundation.
Reply Retweet Like
Matthew Green 23 Oct 13
I'm saying that trusting an uncertified Windows binary from a mysterious anonymous organization isn't good practice.
Reply Retweet Like
Patrick R McDonald 23 Oct 13
I would be interested in seeing the HOWTO and if possibile providing it others in need.
Reply Retweet Like
Zachary N J Peterson 23 Oct 13
gnupg and OpenSSL arent FDE solutions, complicating data management. But do make AuthEnc and PK enc possible.
Reply Retweet Like
Tony Sharp 23 Oct 13
Trusting Windows with encryption isn't good practice either. Microsoft has been cooperative with NSA.
Reply Retweet Like
Martijn Meijering 23 Oct 13
if he haddone that, miranda would be I jail right now, or he would have had to reveal his password.
Reply Retweet Like
Cⓐthal Gⓐrvey 23 Oct 13
Why hasn't anyone created a truecrypt clone using GnuPG yet, I wonder?
Reply Retweet Like
Paulo Barreto 23 Oct 13
Curious... the FBI allegedly was unable to break Truecrypt in the Daniel Dantas case
Reply Retweet Like
Paulo Barreto 23 Oct 13
Disclaimer: I do think indep verification of Truecrypt is necessary. That case is just peculiar, in many ways.
Reply Retweet Like
Matthew Green 23 Oct 13
I don't want to subscribe to conspiracy theories. For all I know it's fine. But if there's a back door, it's a valuable one.
Reply Retweet Like
Matthew Green 23 Oct 13
So let's forget about Truecrypt. Let's say it's 2000-something and the Crypto wars have just been 'lost' in the United States.
Reply Retweet Like