[tptacek]

Like Charles Dimino, you're not following the point. The security limitations of FDE come from doing crypto at the block layer. If your cryptosystem is giving something that (a) transparently encrypts and (b) mounts as a filesystem, it's block crypto, and shares the same problems as whatever cryptosystem unlocks your boot drive.

The problem is block-level crypto. It has nothing to do with whether it's layered on top of a hardware disk drive.

[diminoten]

You're obsessing over the crypto, but we're talking about the user experience. It's block-level crypto. We get that. No one cares, in the context of this conversation.

What you're not getting is that TrueCrypt offered a particular interface experience and cross-platform compatibility that doesn't exist elsewhere.

[tptacek]

You write as if the whole thread isn't there for people to see, and as if I had somehow responded to something you said rather than it being the other way around. You literally started this unproductive subthread by responding to the comment where I addressed the need for cross-platform things that work like Truecrypt does, and you've tried to built an argument by stipulating that security doesn't matter. Sorry, security is all that matters here.

[diminoten]

http://www.markus-gattol.name/ws/dm-crypt_luks.html

"The term "full-disk/on-disk encryption" is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable operating system partitions."

Are you going to tell Markus Gattol he's wrong? No? Good, let's move on.

What matters here is the security, and the adoption rate of TrueCrypt is/was through the roof, because of how it allowed folks to move encrypted volumes across various platforms without much hassle.

What you wrote seems to intimate there's no actual need or value in moving encrypted volumes across platforms, and that if folks actually want to do that they should just encrypt individually and at a FS level and do so using PGP, which has existed for years, and whose adoption rate and ease-of-use are both, compared to TrueCrypt, through the floor.

The fact is, people want to move encrypted volumes across platforms. It's not more secure than anything else, but it presents a workflow that might actually be more secure, due simply to it's ease of implementation.

You're right, security is all that matters here, and folks aren't going to be secure if it remains impossibly difficult to be secure.

[tptacek]

The reference you just provided, with your "are you going to tell Markus Gattol he's wrong" quip, starts out as follows:

Block-layer encryption, also known as "whole disk encryption", "on-disk encryption" or "full-disk encryption"

I think you're just trolling. Sorry, I didn't even finish reading your comment.

Amusingly (edit: given how you cited it), there is in fact cryptographic stuff wrong in that article.

[diminoten]

> Amusingly, there is in fact cryptographic stuff wrong in that article.

Oh yeah? That it wasn't personally endorsed by you?

[SamReidHughes]

(IMO) In that what it says about what specific things do does not correspond with objective reality. (As a product of the enlightenment I believe that such a concept exists and that correspondence with such is what makes something "wrong" or "right." ;-) If you want to know why, just look at what the article says, then observe objective reality, and see how they differ. The "Salt, Stretching" section is one place to look, it's the only one I really bothered reading.

[diminoten]

It's like I'm talking to a child when I talk to you. I wouldn't bother if you didn't constantly pop up to derail conversations about crypto with your "crypto should stay hard" attitude. I suspect you want crypto to remain impossible to get right just so you can continue to stay relevant.

The rest of my comment frankly wasn't for you, it's for the folks reading what you write and blindly accepting it. At least now they can see how petulant you can be when facing differing points of view.

[YuriNiyazov]

Up until this comment, I thought you might have a point against tptacek, but now it's clear you are trolling. Or at least, not operating under the "give your opponent a charitable interpretation" rule of HN.