toregrand.blogg.se

1. Ubuntu truecrypt alternative how to#
2. Ubuntu truecrypt alternative install#
3. Ubuntu truecrypt alternative generator#
4. Ubuntu truecrypt alternative full#

With the death of XP and the new Vista-Windows 7 bitlocker, this removed a huge portion of the user pool.īruce is right. I do suspect that the rumors of the project drying up were indeed correct. The code is certainly fixable but the randomness of the code for the keys is at the heart of cryptographic integrity.

I have some mixed feelings about the above statement. “Note Specifically, removing access to the CLFUSH instruction as part of the Rowhammer mitigation.” The most straight forward way to exploit this would be using native code, potentially delivered through NaCl in chrome… the simplest method of exploitation through that attack vector was recently closed off.” Finally, CS identified several included AES implementations that may be vulnerable to cache-timing attacks. While CS believes calls will succeed in all normal scenarios, at least one unusual scenario would cause the calls to fail and rely on poor sources of entropy… Additionally, CS identified that volume header decryption relies on improper integrity checks to detect tampering, and that the method of mixing the entropy of key files was not cryptographically sound. “The most severe finding relates to the use of the Windows API to generate random numbers for master encryption key material among other things.

Ubuntu truecrypt alternative generator#

Section1.3 Findings and Summary indicates some problems relating to the random number generator : It shows that open source project work and can be audited.īut, there are some concerns. This audit is good news and a somewhat of a relief. No way to detect it unless you regularly strip down you keyboard or laptop. And that is on advanced amateur-level, not professional level. With todays microcontrollers I could build one in a weekend and miniaturize it with a week of time or so.

Ubuntu truecrypt alternative install#

For example, an attacker with access several times can just install a hardware keylogger. The scenarios where disk encryption is useful assume that you notice when an attacker had access once (laptop stolen). That is why on Linux, I use LUKS on the data-partitions and on Windows (where I do not trust the MS-supplied crypto) I use TrueCrypt for the Windows System partition as as it doubles in many senses as a data-partition, unlike what you can do on Linux.īut in the end, if a reasonably competent attacker has access to your hardware several times, you are screwed anyways and no amount of disk encryption will help. It is a bit harder to attack than a kernel+root partition setup, but not much so.

Ubuntu truecrypt alternative full#

There still is an initial boot-loader and that is basically just as easy to attack as a full kernel+initrd setup. On the other hand, Full Disk Encryption rarely is Full Disk Encryption, and it is not for Mint either, or for TrueCrypt at that. Requiring defaults is pretty clearly a limitation of the Mint initrd, and not any limitation of LUKS. Sure, it can be used for encrypting a full disk, but then you need LVM to get partitioning again (with all the problems that brings in), and you have to use an encryption method that the initrd can handle. LUKS is not aimed ad FDE, it is aimed at partition encryption.

Who is responsible for locking the vast majority of LUKS – LVM users into the particular defaults by not giving them easy alternatives?Īp4:15 and LUKS are seperate projects.

Wouldn’t it be relatively easy for the maintainers of the system installer to install a drop down menu to allow you to choose the encryption options you want, the way TrueCrypt does? (Hint: in such a case they could even allow an option to dispense with the SWAP file for those with adequate RAM.)

Ubuntu truecrypt alternative how to#

It seems to be technically possible to partition the disk using LUKS – LVM with the options of your choice and then to do the install on top of that–but it is to say the least confusingly complicated and no one has ever published a straightforward cookbook how to do it. The problem with LUKS is that if you want to do an FDE using the systems installer at system install time in say Mint you are restricted to the AES defaults. Given the first-out-of-the-blocks comments by Anonymous1 & Anonymous2, Truecrypt must be good enough for certain parties to want to restrict its use as much as possible by trashing it (trolling) online.