[Cryptography] Fork of TrueCrypt
ianG
iang at iang.org
Tue Jun 3 04:44:44 EDT 2014
On 3/06/2014 02:09 am, Bill Cox wrote:
> There is a discussion list for the TrueCrypt fork over at:
>
> http://truecrypt.ch:2080/
>
> Does anyone here know the guys behind this fork? In their Vision
> statement, they said they wanted to add an auto-update feature, and have
> the dev team working on continual feature enhancements.
Auto-update is a key feature in keeping the user-base secure. It's the
only way to get the roll-out of major critical security bug fixes out in
o(month) as opposed to never.
> If they
> integrate code that talks to the network on purpose, I'm going to do my
> own fork instead. If they get a team adding new code constantly, I'll
> also have to pass on this fork. Do they know anything about crypto?
Right. So this is one of those subtle unsolvable equations. You can
possibly judge patches as being secure, if you see them. So for you you
might get better security by sticking to what you know.
But for the masses, they don't look, they don't upgrade.
It might come down to who TrueCrypt is for; as you asked at the top
c.f., Vision.
Does a higher base security for most justify a lower absolute security
for a few? This is a question not a few devs have had to wrestle with.
iang
More information about the cryptography
mailing list