[Cryptography] Fork of TrueCrypt

ianG iang at iang.org
Wed Jun 4 07:51:08 EDT 2014 

On 3/06/2014 22:32 pm, Bill Cox wrote:
> On Tue, Jun 3, 2014 at 5:12 PM, <tpb-crypto at laposte.net
> <mailto:tpb-crypto at laposte.net>> wrote:
> 
>     > Message du 03/06/14 21:34
>     > De : "Bill Cox"
>     >
>     > An auto-update feature pinging the server would alert any network
>     snooper
>     > of exactly who was using the TrueCrypt fork. From a security point of
>     > view, auto-update is DOA.
>     >
>     > I read some more posts over on truecrypt.ch <http://truecrypt.ch>.
>     The more technical of the two
>     > guys behind it wonders if he can buy out the zulucrypt guys. He's
>     > definitely thinking of this as his new startup rather than a FOSS
>     effort.
>     > From that point of view, auto-update makes sense. I am losing
>     confidence
>     > in this team. It seems they're just interested in cashing in on
>     TrueCrypt.
>     >
> 
>     It is not a bad thing if they cash in, as long as they do a good
>     job. Because they are rookies, maybe they can confuse things up, as
>     an older guy you could guide them to a good outcome.
> 
> 
> Absolutely true!  If the truecrypt.ch <http://truecrypt.ch> guys issued
> a goal list that had taking all the code in a FOSS direction, working
> with (but not buying) ZuluCrypt and others, defending the code with
> stringent application of KISS, and fixing TrueCrypt's poor password
> security, I'd be onboard even if they were raising money.  I just find
> that the money as often as not pushes a FOSS project in a direction it
> really shouldn't go, and I think this is especially true for crypto. 
> Stated goals like "continual feature enhancements" is what a marketing
> guy things of when there's a continual money stream.  Injuring marketing
> guys is probably what a lot of crypto guys think of when they hear
> "continual feature enhancements".


It's very very hard selling crypto security.  Most or all efforts have
failed.  The ones that succeeded sold something else (eg Skype), or sold
to a particular niche which ain't real people (eg Silent Circle) or some
other A/B provision (eg Bitcoin) or weren't selling what they said at all.

Been there, done that, ate the t-shirts.  You have to give these guys a
*lot* of leeway for them to find a business model that keeps them
eating.  And that means getting off the crypto-privacy-at-any-cost
bandwagon.



iang

More information about the cryptography mailing list