[Cryptography] Fork of TrueCrypt
ianG
iang at iang.org
Wed Jun 4 07:51:08 EDT 2014
On 3/06/2014 22:32 pm, Bill Cox wrote:
> On Tue, Jun 3, 2014 at 5:12 PM, <tpb-crypto at laposte.net
> <mailto:tpb-crypto at laposte.net>> wrote:
>
> > Message du 03/06/14 21:34
> > De : "Bill Cox"
> >
> > An auto-update feature pinging the server would alert any network
> snooper
> > of exactly who was using the TrueCrypt fork. From a security point of
> > view, auto-update is DOA.
> >
> > I read some more posts over on truecrypt.ch <http://truecrypt.ch>.
> The more technical of the two
> > guys behind it wonders if he can buy out the zulucrypt guys. He's
> > definitely thinking of this as his new startup rather than a FOSS
> effort.
> > From that point of view, auto-update makes sense. I am losing
> confidence
> > in this team. It seems they're just interested in cashing in on
> TrueCrypt.
> >
>
> It is not a bad thing if they cash in, as long as they do a good
> job. Because they are rookies, maybe they can confuse things up, as
> an older guy you could guide them to a good outcome.
>
>
> Absolutely true! If the truecrypt.ch <http://truecrypt.ch> guys issued
> a goal list that had taking all the code in a FOSS direction, working
> with (but not buying) ZuluCrypt and others, defending the code with
> stringent application of KISS, and fixing TrueCrypt's poor password
> security, I'd be onboard even if they were raising money. I just find
> that the money as often as not pushes a FOSS project in a direction it
> really shouldn't go, and I think this is especially true for crypto.
> Stated goals like "continual feature enhancements" is what a marketing
> guy things of when there's a continual money stream. Injuring marketing
> guys is probably what a lot of crypto guys think of when they hear
> "continual feature enhancements".
It's very very hard selling crypto security. Most or all efforts have
failed. The ones that succeeded sold something else (eg Skype), or sold
to a particular niche which ain't real people (eg Silent Circle) or some
other A/B provision (eg Bitcoin) or weren't selling what they said at all.
Been there, done that, ate the t-shirts. You have to give these guys a
*lot* of leeway for them to find a business model that keeps them
eating. And that means getting off the crypto-privacy-at-any-cost
bandwagon.
iang
More information about the cryptography
mailing list