[Nottingham] Alternative to TrueCrypt?

[Paul]

Personally I am not going to migrate away from Truecrypt right now for
the following reasons :-

1) I use the 7.1a binaries which have been audited and passed as secure
and more importantly have no back doors.

2) The moment you use commercial encryption you open yourself up to god
knows who reading your data without your knowledge. I certainly would
not trust Microsoft, Google, Yahoo or any other company controlled by
the US or UK governments. The law requires the companies to have a
master key.

3) Given the amount of funds raised for the Truecrypt audit there is a
very real possibility there will be a crowd sourced replacement.

4) I have seen all the warning on the sites etc, but what I have not
seen is any evidence of what the exploit is. Given most peoples knee
jerk reactions to the announcement its going to be a field day for the
eves droppers. 

If you really want a belt and braces you could use an encrypted password
manger and store that on a hidden encrypted partion on and encrypted
disk. But remember you should have passwords of at least 20 characters
and a good mix of upper and lower case with punctuation characters mixed
in.

Given the advances in off loading mathematical computations to graphics
processors your actual passwords and keys and the most vulnerable and I
would definitely not be using anything less than a 4096bit ssh and ssl
keys.

My thoughts for what its worth.

      

On Thu, 2014-05-29 at 09:15 +0100, Jason Irwin wrote:
> http://truecrypt.sourceforge.net
> http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/
> http://www.theregister.co.uk/2014/05/28/truecrypt_hack/
> 
> Now that that seems dead, can anyone offer a decent alternative?
> 
> I mostly use it for keeping some passwords and keys secure; the great
> thing about TrueCrypt was the cross-platform and that I could just dump
> the file on to a USB stick. I guess I could use a GNU/Linux-only solution.
>