5/8/2023 0 Comments Truecrypt alternative 2017![]() ![]() ![]() This audit is good news and a somewhat of a relief. No way to detect it unless you regularly strip down you keyboard or laptop. And that is on advanced amateur-level, not professional level. With todays microcontrollers I could build one in a weekend and miniaturize it with a week of time or so. For example, an attacker with access several times can just install a hardware keylogger. The scenarios where disk encryption is useful assume that you notice when an attacker had access once (laptop stolen). That is why on Linux, I use LUKS on the data-partitions and on Windows (where I do not trust the MS-supplied crypto) I use TrueCrypt for the Windows System partition as as it doubles in many senses as a data-partition, unlike what you can do on Linux.īut in the end, if a reasonably competent attacker has access to your hardware several times, you are screwed anyways and no amount of disk encryption will help. It is a bit harder to attack than a kernel+root partition setup, but not much so. There still is an initial boot-loader and that is basically just as easy to attack as a full kernel+initrd setup. On the other hand, Full Disk Encryption rarely is Full Disk Encryption, and it is not for Mint either, or for TrueCrypt at that. Requiring defaults is pretty clearly a limitation of the Mint initrd, and not any limitation of LUKS. Sure, it can be used for encrypting a full disk, but then you need LVM to get partitioning again (with all the problems that brings in), and you have to use an encryption method that the initrd can handle. LUKS is not aimed ad FDE, it is aimed at partition encryption. Who is responsible for locking the vast majority of LUKS – LVM users into the particular defaults by not giving them easy alternatives?Īp4:15 and LUKS are seperate projects. Wouldn’t it be relatively easy for the maintainers of the system installer to install a drop down menu to allow you to choose the encryption options you want, the way TrueCrypt does? (Hint: in such a case they could even allow an option to dispense with the SWAP file for those with adequate RAM.) It seems to be technically possible to partition the disk using LUKS – LVM with the options of your choice and then to do the install on top of that–but it is to say the least confusingly complicated and no one has ever published a straightforward cookbook how to do it. The problem with LUKS is that if you want to do an FDE using the systems installer at system install time in say Mint you are restricted to the AES defaults. Given the first-out-of-the-blocks comments by Anonymous1 & Anonymous2, Truecrypt must be good enough for certain parties to want to restrict its use as much as possible by trashing it (trolling) online. ![]()
0 Comments
Leave a Reply. |