Twitter | Search | |
Matthew Green 23 Oct 13
I had forgotten this, but the data seized from 's partner David Miranda was encrypted w. Truecrypt.
Reply Retweet Like
Andreas Lindh 🐊 23 Oct 13
Wouldn't have mattered if it was quantum crypto, password on paper defeats anything.
Reply Retweet Like
Glenn Greenwald 23 Oct 13
HE HAD NO PASSWORD THAT ALLOWED ACCESS TO THOSE DOCS
Reply Retweet Like
Matthew Green
Could I make a suggestion? Please take this as helpful advice, not criticism: STOP USING TRUECRYPT for the time being.
Reply Retweet Like More
🎃 Read the docs 🎃 23 Oct 13
so you are telling me that TrueCrypt could be compromised ?
Reply Retweet Like
Glenn Greenwald 23 Oct 13
Replying to @matthew_d_green
I've seen what you've written about on that lately. Do you have superior alternatives?
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @ggreenwald
Use GnuPG or OpenSSL on the command line. Yes it sucks. But the provenance is more trustworthy. I can send a HOWTO.
Reply Retweet Like
Glenn Greenwald 23 Oct 13
Replying to @matthew_d_green
That'd be great, thanks - I've done some of that on command lines - it is horrible, but if it's necessary, then I will
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @ggreenwald
If you're on the fence, spend a few minutes (of your no doubt copious free time) researching the Truecrypt Foundation.
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @Raed667 @ggreenwald
I'm saying that trusting an uncertified Windows binary from a mysterious anonymous organization isn't good practice.
Reply Retweet Like
Zachary N J Peterson 23 Oct 13
gnupg and OpenSSL arent FDE solutions, complicating data management. But do make AuthEnc and PK enc possible.
Reply Retweet Like
Tony Sharp 23 Oct 13
Trusting Windows with encryption isn't good practice either. Microsoft has been cooperative with NSA.
Reply Retweet Like
Martijn Meijering 23 Oct 13
if he haddone that, miranda would be I jail right now, or he would have had to reveal his password.
Reply Retweet Like
Paulo Barreto 23 Oct 13
Curious... the FBI allegedly was unable to break Truecrypt in the Daniel Dantas case
Reply Retweet Like
Paulo Barreto 23 Oct 13
Disclaimer: I do think indep verification of Truecrypt is necessary. That case is just peculiar, in many ways.
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @pbarreto
I don't want to subscribe to conspiracy theories. For all I know it's fine. But if there's a back door, it's a valuable one.
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @pbarreto
So let's forget about Truecrypt. Let's say it's 2000-something and the Crypto wars have just been 'lost' in the United States.
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @pbarreto
The NSA/FBI/whoever knows that free email encryption exists, but all WDE packages are commercial only. And expensive!
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @pbarreto
So they launch a project -- call it FreeDisk. They devote some modest resources to it, develop some very decent GUI software.
Reply Retweet Like
Matthew Green 23 Oct 13
Replying to @pbarreto
Knowing full well that nobody will be able to compete with something cross platform and easy to use. So far the project is honest.
Reply Retweet Like