Thread for TrueCrypt alternatives [FOSS preferred]

Discussion in 'privacy technology' started by Morthawt, May 29, 2014.

Thread Status:
Not open for further replies.
  1. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    ?? I already quoted that. Again "precluded from using Ms. Fricosu's act of production" against her. Not the contents themselves.

    No it doesn't, and that's why the EFF said what they said:

    "the government offered Fricosu immunity for the act of production and forbids the government from using for the act of production against her. We think Fricosu not only has a valid privilege against self-incrimination, but that the immunity offered by the government isn't broad enough" to invalidate it. Under Supreme Court precedent, the government can't use the act of production or any evidence it learns as a result of that act against Fricosu."

    See? The "act of production" is separate from "evidence it learns as a result of that act". This is why you're wrong, and why your entire argument false apart, because you claimed the exact opposite when you tried to conflate the two.

    EFF's issue is not only that she's being forced to decrypt the drive (which they argue is an invalidation of 5A privilege), but also that "the immunity offered [...] isn't broad enough" to compensate for the court to actually go through with invalidating it...meaning exactly what I'm saying: it doesn't protect her from prosecution based on what they find on the drive.

    I'm not sure where you get off telling me I'm the one who doesn't know what he's talking about when you didn't even know you weren't reading a ruling.
     
    Last edited: Jun 1, 2014
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,362
    Location:
    Oz
    I can't help but suspect the same.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,327
    Location:
    Here, There and Everywhere
    Welcome back, "Randcal." You're the most persistent (yet transparent) condescending visitor to this forum in its history. That's saying a lot. I think this makes, what, your fourth or fifth trip? I'm already seeing the same outcome on the horizon.
     
  4. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    I suspect slogging away for 10 years has more to do with it than any individual item you picked out.. and having to revisit *the whole body of code* because the auditors want more commenting and bounds checks on every variable would certainly cause *me* to lose interest.. and stuff the public interest in it.. the public just raised tens of thousands.. none coming to me *to make my life harder*.....

    Why is losing interst implausible?
     
  5. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    @LockBox
    I admit maybe I've replied on this topic a bit too much, but I think it's important. If that makes me "transparent", then okay I guess. "Condescending" I feel is harsh though. He's the one who kept saying I didn't know what I was talking about.
     
  6. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    As I said this is getting ridiculous. If you bother to read what you quoted, you will find that it says:

    "Under Supreme Court precedent, the government can't use the act of production or any evidence it learns as a result of that act against Fricosu."

    That is exactly what use immunity means. Obviously the act of production is different than what the government learns from that act. But as stated above, both are protected under Supreme Court precedent by virtue of use immunity, unless the govt can prove it independently learned of the evidence without using the act of production to discover same.

    __
     
  7. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    No, that's EFF's whole problem with the immunity...the use immunity that the Colorado court granted was not broad enough to satisfy the Supreme Court precedent. That's the whole point. It only protected her from the act of production...not the derivative use of what they find on the drive. The Supreme Court precedent is that they can't use either. But this court granted immunity only from the former, not the latter.

    Here's a similar case involving a John Doe and a TrueCrypt drive. The language is much clearer:
    http://caselaw.findlaw.com/us-11th-circuit/1595245.html

    This is the exact same thing in the Fricosu case, and that's why the EFF has a problem with it...because A they shouldn't have to decrypt in the first place, and B limited use immunity (that is, immunity limited to the use of the act of production) is not broad enough to compensate for invalidating the 5A privilege and forcing the decryption of the drive.
     
    Last edited: Jun 1, 2014
  8. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Again, use immunity would normally protect against evidence discovered by using the act of production. The government lost in the second case you cited because the immunity offered by the government was a specifically limited immunity that didn't pass constitutional muster:

    "To conclude, because Doe's act of production would have testimonial aspects to it, an order to compel him to produce the unencrypted contents of the drives would require immunity coextensive with the Fifth Amendment (and § 6002).   Immunity coextensive with the Fifth Amendment requires both use and derivative-use immunity.   The Government's offer of act-of-production immunity clearly could not provide the requisite protection because it would allow the Government to use evidence derived from the immunized testimony.   Thus, because the immunity offered here was not coextensive with the Fifth Amendment, Doe could not be compelled to decrypt the drives."

    Again, the govt cannot compel you to reveal your password and then use evidence they get from your hard drive as a result of using your password, in a criminal case against you. This is exactly what the holding in this case says. And that is exactly what I said that you quibbled with to begin with.

    __
     
    Last edited: Jun 1, 2014
  9. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    ..But in this Fricosu case, it didn't.

    And that brings us right back to my original comment about how it depends on the court. Your insistence that "use immunity" implies both immunity from the act of production and the derivative use of the contents themselves, is just wrong. Your insistence that the Colorado court immunity granted to Friscosu protected her from prosecution based on the contents of the drive, was just wrong. Your insistence that evidence found on the drive could not be used against her, and that "you cannot be compelled to reveal your password to allow the govt to pursue a criminal case against you if you are a US citizen, and if the govt plans to use anything they learn from using your password in a criminal proceeding against you," is just wrong. Just as you were wrong about an application by an attorney being a ruling by a judge. Those are in fact completely opposite things.

    And as this case illustrates, being forced to give up a password and having the contents of a decrypted drive used against you can happen in the US.

    ..which was my point all along.

    And it's fine to be wrong. That's cool. It happens. I'm just not sure why you had to be so condescending the whole time, telling me I had no idea what I was talking about.
     
    Last edited: Jun 1, 2014
  10. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Clearly the case proves exactly what I said. You cannot be compelled to reveal your password to allow the govt to pursue a criminal case against you if you are a US citizen, and if the govt plans to use anything they learn from using your password in a criminal proceeding against you. And just to clarify against further quibbling, I obviously meant the you cannot legally and properly be compelled etc.

    The actual question was never reached in Fricosu because Fricosu's husband voluntarily revealed the password and the entire issue was rendered moot, and thus not subject to appeal.

    __
     
  11. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    You're still sticking to it? You're just going to claim the Colorado court was "improper" in it's ruling, so that means you weren't wrong this whole time? Seriously?

    Bottom line is, the court ruled she had to reveal the password and she was subject to prosecution based on the contents. That is the whole point. I said it can happen in the US, because it did. Whether you think it was "proper" or not, is irrelevant. If you want to try to claim that that means you weren't wrong this whole time, that's fine, but it'll certainly be irrelevant when you're on trial.

    Which brings back my other point:

    "She could easily have avoided her current dilemma by using comparable encryption software with a 'hidden container' feature, such as TrueCrypt."
    -http://btlj.org/2012/01/26/much-ado-about-fricosu/
     
  12. snerd

    snerd Registered Member

    Joined:
    Dec 8, 2007
    Posts:
    121
    Location:
    Arkansas USA
    Thread is for TC alternatives. Why don't you legal eagles take it to PM?!
     
  13. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    @snerd
    Apologies. It's over now. My whole point all along was that you can be legally compelled to decrypt a drive and be subject to prosecution based on the contents (even in the US), and we've proven you can. It's an important point, and people need to be aware of it.

    That is all.
     
  14. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Thank you for that.

    __
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,327
    Location:
    Here, There and Everywhere
    Not. So. Fast.

    This is so typical of your past here. Stating untruths as facts and acting like the other person is being somehow dishonest or just plain dumb. You can't wrap-up your legal misinterpretations with that all encompassing statement above. It's simply not true. If it were, encrypted disks would not be lining the shelves of prosecution offices all over the United States. One day a serious case will make it to the Supreme Court and most legal scholars believe that 5th amendment protections will win the day. Your statement is just shockingly wrong.
     
  16. Randcal

    Randcal Registered Member

    Joined:
    May 29, 2014
    Posts:
    76
    Well of course it's not always the case. It depends on the circumstances, and as I said originally, the court. That John Doe case is just one example of probably many where it was ruled the person didn't have to decrypt.

    My point was that it can happen, as it did in this Fricosu case.

    Not sure what you mean about "past here". I've only been here a couple days. I only even found this place because of the TrueCrypt announcement.
     
  17. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    I plan on going to DiskCryptor. It's FOSS (which we all love), but doesn't have as many features as TC. For instance, no plausible deniability.
    On the other hand, Twofish is by far the fastest on my hardware, and it's the algorithm I chose for it's improved security over AES and it's faster performance compared to Serpent. The best of both worlds, I would say.

    I'm filling my drive with zeroes, then I'm going to re-install Windows and encrypt everything, wiping every sector US DoD 5220.22-M (8-306. / E). It'll probably take at least 24 hours to do so, but it's worth the risk (I think).
    Let's just hope the DiskCryptor developers are right about their wipe mode:

    https://diskcryptor.net/wiki/FAQ#Ho...ted_encrypted_volume.2C_so_what_does_it_do.3F
     
  18. BeardyFace

    BeardyFace Registered Member

    Joined:
    May 29, 2014
    Posts:
    80
    They were, with old drives, if you read the CMRR research on the subject, with modern drives that single pass of zeros is enough wiping to put anything there beyond recovery, but by all means spend the extra time if you feel more comfortable.. your data won't be any deadder with multiple fatal bullets than it was with the first one.

    But the program does what it says on the tin.
     
  19. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I noticed that a lot of people aren't making any decision until the audit is complete. I have to wonder if the audit can be completely trusted given what has happened. If the NSA or a government found and got to the developers, what prevents them from coercing the auditor in much the same manner?
     
  20. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Hopefully some proper full on news regarding truecrypt comes about and hopefully on the actual website for all we know it could be a ploy to get more donations and lets face it many would since its perhaps the best encryption with PD feature going and its been free for so long I would happily donate but was hoping to do a large donation if tc and dc updated their software to support Windows 8/UEFI support since even windows 8 is old now and still no updated and supported packages.


    Anyhow ill give you my alternative

    I was trialing this alternative here:

    http://www.securstar.com/products_drivecryptpp.php

    commercial software Which supports Windows 8 FDE, also supports a lovely feature of a privacy lock out screensaver feature and supports hidden os although according to past but old reviews they said the hidden/dummy os is not really usable not sure why and the trial does not allow one to play with that feature sadly.


    I think tc and dc nailed it quite well and still prefer them for now :)
     
  21. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    Agreed one pass of zeros is plenty and much faster you can use eraser or ccleaners drive wipe tool, even quick or full scan via recuva and zero results afterwards, one can also replicate the same effect with PrivaZer which makes it garbage and is faster but for full safety if your ever formatting or selling or giving up a hdd one pass is a good choice.
     
  22. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,616
    Location:
    European Union
    True, it is possible to happen. But in the end you have to trust someone/something...
     
  23. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi
    Please don't worry...as even the three letter agency has published a truecrypt approved
    https://twitter.com/NSA_PR/status/471780751067738112
    In the same way as their previous claim
    http://www.extremetech.com/computin...ption-is-too-good-says-us-intelligence-agency

    More seriously, an update of an interesting work on TC
    https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

    I have hesitated to post this info for ethical reasons, but anyway i know the limitations of such tools...
    Centry is a python pgm for evidences urgency...(option for TC users)
    http://www.theregister.co.uk/2014/05/28/police_at_the_door_hit_the_panic_button/

    Regarding discussions about impact of password on encryption law, i guess there is always a big difference between theory and practise, the protection of citizens, even criminals, and the goal and power of three letters (FNCBSIIAA) investigators...
    No need sophisticated attacks against encryption, sometimes a simple hardware keylogger is enough.
    I am not highly concerned about hiding my data, but a few month ago, a friend has forgotten his USB key at the office, and then his boss was aware of all his evidences against him (and i needed to face in a forensic way with "last opened document" time stamp for each doc files).
    Then even for any good father, encryption of private data is often necessary.

    And for those who really have something to hide, i have already suggested here the Cosa Nostra or Vory v zakone method...take a trip to the Vesuve or the kamtschatka and put your hard disk in the Volcano...sure that even the three letter agencies wil never find any kind of evidence...
    http://www.spiegel.de/static/360grad/kamtschatka/

    Have a nice trip...
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Such a trip isn't necessary. Also, carrying that incriminating data across borders would be risky ;) Here's my method, which I've mentioned before.

    Use a ~20 L steel can. Punch ~1 cm holes at ~3 cm interval, just above the bottom rim. Place the can on bricks, and fill loosely with 2-4 cm diameter dry hardwood. Add some starter fluid (or kerosene) and light carefully with a long stick. Add paraffin as needed to get the fire going well. Then add your HDDs, one or two at a time. You can also burn CDs/DVDs. If the fire is hot enough, there won't be very much smoke.

    With modern HDDs, only the steel cases and other small steel parts survive. The electronics, platters and aluminum are totally gone. If you were to burn enough HDDs, you could probably recover lead and gold from the ashes And of course, the smoke and ashes are toxic. Don't breathe the smoke, and dispose of the ashes carefully.
     
  25. blainefry

    blainefry Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    165
    FWIW,
    Bruce Schneier now admits that his switch to PGPDisk was hasty and recommends that people don't switch:

    https://www.schneier.com/blog/archives/2014/05/friday_squid_bl_427.html#c6392580
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.