Comments on: Best Encryption Software — Heard Here First!

By: maninsk

maninsk — Wed, 03 Dec 2008 00:50:55 +0000

FreeOTFE is easily the best; Truecrypt is alright but has a crap interface, and less options

http://www.freeotfe.org/

By: zardiw

zardiw — Mon, 31 Mar 2008 04:00:02 +0000

YOU don’t have to check the code…there’s plenty of people out there that do that believe me. And if they found anything funny it would be all over the internet in seconds…..Maybe you remember TurboTax, and the spyware (C-Dilla) code that was found inside it…..Now there’s Corporate Amerika for you. I would be MUCH more afraid of backdoors in commercial software..”I forgot my password….PLEASE help”…..Or “We have a warrant here….”.lol……..z

By: pedro

pedro — Sat, 20 Oct 2007 15:43:32 +0000

#17 I didn’t say I fully trust closed source, I only said it’s easier to predict what their agendas are and thus, try to go around them or just plain avoid them.

BTW, are you implying that I should go thru every line of code of every open source program and their updates before installing them? when will I find the time to maintain them? when will I find the time to use them? when will I find the time to actually work and have a life?

I think I’d be better off writting my own soft, dontcha think?

And people wonder why open source doesn’t get more market. Kinda conceeds the point to Marc Perkel.

By: Cinaedh

Cinaedh — Sat, 20 Oct 2007 14:29:17 +0000

#16

I’m a bit confused here, pedro.

You don’t trust open source code that you can actually see, review and vet before it compiles and runs –

- but you do trust closed source code you are unable to see, review and vet before it runs?

WTF? I must be missing something really, really obvious but really important here.

By: pedro

pedro — Sat, 20 Oct 2007 13:26:26 +0000

#12 I know the “comunity” oriented way open source works. It’s not like I don’t use open source soft. But there is no way I will trust a bunch of people I don’t know in a comunity were a bunch of wackos live among the good intentioned people.

And any way you look at them, electronic voting systems are flawed. There’s no guarantee that either the code they had shown you is the one being used at the voting moment, not to mention who’s tapping into the data transfer media.

You’ve got to understand, I’ve been burnt too many a time in kuzcoland, so I definitively trust almost no one nowadays. It’s easier to know or infere the interests/agendas of a big corp than those of a “comunity” group.

#13 too bad. Hope you don’t get too distracted doing snything else becuase there are noises around. I guess that’s how fruit flies may feel.

By: Glenn E

Glenn E — Sat, 20 Oct 2007 09:43:08 +0000

So as far as encrypting your PC data is concerned. The UK government presumes that you’re “guilty until proven innocent”. And if you don’t cough up the password for them, they lock you up for hiding something from them. So far they haven’t applied this to God, for hiding our genetic makeup in the DNA code. Will brits have to submit their DNA “password” someday, so they can be cleared off crimes commited by a tiny few?!

This isn’t about governments fighting crime or terrorism. It’s about high ranking government types maintaining their power over the masses, by ensure that they know what their all up too. That’s why they need to bug all of our communications, not just the criminals. The Pentagon got caught keeping lists of citizen groups, that merely disagreed with there being a war! They’ve probably been doing this kind of internal political spying since the Korean War. No doubt they were labeling all pacifists, potential “commies” back then. But now it’s more about tax dollars, and political support, being lost. And figuring out what kind of counter-propaganda is needed to offset this.

In any case. I have little doubt that the harddrive makers have already provided a “backdoor” in their encryption algorthms, for NSA and MI6 to crack any drive they get access to. But they want to us to think that a password must be submitted, to hid this trick. And if the harddrive makers didn’t make an easy way to crack the disk encryption. Then the Blackwater boys would probably be sent to visit their corporate HQ. Or they’d be made to swallow some other financial poison pill. A few years back, I read a newspaper article about how a Swiss firm had compromised an encryption machine that it made. For just that purpose, at the NSA’s request. And they kept it a secret for years, but sold the machines all over the world as “uncrackable”. Replacing the older “enigma” machines that had been cracked during WW2, and also kept a military secret, until leaked in 1970.

By: Travis

Travis — Fri, 19 Oct 2007 18:06:42 +0000

Go with TrueCrypt for encryption, open source and doesn’t require filling out a form just to download it. It will do all the things John says Drivecrypt will do.

By: Gonster.Macher

Gonster.Macher — Fri, 19 Oct 2007 17:06:01 +0000

I’m very sorry to say I won’t be listening until the bubbling in the background stops. Pity. I guess I’m too cranky a geek to not be annoyed by unnecessary noise.

I’ll check in occasionally to see if John has taken his Ritalin and stopped twitching.

Otherwise, love the show.

By: Awake

Awake — Fri, 19 Oct 2007 12:25:45 +0000

#11 – Pedro -
I don’t trust such a big group of people with checking for security holes.
You obviously know very little about OpenSource software. It sounds like you think that whoever wants to writes or makes changes to software, and then it automatically gets published. That is not how it works.

All that OpenSource means is that the Source Code is freely available for inspection by anybody that wants to do so.

At least with big soft companies, I know what to expect and what kinds of backdoors can they put in place.,/i>
That makes absolutely no sense at all… you are saying that you know both what to expect and what they will do in terms of secret features. You must be a really good mind-reader or have special powers.

A prime example of a high security application where OpenSource is essential is the Electronic Voting systems. As soon as the Source Code was made available for review in California, the systems were decertified because the software was shown to be so poorly written.

In the case of encryption software like Truecrypt, the software has been heavily inspected and no backdoors or bugs have been found, something that is impossible to do without the source code.

It sounds like you would rather trust encryption to a big company that keeps everything secret… maybe some software written by ATT or Verizon would be more to your liking?

By: pedro

pedro — Fri, 19 Oct 2007 07:30:57 +0000

This is actually what scares me about open source. I don’t trust such a big group of people with checking for security holes. At least with big soft companies, I know what to expect and what kinds of backdoors can they put in place. I do not know the intentions of those writting an open source soft.

Yes, you can call me paranoid.

By: John Paradox

John Paradox — Fri, 19 Oct 2007 07:27:40 +0000

what’s with the water bubbling noise?

Double, double, toil and trouble
Dvorak Rant,and Cauldron bubble.

[w/apologies]

J/P=?

By: Greg Allen

Greg Allen — Fri, 19 Oct 2007 02:18:51 +0000

I finally listened to one of these… what’s with the water bubbling noise?

Is this recorded in John’s undersea lair?

By: Awake

Awake — Fri, 19 Oct 2007 01:46:15 +0000

Truecrypt is really the best choice.
- OpenSource, which encryption software MUST be, so it has been externally reviewed for backdoors and programming errors. For some things, like encryption, OpenSource is the ONLY way to go, regardless of what John may say.
- Plausible deniability. You can create a hidden encrypted partition inside an existing encrypted partition, so even if you are forced to reveal your password, the only files visible will be those in the first partition, with no indication of the second partition existing. You put your really important stuff in the second partition, and some important looking but not really important stuff in your first partition.
- Easy to move from one place to another. Unless you go the NOT recommended route of actually encrypting a partition, what you actually do is create a large standard file that is encrypted, and then mount that file as a disk. Your files actually go inside that main file. This means that you can move that file from drive to drive and it stays encrypted, backup works fine, etc. You can also easily have different encrypted ‘disks’ on the same physical disk without messing around with actual disk partitioning.
- Methods to thwart key loggers exist.
- Free.
Even if you have nothing to hide, it is a great utility to have available on your system, even if it’s just for keeping a password list and a list of financial account numbers hidden but readily available.

By: pedro

pedro — Fri, 19 Oct 2007 00:50:54 +0000

#4 I know it’s no consolation, but corruption is a problem all around latin america.

In kuzcoland, if you go nowadays to a mall to buy a wii, you’ll pay the equivalent of $ 715.00. It was more expensive when it came out

By: Tanner

Tanner — Fri, 19 Oct 2007 00:16:18 +0000

FreeOTFE is a free, open source, “on-the-fly” transparent disk encryption program for PCs and PDAs

Using this software, you can create one or more “virtual disks” on your PC/PDA. These disks operate exactly like a normal disk, with the exception that anything written to one of them is transparently, and securely, encrypted before being stored on your computer’s hard drive.
http://www.freeotfe.org/