Truecrypt vs. PGP/Drivecrypt

[anonymous22x]

Okay please no b.s. like "why are you do concerned about security?"
I have read numerous books on how pgp and drivecrypt has kept law enforcement agencies away from information, but is truecrypt as secure as pgp or drivecrypt? I have to assume that if it is using the same encryption algorithms the it should be if there are no back doors right? Are there any stories to prove truecrypts reliability?
Thanks

 

[anonymous22x]

So key me rephrase that one sentence
If there are no back doors and they are using the same encryption algorithms the shouldn't they be Basicly equal?

 

[Automata]

If there were backdoors, they would be public. PGP should cover pretty much anything you want. If I wanted to hide something, I would use Truecrypt. You can choose the method that it uses to encrypt the partition, AES is the default. I encrypt the hard drive on my laptop, because it is portable. I have sensitive information that I don't want someone to steal, if it was stolen. I don't use Truecrypt for this. I use dmcrypt.

If someone wanted the data on the drive, they would take other routes that are easier than cracking a password; such as stealing the key, or in the case of the government, hold you in contempt.

I would like to remind everyone that while this topic was created within the rules, it could easily step over the line, so please watch what you type.

 

[anonymous22x]

Thanks, I would either do a fde or a hidden volume but I would be using truecrypt because I did a few test runs on virtual machines and I liked truecrypt a lot

 

[TalRW]

If there were backdoors, they would be public.

Where does this come from? PGP corp is owned by symantic (since 2010) and it is proprietary software. There is no access to source code for the program. I don't know how you can guarantee that if there are backdoors it would be public without the source code. The encryption algorithm itself may be sound but that doesn't mean the whole software program built around it won't have backdoors in it. And without the code there is no way to tell.

You may be thinking of GNU Privacy Guard (GPG) which is a free software implementation of the openPGP standard.

 

[Automata]

That is a take on it that I didn't think of. I also didn't know PGP was not open source. That is good information.

 

[TalRW]

That is a take on it that I didn't think of. I also didn't know PGP was not open source. That is good information.

Actually I dove deeper. I was wrong about the source code apparently not being available. Symantic does have the code available for peer review. It may be "open-source" in the sense that the source is available but it most certainly is not free software. Just a quick glance over that license they make you agree to before you can get the source says you can't create derivative works and you can't run it for any purpose you want (section 1 of license), you can not create copies of the software, and you can't share copies so it violates all 4 freedoms of what is normally considered free/libre software.

And while I don't agree with the philosophy of "open source" it doesn't even meet the OSI's definition which require derivative works and redistribution.

 

[h4rm0ny]

Actually I dove deeper. I was wrong about the source code apparently not being available. Symantic does have the code available for peer review. It may be "open-source" in the sense that the source is available but it most certainly is not free software. Just a quick glance over that license they make you agree to before you can get the source says you can't create derivative works and you can't run it for any purpose you want (section 1 of license), you can not create copies of the software, and you can't share copies so it violates all 4 freedoms of what is normally considered free/libre software.

And while I don't agree with the philosophy of "open source" it doesn't even meet the OSI's definition which require derivative works and redistribution.

It depends a bit how old you are, I think. Open Source merely means that you can view the source code for yourself if you want to. Libre or Free software is the stuff that is licenced for anyone to use and re-distribute, such as under the GPL v2 or v3. But as often happens when terms move from the technical arena into the popular consciousness, people muddled them up. Because software such as the Linux kernel was both Open Source and Free software (free as in speech, not free as in beer), a bunch of loud people started using them interchangeably. Does it annoy you when an old person refers to a monitor as "the computer"? Same thing.

It's possible that the OP was referring to GPG, not PGP. GPG is Libre software. But TrueCrypt, PGP, GPG, all share some of the encryption algrorithms in common. But differences lie in how they're used and how friendly they are. For example, if I wanted to give a tech-lite person a means to encrypt their data (as I've had to sometimes), I gave them TrueCrypt, because they could run it on any computer they accessed and it gave them a nice drive letter like they were used to. Far less faffing around, imo.

But in terms of security, they should be all equivalent, barring some flaw in the way they implement the encryption algorithms, different default key lenghts, whatever.

Hope that helps.

 

[ihrsetrdr]

I searched OCF to see what has been said about "truecrypt"

[necroposting acknowleged]

...this in response to having heard earlier today on the radio, a segment on Leo Laporte's show regarding truecrypt, and the movement to do an audit.

truecrypt article

truecrypt audit ink

I actually was looking for comments suggesting equivalent software, and see that dmcrypt would be one.