Popularity of Truecrypt vs FreeOTFE ?

It seems that everybody that's intrested in volume encryption takes a look at
the free Truecrypt. If you look at the downloads on the webpage http://www.truecrypt.org/statistics.php you can see it's very polular in the least.

It also seems that almost nobody is looking at the FreeOTFE. Why ??

It offers the same functionality as Truecrypt 4.3a, is opensource, maintained,
stable, safe.

It was even faster than truecrypt for implementing the XTS-mode (as of truecrypt 5.0) of encrytion, wich is supposed to be safer than LWR.

It offers more variation on algorithms/ hashes used than truecrypt.

The only thing it doens't offer is cascading of ciphers; But according to Jusin Troutman cascading doesn't always mean stronger security. The algorithms used are safe enough to work without the need for cascade.

Also creating a big volume (GB's) with Truecrypt takes many minutes, even hours,...with FreeOTFE it takes maximum 1 minute (without overwriting the free-diskspace on the newly created volume).

So why the big difference in popularity ?

http://www.freeotfe.org/features.html

 

Re: Polularity of Truecrypt vs FreeOTFE ?

1) I trust Truecrypt team (most important reason), they've made a lot of disclosure concerncing the limits of truecrypt.
2) They are very communicative and explanative (well, actually not since the 5.0 actually, but they used to be, they just might be very busy now improving the new release).
3) There are TCtemp and TCgina on TrueCrypt.

In addition their marketing is better: when i was looking for such a software, i first found FreeOTFE, but it didn't tell clearly that it is also compatible with linux so i continued searching and i then found Truecrypt.

 

Re: Polularity of Truecrypt vs FreeOTFE ?

Maybe it is not (FreeOTFE) well known? I havent heard of it before I read about it here a couple of weeks ago. I tried it and liked it. It´s been a while since I used TC but to me FreeOTFE feels easier to handle.

 

Re: Polularity of Truecrypt vs FreeOTFE ?

While I'm not an expert about TrueCrypt or FreeOTFE, heres my thoughts:

According to Justin, more is not necessarily better. It can lead to more possibilities for problem in the implementations, though as the potential for weaknesses is multiplied by the number of ciphers.

If I recall, he's said that of AES. Whether or not that holds true with other algorithms, it doesn't with DES as far as I know, is up to experts to decide.

Without encrypting the entire container area ("overwriting the free diskspace") you are leaving unencrypted data on the disk within the area assigned to the encrypted container. This presents an easy tell of whether a "hidden" container exists or not, as well as giving someone the opportunity to see just how much information is encrypted within the container. If you have a container of 100MB, with 5MB of seemingly random (presumed encrypted) data, and 95MB of clear-text fragments, you can easily determine that there is 5MB or less of "Sensitive" material.

The point of all this is Security & Convenience are two mutually exclusive things, and simply having more features is not necessarily more secure.

Possibly, TrueCrypt's appeal is that it is simple for the inexperienced, and it would be hard (if not impossible) to implement an insecure use of TrueCrypt, even if you don't know hardly anything about Cryptology, whereas FreeOTFE appears to leave room for people to choose options that may be insecure.

Also, TrueCrypt's website appears to be significantly more "Polished". While that probably doesn't matter to some people, it often leads people to feel that the product will show similar polish.

Again, I've never used FreeOTFE, I have started using TrueCrypt in the past month. These are just my observations and thoughts.

 

Re: Polularity of Truecrypt vs FreeOTFE ?

About the more ciphers/hashes > you can simply choose wich drivers are loaded when starting Freeotfe, so you can choose to have only AES-256 and SHA-512 (for example). Simply uninstall all other ciphers & algorithms.

About the cascades > Triple-DES (168 bit) is DES used 3 times, why ? because the 56-bit key of DES is not enough to guard against brute force attacks. Hence the AES canditates are all 256-bit without cascade.

In truecrypt you can't cascade AES (Rijndael) 3-times. Only something like AES-Twofish-Serpent etc....

Freeotfe is just as easy to use as Truecrypt, the standard proposed settings are good enough. No need to change them if you are new to crypto.

The website is indeed not as polished though. But does provide a good manual and product information. The support of the creator is also good (personal experience)

 

Re: Polularity of Truecrypt vs FreeOTFE ?

I'm a user of Truecrypt and Freeotfe for some time now, I can't see unsecure options in the Freeotfe settings, just as i can't see them in Truecrypt.

It doesn't really mather wich algorithm or hash you choose to use. They all are stronger than most of the passwords used by people. You need long lenght password with a lot of entropy to have 256-bits.

It's true that you can use algorithms (AES canditates) with bitlenght of 128 (in Freeotfe), but why choose that if the AES-256 is also available ??

Even AES or Serpent / Twofish / RC6 with 128-bit should provide enough security.

 

I suppose that if I wanted to use an encryption software I would use one that wasn't so popular because the big law enforcement agencies wouldn't be trying too hard to crack it.

 

Not all encryption softwares are hard to crack, the reason it is not popular may that it is easy to crack. So people don't bother using it. The more people try to crack a particular algorithm or software, the more chance a flaw will be found. So the longer the algorithm or software is used with out being cracked the better it is.

 

Its not the program that law enforcement is going to crack. Its the implementation of the algorithm. Considering both OpenOTFE and TrueCrypt both use AES (Among others, and all other things being equal) the containers produced by both are both equally hard to "crack." The only thing that would let it be easy to crack, is if the algorithm was implemented incorrectly, which is more likely with the less popular program, as less people would be "Checking the work" of the developers.