[nycbug-talk] password repository

Chris Snyder chsnyder at gmail.com
Wed Dec 30 16:26:56 EST 2009


On Wed, Dec 30, 2009 at 3:37 PM, Isaac Levy <ike at lesmuug.org> wrote:
> On Dec 30, 2009, at 2:50 PM, Chris Snyder wrote:
>
>> On Wed, Dec 30, 2009 at 2:35 PM, Okan Demirmen <okan at demirmen.com> wrote:
>>
>>> truecrypt is analogues to disk/volume encrypting bits we already have in
>>> bsd - but it doesn't help if this image is mounted on a server
>>> somewhere..and say someone doesn't un-mount it after use...
>>
>> Sort of. The point of using something cross-platform is that devs /
>> admins mount the image locally on their Win/Mac workstations. And you
>> don't need to explain openssl to the Windows guys...
>
> Just to be clear- Is that the only benefit of Truecrypt, Windows
> compatibility?  I've never used it and I'm just curious...  (perhaps I
> should *try* it)

For this, yeah: Mac/Win/Linux compat and GUI.

TC has a plausible-deniability mode that embeds an image within an
image, so that in theory you could give out the "outer" password if
someone held a gun to your head, and keep the inner password secret.

By the way, I'm not sure if they use a password salt or not, I seem to
recall warnings about saving .tc files in version control because they
might leak info if attacker has many versions of the same file. For
that reason alone the openssl approach is better if you're a unix
shop.



More information about the talk mailing list