2009-04-21

truecrypt and it's dangerous license

http://article.gmane.org/gmane.comp.freedesktop.distributions/275

Note especially the last few paras, in particular, "Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free)."  That's pretty strong language for a lawyer to make!  Also read the analysis of the simple clause: "NOTHING IN THIS LICENSE SHALL IMPLY OR BE CONSTRUED AS A PROMISE, OBLIGATION, OR COVENANT NOT TO SUE FOR COPYRIGHT OR TRADEMARK INFRINGEMENT"

My advice: use the normal Linux mechanisms -- dm-crypt, cryptsetup, and LUKS.

Forget about plausible deniability -- that's a load of fertiliser these days, since that feature has been touted so often in so many fora that the fact that you have truecrypt installed can mean they ask you for your second password :-)

If you're on Windows, buy a commercial license (although I suspect that may also have the same clause in it!), or use some competing product, or forget about encryption.

Or use Windows bitlocker :-)  Your data will be very safe.  If your hardware changes in any way, it will be safe even from you :-)