[diminoten]

No it's not, I use TrueCrypt all the time but not to encrypt my disk. Are you talking about the volume-level encryption TrueCrypt offers?

Are you really trying to suggest the world shouldn't have a tool like TrueCrypt out there?

[tptacek]

I have no idea why you think it's productive to litigate the difference between "block-level encryption" and "full-disk encryption", but if it makes you feel better we can just pretend we switched the terms, because my point applies equally to them --- they're synonyms.

I also have no idea where the "I'm telling the world there shouldn't be a tool like Truecrypt" came from. I think you've misread me.

[diminoten]

I never said you were telling the world anything.

I'm asking you a question to clarify your stance.

[diminoten]

And yes, there is value in noting the difference between block-level and full-disk encryption, mostly because they're different.

[tptacek]

Interesting. How?

[diminoten]

Size, software used. The crypto might be the same, but this isn't just about the crypto itself.

[kngspook]

If you're talking about a security product -- which TrueCrypt is -- the first metric you have to concern yourself with is: does it keep you secure? The user experience and the adoption and the performance and all that other fun stuff is irrelevant if the product doesn't do the one thing that every user unequivocally requires of it.

So yes, it's not just about the crypto...when the crypto works. But when the crypto is insecure, which is what tptacek is saying, then yes, it is ONLY about the crypto.

NB: I'm plenty qualified on UX and general technical matters, but on whether crypto is secure, I defer to the experts.

[diminoten]

No one knows about they cryptographic integrity of TrueCrypt, as the person/persons actually doing the work only got their act together today.

http://blog.cryptographyengineering.com/2015/02/another-upda...

My only point has been that Thomas, et. al. have been telling us we don't want something like TrueCrypt, despite the fact that we very clearly do. His suggestion of "just use PGP and FS level encryption" is absurd, but NOT from a crypto standpoint (I, like you, defer to Thomas and the other experts on the integrity of the crypto itself). It is, however, absurd from a UX/workflow standpoint.

[diminoten]

I changed my comment somewhat, because you're being very squirmy, as per usual.

Do you think something like TrueCrypt shouldn't exist?

[tptacek]

I'm not being "squirmy". You're playing a semantic game with the word "disk". The technical issue with FDE is that it works at the level of blocks, and so lacks information about message boundaries or the storage flexibility needed to (a) randomize the encryption and (b) store authenticators. Encrypt a physical disk, encrypt a file that pretends to be a mountable volume, same issues.

I get that not everyone understands the technical issues in designing storage encryption, but don't take that out on me.

[diminoten]

Yours is a hilariously catty response to a fairly benign question.

[tptacek]

Says the person who wrote "Are you really trying to suggest the world shouldn't have a tool like TrueCrypt out there?"

[diminoten]

Yes, that is literally the sentence I wrote, and a sentence you never responded to.

[AngrySkillzz]

Full-disk encryption is block-level encryption. If you're using TrueCrypt to encrypt anything, you're using block-level encryption. There is no functional difference between them. If you are not encrypting your entire disk, then block-level encryption is a bad idea because 1) it doesn't provide authentication, and 2) block-level encryption (using strategies like XTS) is not as strong as regular authenticated encryption using CBC and a MAC or whatever.

If you're not using TrueCrypt for full-disk or full-volume encryption, you'd be better off using basically anything else. There are plenty of cross-platform tools for doing that kind of thing.

[tptacek]

Pedantic, but hopefully in a fun way:

Authentication is the biggest problem with sector-level crypto, but the other technical problem with encrypting sectors is that you don't get a place to store the metadata you'd need to randomize the encryption, and so you lose semantic security as well. If you squint at it the right way, XTS is the ECB mode of sector-level (wide-block) crypto schemes.

[diminoten]

Can you name some of those cross-platform tools?