Fucking Truecrypt I'm getting rid of this shit

[Bart the General]

Files keep randomly disappearing if I leave them open and let computer sleep. Probably taken by your grandmother through that $300 device that takes gets the keyfile if you let your computer sleep with truecrypt open. Oh well, nothing of interest would be found but it's just annoying, shitty and I don't even trust 7.1a after the warrant canary sounding thing. Fuck bitlocker though, I don't trust that windows created shit either. I guess I'll get it if nothing else is out, just for encrypting text files, nothing else really.

What's the best alternative to this piece of shit?

[aldra]

posted before, but I'll condense:

1. truecrypt definitely does not work with hibernation mode, and I'm fairly certain sleep mode with open encryption containers will fail to save all changes before they're closed. I suggest not using either.

2. the most likely reason the original TC project was shut down (I believe there are forks you can try now) was hinted at in the early stages of the code audit - the code was messy and inefficient, and due to consistency in coding style and similarity of code used in functions throughout, indicating it was likely the work of a single anonymous coder. from there, one of two things: S/He was either angry and offended by the people constantly calling him an NSA shill, to the extent that enough money was raised (30k?) to run a full code audit on. Either that or he valued his anonymity, and was afraid that further analysis may reveal enough about him to be identified. To this day there have been no major security flaws or any intentional backdoors detected by the professional audit.


3. He recommended BitLocker because, being native Windows software, it tends to be a lot more efficient than third-party encryption solutions. In terms of it being untrustworthy for being released by Microsoft, true - but if you're running Windows and it's compromised, any software you run on top of that is inherently insecure,

Consider a a hacker or child pornographer who has sensitive data they want to keep encrypted - every time they decrypt the file, they need to enter their passphrase, load it from a file or load their private key in order to decrypt the data. If it alphabet agency has access to the underlying operating system, they have access to intercept any keys that are loaded or transferred in memory, regardless of which software you use.

TL;DR: BitLocker isn't the problem, Microsoft's underlying security methodology potentially undermines any software encryption solution running on it.

I believe DM-CRYPT/LUKS is the defacto standard for lunix/bsd, but it has very limited support in Windows. You can mount, read and write to LUKS volumes with FreeOTFE (which is outdated as fuck, but I think it still works).

[Bart the General]

DM-CRYPT it is, thanks man, I just thought it was weird because the audit hadn't found anything irregular in the code, apparently it was like 50% done when they made that fucked up warrant canary sounding thing.

[redsky]

I use LUKS/dm-crypt full disk encryption on all my systems. IMO it's more secure than TC, largely because you can set a very high PBKDF2 iteration count to significantly slow down brute force/dictionary attacks.

If you're doing system encryption, you'll need a small (200-500MB) unencrypted boot partition to hold the kernel and initramfs, and likely some knowledge of LVM.