| HN Mirror

Then why are any of you three working on it if you all think it's dangerous to promote its use?

You've blogged, "Don't use TrueCrypt"?

I've already answered that question, directly, on this thread.

And no, I blogged "don't use sector-level crypto". In a post literally titled "You Don't Want XTS". Under the subhed "Disks Are The Last Thing You Want To Encrypt". As in, "the last thing in the world".

The first sentence of your own article says:

> This piece is written for software designers, not end-users. If you’re an end-user looking for crypto advice: use Truecrypt, use Filevault, use dm-crypt

This is apparently where you stopped reading.

It's a great write-up, I read the whole thing. You clearly understand the domain well.

I really just don't get why you'd, in one breath, decry XTS, and then in that same breath, recommend people use TrueCrypt, which is, as you call it, "the best-known implementation of XTS".

Maybe just lead me to the water on this one. It's really the only thing left unresolved in our conversation.

daeken 4145 days ago

Block-level encryption is a terrible, terrible approach for many reasons (which 'tptacek has referenced a million times). However, Truecrypt is the best such implementation, and it's a required approach in certain cases. You should be doing crypto at the application/filesystem level; if you can't, use Truecrypt. This isn't contradictory advice.

No you haven't.

https://www.dropbox.com/s/8qbtybjnxwfu7i0/Screenshot%202015-...

Troll.

You also completely changed the comment I originally replied to. I much prefer your new comment, though my fundamental issue with the fact that you're working on the audit of software you think is dangerous to promote remains.

No, I did no such thing.

The "No you haven't" was in regard to the fact that you haven't answered why you're involved in TrueCrypt at all, if you don't think it should be used.

Yes, that's what I thought you meant. Perhaps reread the thread.

Please stop calling me names.