Who else still uses this? I don't trust the NSA approved fork (Veracrypt) as far as i can throw it

are either open sourcE?

LUKS
U
K
S

Did you even read the thread?

Didn't the original veracrypt devs end up dropping it? I think its still updated but who knows the credibility of the developer's? I don't believe the updates are independently audited either so they could add a backdoor at any time

# cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \
>--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY

Who cares. Use LUKS.

'cmon, as far as NSA or other such entities are concerned, surely Windows itself is worse than Veracrypt. And once your OS is compromised the encryption software's protection isn't shit.

They could store or send the keys to everything somewhere the first time you use the encryption software, and you'd probably never know. Might just look like it's part of Windows Update doing its thing or whatever.

Where's the FOSS alternative? The one that's not approved by the biggest security threat to us all?

LUKS is a good guess.

Nigger, Truecrypt and Veracrypt are FOSS.

That's why people don't use luks. All this command line shit is overly complicated

The Ubuntu installer uses LUKS. Also, the command can be reduced to: cryptsetup luksFormat /dev/sdX

>The security audit
The audit also confirmed that TC 7.1a is an impregnable fortress. The bugs are unrelated to security. It was all over the news, if you missed that then you've been living without internet for the past 4 years.
VC is a fork of pre-NSA TC yeah but being an updated fork, as we've seen from OpenSSL before, doesn't necessarily mean it's more secure.

>what is heartbleed

> people don't use luks
Wrong. People (and companies) do use LUKS, even if maybe you don't.

>All this command line shit is overly complicated
This is trivially easy.

I don't think I'd compliment anyone above maybe 8 years of age for being able to do this.

Just use LUKS.

Read this

grc.com/misc/truecrypt/truecrypt.htm

It was more than just the security audit though.
If that was all, then the devs would have continued to work on and patch truecrypt.
The fact that they just dropped it cold suggests that something else was afoot.

(cont'd)
PS: The command the other user used is LITERALLY just what he wants to use plus -v for verbose.

It's not complex in the least... beyond understanding the most superficial bits about what ciphers and hashes you use.

Definitely, I wouldn't be surprised if they were actually related to Snowden somehow, if it weren't for him then TC could never get all the attention it received and all the audits as well.

I won't trust any forks not only because they weren't given the same amount of exposition and interest, but also because I cannot exclude that some ill-intended contributor put their hands on the code. What I was hinting at when I mentioned OpenSSL was the fact that the guy who sent the pull request that opened the heartbleed exploit in OpenSSL was suspected of being related to government.

Read

It could also be that they got tapped on the shoulder by some agency and were forced to abandon it.

tl;dr

How credible is that really?
That reads like some rando whiteknighting for the Truecrypt devs.

These gaping hole are not patched in truecrypt 7.1. Veracrypt has them patched. You are using vulnerable software if you use truecrypt
CVE-2015-7358
CVE-2015-7359
thehackernews.com/2015/09/truecrypt-encryption-software.html

But that's wrong

>Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation allows malware installation on the victim’s machine, which would be enough to figure out TrueCrypt’s Decryption Key and other sensitive data.
Keyloggers and RAM dumpers can steal your keys. What a fucking surprise.

Fuck off, NSA shill.

But it's not.
You are.
nvd.nist.gov/vuln/detail/CVE-2015-7358
nvd.nist.gov/vuln/detail/CVE-2015-7359

Are you retarded or just a paid shill? You cannot break TC 7.1a encryption on any encrypted unmounted partition. Kill yourself.

>a local user can escalate privileges

Bitch, it's my computer and I'm the only one who touches it. I don't give a fuck about any of this.

>CVE-2015-7358
A user can mount a Truecrypt volume over an existing drive letter to get access to stuff they shouldn't
This does not compromise the security of your volumes, but if you run a multiuser Windows system, it's a good reason not to allow users access to Truecrypt.

>CVE-2015-7359
Users can gain access to each others' Truecrypt volumes.
This would compromise the security of your volumes if you have other users on the system.

Neither of these affect the security of your volumes on a system where you're the only user -- i.e. your desktop PC.

>Veracrypt is a fork of the Pre-NSA tampering Truecrypt code.
But that code is further modified, and only partially audited. A partial audit is completely useless. There could be numerous vulnerabilities and backdoors that haven't been exposed yet.

TC is fully audited and well established as secure. There's no reason to trust any forks.

Don't use Truecrypt or Veracrypt. Use LUKS. Look at the screenshot in It's super easy. Easier, I'd argue, than Truecrypt and Veracrypt. And most importantly, it's the most secure of the three.

>it's the most secure of the three
>source: my ass
Like, who needs audits amirite.

What the fuck are you talking about?

An audit of VeraCrypt 1.18 was conducted by QuarksLab on behalf of the Open Source Technology Improvement Fund, taking 32 man-days and published on 17 October 2016.[34][35] The major vulnerabilities identified in this audit were resolved in VeraCrypt 1.19, released the same day.

Do you realize that 7.1a was under the spotlight of the whole world's media and security companies for a pretty long time?
I don't doubt their good intentions but that's just one team of random people that I didn't even know existed till now.

Lol. Even BitLocker had an audit. Audits can help find bugs, but they're not as important as you think they are for free software projects.

You are serious right now user? I think some of your logic is flawed.

How about trying to point out this supposedly flawed logic? Articulate.

>they're not as important as you think they are for free software projects.
Exactly, because free software tends to *change* over time with people contributing to its code base, but this doesn't apply to TC 7.1a since the project is stalled to 2014, yet no relevant flaws were found in this version/build.

>don't trust open source software where you can read the source code yourself
>do trust proprietary black box

By your post it seems you assume a lack of competence of a group despite you knowing nothing about them. In fact the you seem to imply that because you never heard of them as a fair reason to discredit their audit which in an earlier post you seemed to be unaware of any audit at all.

What I was implying is that they're are ONE group, as opposite to the... hundreds(?) of different groups that audited TC 7.1a independently. Yes I didn't know about any audits of VC because it's irrelevant software that I don't care about since 7.1a already exists and does everything I need.

I fucking love these threads about cryptography.

Why would a bunch of basement neckbeards even need military grade encryption?

You really think that NSA really cares about your anime collection?

The reality is that nobody even cares about you, let alone about some japanese cartoons you are hiding.

Stop trying to look important by using things you really dont need and understand

"Military grade" make it sound like no one uses it. The ciphers it uses, such as AES are fairly common. You probably used https today. If so, you used AES.

Saying you don't need full disk encryption is akin to saying you don't need ether forms of encryption such as https.

do you glow in the dark?

>le nothing to hide nothing to fear post

On the off chance I get robbed by a nigger, I don't want them to enjoy my exquisite anime porn collection.

Almost everyone has financial documents and the like that they may want to encrypt.

Even if it's not against NSA but against the laptop thief that grabbed your computer. Or some such.

And using actually for all we know secure "military grade" encryption is common sense. Why would you use something less when it's pretty easy on a PC's resources anyhow? Would take a retard to take ineffective placebo, known dumb solutions, or poorly known solutions instead.

If anyone doesn't understand, it;s you.

If the NSA has a backdoor into Veracrypt which has escaped detection after thousands of audits by security specialists all over the planet, then who cares. They're not going to expose its existence to bust you for pirating copyrighted material. Hell, they wouldn't even use it for a CP case. It'd probably never even be used for law enforcement. It'd be a tool for decrypting devices seized during military raids for national security purposes.

This. They'd never play their hand on a court case. You'd have to commit an act of war or be an annoying journalist alone somewhere.

Encryption is all or nothing.
If it's know to be crackable, then what's the fucking point.

You could not be more wrong if you tried.

Use LUKS.

I think you have a poor understanding of "military grade". That pretty much just means it's only the list of NSA-approved encryption algorithms, which means there's no known weakness and they're unlikely to be broken by brute force in the foreseeable future. Why would anyone create, maintain, or use encryption software which has known weaknesses? Anything that's in active use is going to be "military grade".

>What's a computer?
Some people know about hashes and ecb vs xts and care a great deal about which one they use. It has good defaults if you don't care but there are no real shortcuts to security. Maybe technology is not the right field for you?

If da gubbermant can crack your encryption:
Anyone can also

Meaning it's useless.

LUKS doesn't support hidden volumes, so it's literally useless for any country with forced key disclosure (basically any Western country).

LUKS is not secure.

>neckbeard shitposting
why.jpg

NSA last 5 years has been raped by everyone from Snowden to Kaspersky Labs. How you can believe that this pack of incompetent fucks with blood and shit running down their legs from their heavily abused asshole is a threat to anything but US national security is a mystery.

>basically any Western country
Lel no.

> it's literally useless
Even in countries that do, no. Thieves can't use police / a court, not disclosing a key may be a very minor offense, and so on.

>not disclosing a key may be a very minor offense
Wrong. You can be jailed indefinitely until you comply. Multiple US cases.

>make a keyfile out of random digits and put it on a usb
>destroy the usb and pretend you lost it
What now feds?

Still wrong. A judge jailed a guy for 18 months and counting because he won't unlock an encrypted drive. He claims he lost the password.

I still use it, but only for porn and personal writing I would be embarrassed if anybody I knew read. I don't have anything illegal or sensitive on my computer so I don't really worry about it. I just want a password protected folder that is inconspicuous and easy to access when I want it.

Proof?

Good thing the whole world isn't the USA.

>tfw used to use this to hide my porn when I was younger

Possible solution: Get one of those fingerprint readers that can supposedly detect duress and use that as part of your key input.

Do they actually work? Heaven only knows. But you also have a password in there. So if they demand you unlock it, use the wrong password. Regardless of whether the reader detects that you're under duress, it will fail, and they can't tell whether it failed because of the password or the fingerprint -- and the company that makes the fingerprint reader isn't going to come to court to testify for them that their product doesn't work.

That's a nice harddrive manager, what's it called?

not using a hidden volume lolol

disks
gnome is number one in linux computing
t. rajesh marsala

Can someone give me a TL;DR?
Is TrueCrypt still safe or should I use VeraCrypt? And I can't use luks because I use wangblows ten

Ayy lmao, read the thread

>they don't just use bitlocker
why

I meant the package name, not what your launcher shows

>he thinks encryption will save him when the feds bust in
lmao

>truecrypt 7.1a
latest secure version

I use LUKS becuase I'm not a fucking brainlet.

honest question: what do you need hidden volumes for? I use LUKS FDE on my libreboot Thinkpad x200 for daily university use in case someone steals my laptop. This is my "attack scenario". What's yours?

>Why couldn't Truecrypt fix the issue? And why was it so easy for Veracrypt?

Veracrypt just changed one variable to increase the iterations needed to check a password.

Anyone could do it, and it's just a balance between maximum security when using shit passwords vs time it takes to unlock.
On my old laptop it took almost 2 minutes to unlock with Veracrypt vs. fraction of a second with Truecrypt.

>what do you need hidden volumes for?

For when they force you to unlock your device.

You can for example use one password to unlock your sensitive data and a different password to unlock some shit you don't care about.

You can also disguise a volume as a regular file, for example a movie.

>--use-rendum
>t. not understanding crypto

I know how hidden volumes work, I was just wondering why I, an average, should use them.
>For when they force you to unlock your device.
who is "they"?

Fragile attempt at deniability. If (((they))) see you used a program with hidden volume and you give them a password that decrypts something they don't care about, you'll likely get fucked anyway.

Or just use true/vera with its hidden folder option, but since its not lovely luks I guess it must be NSA shill? Topkek.wmv

This, you might aswell use no encryption at all since then they cant say you have more stuff hidden

/thread

they have never broken it and tried many times.

I have an original release of trucrypt 6.1a and I trust that WAY more than any shit they put out these days.

>who is "they"?

Employers, criminals, governments - whoever you need to protect your data from.

plausible deniability, that's for what.

If you're not sure whom to trust why not encapsulate a VC container in a TC container? This way BOTH methods would have to be compromised to make you vulnerable.