Twitter | Search | |
Matthew Green 23 Oct 13
I had forgotten this, but the data seized from 's partner David Miranda was encrypted w. Truecrypt.
Reply Retweet Favorite
Andreas Lindh 23 Oct 13
Wouldn't have mattered if it was quantum crypto, password on paper defeats anything.
Reply Retweet Favorite
Glenn Greenwald 23 Oct 13
HE HAD NO PASSWORD THAT ALLOWED ACCESS TO THOSE DOCS
Reply Retweet Favorite
Matthew Green
Could I make a suggestion? Please take this as helpful advice, not criticism: STOP USING TRUECRYPT for the time being.
Reply Retweet Favorite More
Raed667 23 Oct 13
so you are telling me that TrueCrypt could be compromised ?
Reply Retweet Favorite
Glenn Greenwald 23 Oct 13
I've seen what you've written about on that lately. Do you have superior alternatives?
Reply Retweet Favorite
Matthew Green 23 Oct 13
Use GnuPG or OpenSSL on the command line. Yes it sucks. But the provenance is more trustworthy. I can send a HOWTO.
Reply Retweet Favorite
Jurre van Bergen 23 Oct 13
Reply Retweet Favorite
Glenn Greenwald 23 Oct 13
That'd be great, thanks - I've done some of that on command lines - it is horrible, but if it's necessary, then I will
Reply Retweet Favorite
Matthew Green 23 Oct 13
If you're on the fence, spend a few minutes (of your no doubt copious free time) researching the Truecrypt Foundation.
Reply Retweet Favorite
Matthew Green 23 Oct 13
I'm saying that trusting an uncertified Windows binary from a mysterious anonymous organization isn't good practice.
Reply Retweet Favorite
Patrick R McDonald 23 Oct 13
I would be interested in seeing the HOWTO and if possibile providing it others in need.
Reply Retweet Favorite
Zachary N J Peterson 23 Oct 13
gnupg and OpenSSL arent FDE solutions, complicating data management. But do make AuthEnc and PK enc possible.
Reply Retweet Favorite
Tony Sharp 23 Oct 13
Trusting Windows with encryption isn't good practice either. Microsoft has been cooperative with NSA.
Reply Retweet Favorite
Martijn Meijering 23 Oct 13
if he haddone that, miranda would be I jail right now, or he would have had to reveal his password.
Reply Retweet Favorite
Cathal Garvey 23 Oct 13
Why hasn't anyone created a truecrypt clone using GnuPG yet, I wonder?
Reply Retweet Favorite
Paulo Barreto 23 Oct 13
Curious... the FBI allegedly was unable to break Truecrypt in the Daniel Dantas case
Reply Retweet Favorite
Paulo Barreto 23 Oct 13
Disclaimer: I do think indep verification of Truecrypt is necessary. That case is just peculiar, in many ways.
Reply Retweet Favorite
Matthew Green 23 Oct 13
I don't want to subscribe to conspiracy theories. For all I know it's fine. But if there's a back door, it's a valuable one.
Reply Retweet Favorite
Matthew Green 23 Oct 13
So let's forget about Truecrypt. Let's say it's 2000-something and the Crypto wars have just been 'lost' in the United States.
Reply Retweet Favorite