27 replies to this topic

[ikon]

TrueCrypt is open source. The source is freely available and has been examined by the community. KeePass is also open source, and has also been examined. The same goes for Linux and dm-crypt/LUKS. While nothing is 100%, and he is correct in that, Scott's comments came across as "well, the gov can probably do it". I don't buy it. We know of two, national level attacks against encryption, that failed. One was the Nicodemo Scarfo case, where the FBI had to resort to a keylogger called 'Magic Lantern' to get his PGP passphrase. (Interestingly, in that case, Symantec went on record as stating that they *wouldn't* detect Magic Lantern...nice huh?) The other is a recent case of Brazilian banker Daniel Dantas. The FBI had his hard drives for close to two years and could not get in. So I really wish Scott would have said something like "Unless you've examined the source yourself, you're relying on the community to indicate that there is no back door with open source software. In the two cases we know about, there wasn't". Great show though, thanks.

N

I had much the same thought about his seeming to make encryption cracking 'simple'. I have heard of other cases where national security services have been unable to crack some of the better free crypto utilities. The podcast was fantastic, and Scott knows an amazing amount about hard drive technology, but even he said he's not a crypto expert.

[timekills]

I understood his comments differently. He said breaking encryption is a losing game because unless you have the back door access it's basically not worth the time. The government sees encryption as a trade off. Any encryption can be broken, but is the information still valuable once you finally accomplish the decryption. I won't comment on any abilities or back doors because regardless of what I or anyone else uses or (thinks they) know it is a constantly changing game. I think that was his point.

[ikon]

I understood his comments differently. He said breaking encryption is a losing game because unless you have the back door access it's basically not worth the time. The government sees encryption as a trade off. Any encryption can be broken, but is the information still valuable once you finally accomplish the decryption. I won't comment on any abilities or back doors because regardless of what I or anyone else uses or (thinks they) know it is a constantly changing game. I think that was his point.

Interesting perspective. Thanks for posting it.

[ImTheTypeOfGuy]

Is it just me or is N_Nescio speaking in another language?

I guess I am going to have to listen to this one.

[no-control]

I understood his comments differently. He said breaking encryption is a losing game because unless you have the back door access it's basically not worth the time. The government sees encryption as a trade off. Any encryption can be broken, but is the information still valuable once you finally accomplish the decryption. I won't comment on any abilities or back doors because regardless of what I or anyone else uses or (thinks they) know it is a constantly changing game. I think that was his point.

Agreed, pretty much exactly how I understood his comments about encryption.

[awraynor]

Great podcast, looking forward to the next installment.

[pcdoc]

Should be a few weeks.

[ikon]

Should be a few weeks.

E x c e l l e n t