Re: Truecrypt (was: Knoppix 5.0.1)
On Tue, Jun 06, 2006 at 08:11:00PM +0000, cdr wrote:
> Klaus Knopper wrote:
> >You can use transparent encryption under Linux by using the
> >crypto-loopback or loop-aes module. Mounting an encrypted partition or
> >file as easy as clicking on a harddisk icon on the KDE desktop.
> >Even available for Windows via "CrossCrypt", which is doing the same as
> >the Linux crypto-loopback, with a GUI under Windows. See
> >So, apparently we don't need any proprietary crypto software (which
> >would contradict the idea of security anyhow). ;-)
> Truecrypt license might not be "de-riguer" according to some purists,
> but the full source is available for unconditional public download;
> thus the above comment might be considered somewhat unfair. Besides,
> the product has a considerable following, same containers can be
> mounted under both Windows and Linux, it is unique in Windows arena
> by being free (as in beer) and by publishing the complete source and
> I found it to be generally better constructed than any Linux
In general, if there are several solutions to a problem, I prefer and
chose the Open Source one for a variety of reasons, but of course I'm
always open for recommendations and peeking into other software.
You say that TrueCrypt, though its distribution policy is not "entirely"
Open Source in the sense of http://www.opensource.org/, is "better
constructed". As far as I can tell, cryptoloop and CrossCrypt use plain
AES encryption, blockwise, in the standard blockdevice fashion. That is,
technically spoken, a very good construction in my opinion. It is
flexible, fast, efficient. You can build all kinds of GUIs around it,
from the simple one-liner commandline to a complex graphical adventure
game with "next step"-buttons and menus for different options, at your
TrueCrypt uses another, not proprietary but "protected" container around
this standard encryption method, and stores more meta-information in
some kind of headers, which makes a TrueCrypt volume incompatible with
systems that don't have the TrueCrypt GUI and container decoder. It
provides only a single interface to the user, and does not allow you to
simply use KDE's one-click-mount feature via an existing /etc/fstab
entry. Yet, I fail to see the better construction, or advantage to
loop-aes, which is already present in virtually every GNU/Linux
distribution. Please convince me. ;-)
Would it help if I provide a nice graphical GUI for building a loop-aes
partition or file that you then can just click on the desktop? It's
already kind of done, within the "persistent Knoppix image" feature that
allows you to store your working data within an AES256-encrypted ext2
file or partition.
> I'd like to second the suggestion to include it.
That would IMHO mean encouraging people to use a "proprietary" (or
"shared source") software instead what we already have.
Again, please convince me! ;-)