Quote:
Originally Posted by htismaqe
Then don't use open source software.
|
With open source software at least people have the opportunity to audit code which one does not have with closed source software. Using closed source software requires trust.
Quote:
Originally Posted by htismaqe
You're stance on this, and multiple threads, seems to border on total paranoia rather than anything even remotely practical.
|
please clarify.
My stance on Truecrypt is that it may be compromised. That is not paranoia.
What you suggest (that people should independantly audit code for each version) is not practical.
Quote:
Originally Posted by htismaqe
What would your proposed solution be?
|
proposed solution to truecrypt possibly being compromised?
The Audit of truecrypt has already been paid for, and stage 1 has been completed. Its worthwhile to see what vulnerabilities are found after a complete audit of version 7.1a.
Auditers need to implement a warrant canary in case they receive a NSL to prevent them from disclosing vulnerabilities in 7.1a.
If Truecrypt is found to be vulnerable, than the project should be forked and patched. Till more information is known, users should investigate alternatives.