Quote:
Originally Posted by htismaqe
So then what's your point?
|
Beware, truecrypt may be compromised. See the OP.
Quote:
Originally Posted by htismaqe
This whole conversation has essentially been you suggesting that there's no way to truly secure the open source software space.
|
than you are not paying attention. I am saying that its impractical for an individual to audit code. It requires the watchful eyes of a community.
Quote:
Originally Posted by htismaqe
My counter to that was that it's inherently better than closed-source software because it's open to peer review.
Now you're parroting precisely what I said previously.
|
thats not what you said. you said people should look at md5 checksum and audit code themselves....and not doing that is lazy. thats obtuse.
Quote:
Originally Posted by htismaqe
Then what is practical?
Other than "stop using TrueCrypt" what would be your suggestion for people that need that functionality?
|
1. For those who are using truecrypt currently, than do not migrate to version 7.2 and remain on 7.1a until more information is known.
2. understand your threat level. truecrypt is likely still secure enough for those who are not being pursued by a nation state. Those using truecrypt should always fully shutdown their computer and not use suspended animation such as hibernate.
Use best security practices.
3. Consider migrating to a Linux variant OS if one has not already done so.
4. Any highly sensitive data should be air-gapped, and likely on read only media (run from a live cd).