Jump to content

Talk:TrueCrypt: Difference between revisions

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Content deleted Content added
Added some information on RealCrypt for further expansion in the main article
Line 228: Line 228:


:The page (in English) states that David Tesařík registered it, and the applicant was renamed. The topic as written states that he registered it (which appears to be factual). [[User:Tedickey|TEDickey]] ([[User talk:Tedickey|talk]]) 08:41, 18 August 2011 (UTC)
:The page (in English) states that David Tesařík registered it, and the applicant was renamed. The topic as written states that he registered it (which appears to be factual). [[User:Tedickey|TEDickey]] ([[User talk:Tedickey|talk]]) 08:41, 18 August 2011 (UTC)

== RealCrypt ==
TrueCrypt is being distributed by some distributions e.g. Mandriva, or communities around distributions e.g. RPM Fusion for Fedora, or as installers for TrueCrypt e.g. Gentoo. In the case of Mandriva and RPM Fusion they have rebranded TrueCrypt as RealCrypt in order to comply with TrueCrypt License Version 3.0. It would be useful to add this information and elaborate on it in the main article, for anyone who is knowledgeable about RealCrypt and it's implications. It would also be worth updating the information related to the differences between the 2.5, 2.8 and 3.0 licences and the implications they changes in the licences may have for other distributions able or willing to distribute TrueCrypt/RealCrypt.
Some links:
* Mandriva RealCrypt http://wiki.mandriva.com/en/RealCrypt
* RPM Fusion RealCrypt http://rpmfusion.org/Package/realcrypt
* Gentoo TrueCrypt http://en.gentoo-wiki.com/wiki/TrueCrypt
[[User:Stephenjudge|Stephen Judge]] ([[User talk:Stephenjudge|talk]]) 16:36, 5 October 2011 (UTC)

Revision as of 16:37, 5 October 2011

A hoax attack "Stoned bootkit" must be removed

The author presented this as a valid attack. Later it turned out to be a classic hoax (the attack could be performed only by a privileged attacker who has already compromised the system). Only valid attacks may be presented in the article (anyone could create a hoax attack and present it in the article forever).

LogicKey (talk) 16:06, 8 October 2010 (UTC)[reply]

Can you show how it was proven that this was a hoax? Magog the Ogre (talk) 01:51, 9 October 2010 (UTC)[reply]
The attack does not pass the "10 Immutable Laws of Security" test.
http://technet.microsoft.com/en-us/library/cc722487.aspx
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
The author was informed of this fact by the developers but he presented the attack as valid anyway. Therefore, it was a deliberate hoax. LogicKey (talk) 15:37, 9 October 2010 (UTC)[reply]
You are correct, this attack bypasses TrueCrypt's security model. Users should be aware that attacks like this are possible, yet it comes as a surprise to many.
It never claimed to be a "new" attack, it was just making the point that the disk encryption security model does not apply to some significant real-world scenarios. Does this make the attack irrelevant or bogus? No.
In other words, making sure that the threat model applies to their scenario is the user's responsibility. The attacker isn't bound by the threat model -- the user is.
Let's say you leave your laptop at a hotel room for some time, someone sneaks in and tampers with it. What can you do -- yell at the attacker "You nasty cheater! You didn't use a valid attack! Give me back my encryption keys!"... Doesn't really work what way, does it? If they get your encryption keys they've successfully broken the system. -- intgr [talk] 18:54, 9 October 2010 (UTC)[reply]
See my response below. LogicKey (talk) 15:24, 11 October 2010 (UTC)[reply]
I think intgr is right; encryption is meant to keep everyone out, including people who might have physical access to the information that you have created. Magog the Ogre (talk) 02:48, 10 October 2010 (UTC)[reply]
You see that's the problem, users expect encryption to take care of all their data security problems, but it cannot. If an attacker gets physical access to your computer, they can tamper with it, and if you try to use the computer after it's been tampered with, it's game over — because there is attacker's software or their components running in your computer.
It's a fundamental problem really, it's impossible to write secure software on top of compromised hardware. "Law #3" as quoted by LogicKey is true and I'm not disputing it at all. There are multiple ways to achieve this, one is installing a "bootkit" like Stoned, another is adding a hidden hardware keylogger device.
Hence why developers of security software define a "threat model" — a set of circumstances in which the software is secure. Hardware tampering is excluded from this threat model. This threat model is fully documented by TrueCrypt and users should be aware of it, but the consequences usually aren't obvious to users.
What LogicKey is saying that the attack is a hoax because it bypasses TrueCrypt's threat model.
What I'm saying is, TrueCrypt's threat model has limitations and no smart attacker would "follow" the threat model. Like it or not, it's a weakness of the system. Documenting the attack on Wikipedia is actually a service done to users, so they know how easy it is to pull off these sorts of attacks.
Anyway, this was already discussed back in February, in the section #Concerns: The "Stoned" bootkit -- intgr [talk] 11:37, 10 October 2010 (UTC)[reply]
The weakness is a compromised system (it is not a weakness of TrueCrypt). TrueCrypt requires a secure system to work like any other security software.
If you wanted to demonstrate what physical security means, you would not publish an invalid attack on TrueCrypt and claim it is valid (like the author did). TrueCrypt documentation contained section 'Physical security' before this hoax was published. Anybody could create a hoax attack like this one and present it in the TrueCrypt article forever. Therefore, this hoax must be removed. LogicKey (talk) 15:20, 10 October 2010 (UTC)[reply]
If the attack can be executed in a real situation then how you can claim it's a "hoax"? You're always implying this, but nobody is claiming that it breaks TrueCrypt's threat model. Nobody is claiming that the TrueCrypt documentation didn't warn users about the issue.
And even though it was documented, lots of people are still surprised that attacks like this are possible — which very well suggests that TrueCrypt's documentation does a poor job at informing their users (either people don't read it or they fail to draw the right conclusions).
The reason we're covering is here is because there is a significant amount of media coverage about Stoned's relation to TrueCrypt, partly a result of TrueCrypt Foundation's denial of the attack.
Anyway, we shouldn't even be having this "hoax or not hoax" argument because Wikipedia's verifiability policy states:
"The threshold for inclusion in Wikipedia is verifiability, not truth—whether readers can check that material in Wikipedia has already been published by a reliable source, not whether editors think it is true."
I totally agree that the section should be presented more neutrally (covering both Kleissner's and TrueCrypt's positions), but there is enough coverage in sources that it makes no sense to delete it. -- intgr [talk] 16:17, 10 October 2010 (UTC)[reply]
The attack is a hoax because it does not pass the the "10 Immutable Laws of Security" test.
http://technet.microsoft.com/en-us/library/cc722487.aspx
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
The author sent a responsible disclosure message to the developers before publishing the hoax. This proves he presented it as a valid attack. But the attack is invalid (it does not pass the "10 Immutable Laws of Security" test). The developers informed the author of this fact before the attack was published. Therefore, by presenting the attack as valid, the author lost credibility. LogicKey (talk) 15:24, 11 October 2010 (UTC)[reply]
You're going in circles. This argument is totally irrelevant given that we have several reliable sources saying that the attack does apply to TrueCrypt. Please read WP:V, WP:NPOV (or any other Wikipedia policy) and tell me what part of that you can use to justify the removal of this section? -- intgr [talk] 16:55, 11 October 2010 (UTC)[reply]
The "10 Immutable Laws of Security" prove that the is attack invalid. Therefore, this hoax attack can be removed due to the following rule:
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question. LogicKey (talk) 15:24, 12 October 2010 (UTC)[reply]
The article has inline citations that state that Stoned can tamper TrueCrypt's MBR and bypass encryption. The article does not make any claims of "valid attack", however you might try to twist that phrase. -- intgr [talk] 15:29, 12 October 2010 (UTC)[reply]
The author presented this as a valid attack on TrueCrypt. Therefore, at least one reliable source must directly support the attack as valid. The developers declared the attack invalid and the "10 Immutable Laws of Security" prove it really is invalid (the material was challenged even before it was published). LogicKey (talk) 17:30, 12 October 2010 (UTC)[reply]
No — the author presented it as a "bootkit" against multiple versions of Microsoft Windows, which includes Windows disk encryption software TrueCrypt. But I get it, you're going to claim that rootkits and trojans aren't valid attacks either. -- intgr [talk] 17:57, 12 October 2010 (UTC)[reply]
As I already said (and you deliberately ignored), the author sent a responsible disclosure message to the developers before he published the attack. This proves it was presented as a valid attack on TrueCrypt.
Anybody could create an "attack" on TrueCrypt by installing a keylogger. Then he could present the "attack" at Black Hat and attract media attention. But this does not make the attack valid and, of course, this does not mean such hoax should be presented in the TrueCrypt article. LogicKey (talk) 18:26, 12 October 2010 (UTC)[reply]

The TrueCrypt documentation says that you shouldn't leave your laptop unattended, even for a moment. But if the only reasonable attack against a TrueCrypt-protected computer was a hardware keylogger then in practice you could leave your laptop unattended for hours (in a hotel room, to use the classic example), because such a thing is difficult and time-consuming to install. If you don't care about the authorities and think organised crime is unlikely to pray on you then you'd basically be able to ignore of this all as a technicality, since hardware key-loggers are very hard for non-experts to install without leaving clues.

But hardware keyloggers are not the least difficult physical attack. So the question now becomes, what is? Can I leave my laptop for 30 minutes? 5 minutes? One!? This is a question that a Wikipedia should give an answer to, or at least as much of an answer as possible. The fact that TrueCrypt develops don't care about the answer, because their documentation essentially says "one second is already too long", is irrelevant. They are not the target audience of this article. Quietbritishjim (talk) 18:56, 12 October 2010 (UTC)[reply]

Encyclopedia must not consist of hoaxes.
Once again: Anybody could create an "attack" on TrueCrypt by installing a keylogger. Then he could present the "attack" at Black Hat and attract media attention. But this does not make the attack valid and, of course, this does not mean such hoax should be presented in the TrueCrypt article.
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question.
This hoax is not directly supported by reliable sources. LogicKey (talk) 19:36, 12 October 2010 (UTC)[reply]


You say that 'anybody could create an "attack" on TrueCrypt by installing a keylogger'. By mentioning this, you have shown that you've missed my point. If the fastest physical "attack" (quotes added for your benefit) was using a hardware keylogger, then it should be discussed in the article, including the fact that TrueCrypt is not designed to protect against that, and indeed cannot.
Here is the key point: I am not in favour of discussing Stoned because it is a more effective physical "attack" than a keylogger. I am in favour of discussing Stoned because it is faster and easier to carry out physical "attack" than installing a keylogger. Do you disagree with this? Quietbritishjim (talk) 21:02, 12 October 2010 (UTC)[reply]
Whether a hardware keylogger can be installed faster than a software keylogger is hard to determine and is not relevant to the topic. LogicKey (talk) 17:51, 13 October 2010 (UTC)[reply]

It's pretty clear by now that you won't convince us and we won't convince you. So we can agree to disagree here and move on. Wikipedia can still function in the presence of disagreements, that's why we have the consensus policy. I have also presented my reasons above, based on the verifiability policy, to keep the section. -- intgr [talk] 17:04, 14 October 2010 (UTC)[reply]

Only with valid arguments you can win a discussion. You presented no valid arguments. You have no right to revert the edit supported by the arguments presented in this discussion.
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question. LogicKey (talk) 17:24, 14 October 2010 (UTC)[reply]
Just because you refuse to accept any of our arguments doesn't mean that they aren't arguments. So here's one person (you), using a single source (MSDN Technet) that doesn't even mention TrueCrypt — editing against the consensus of several editors, and against several cited reliable sources exclusively on the topic of Stoned and TrueCrypt (iTWire, H-online, heise.de, gulli.de, Black Hat conference).
And frankly there's no point in continuing the same argument ad infinitum; as I said, it doesn't look like we will ever convince you and nor will you convince us. Your edit comment claims "no consensus", but there actually is a consensus and it's for keeping the section.
I don't know why you're quoting the verifiability policy here, the section that you deleted was indeed supported by sources. -- intgr [talk] 18:11, 14 October 2010 (UTC)[reply]
  • The "10 Immutable Laws of Security" is a generic test of a validity of an attack on a security product.
  • The developers of TrueCrypt stated the attack is invalid.
  • None of the sources directly supports the validity of this attack. News sites just inform about a newly reported attack. Black Hat just provides a platform for presentations.
  • Do not use the word "we" when you should use "I".
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question.
LogicKey (talk) 19:03, 14 October 2010 (UTC)[reply]
  • Whether the "10 Immutable Laws of Security" applies to Stoned or not, is your original research/synthesis and is not welcome on Wikipedia.
  • What the authors of TrueCrypt said is a primary source and their use is limited on Wikipedia.
  • But the article never claimed that it's a valid attack either, it reports what is said in the sources.
  • Two conflicting viewpoints should both be covered per WP:NPOV. There's no justification for removing the material that someone disagreed with.
  • You pasted the verifiability policy again and I still don't know why. You could be more helpful by explaining what material in the article is not supported by the sources. In any case this is not justification for deleting the section as a whole.
-- intgr [talk] 20:13, 14 October 2010 (UTC)[reply]
  • The "10 Immutable Laws of Security" were compiled by Microsoft to enable security researchers to quickly determine whether an attack is valid or not.
  • What the developers of TrueCrypt stated is important because it makes the material challenged (see the rule below).
  • When a material is challenged, Wikipedia:Verifiability requires not only that the sources must be reliable but they also must directly support the validity of the material. News sites only report news (they do not directly support the material), Black Hat does not peer review the presentations (it also does not directly support the validity of the material).
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question. LogicKey (talk) 15:25, 15 October 2010 (UTC)[reply]
You are misinterpreting the policy. The verifiability policy applies to content on Wikipedia — not external documents. It doesn't apply to TrueCrypt developers challenging Stoned. It applies to you challenging the "Stoned" section on Wikipedia. The "material in question" refers to what is being said on Wikipedia and the given sources have to support it.
You should be reading the policy as a whole, not clinging on to individual bits and pieces. The very same paragraph you quoted starts out with: "All material in Wikipedia articles must be attributable to a reliable published source to show that it is not original research" — that summarizes the intent of the paragraph. This is also echoed throughout the whole policy.
When multiple sources are in disagreement, there is still no basis to delete the content — Wikipedia should cover all the significant viewpoints; see neutral point of view.
You bring up the "10 Immutable Laws of Security" again, but as I explained above, how it applies to Stoned is your original research/synthesis and thus cannot be used on Wikipedia. Even if it came from a reliable source, it would fall under WP:NPOV and thus still wouldn't be a reason for deleting the section.
The fact that you seem reluctant to do more research on Wikipedia policies, and that you repeat your arguments without responding to my refutal, makes this discussion very frustrating. Truth is, a consensus already exists — you're alone in trying to delete this section. You cannot win arguments on Wikipedia by being the vocal minority. I can withdraw from this argument and that doesn't mean you've "won". -- intgr [talk] 16:28, 15 October 2010 (UTC)[reply]
Wikipedia:Verifiability: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question.
The credibility of the material is challenged (the developers stated the attack is invalid). In this case, Wikipedia:Verifiability requires that the validity of the material must be directly supported by reliable sources. LogicKey (talk) 20:01, 15 October 2010 (UTC)[reply]

LogicKey, verifiability extends to citing hard facts (e.g., George W. Bush is 62 years old), not to invalidating any source which has an interpretation of facts we don't like (e.g., saying the Wall Street Journal is an invalid source for claiming that the war in Iraq was controversial). Your reading of that passage misconstrues it to such an extent that any editor disputing any content could wholly remove the section. And that's simply not correct. Magog the Ogre (talk) 21:12, 15 October 2010 (UTC)[reply]

The basic rule defined by Wikipedia:Verifiability prevents challenged materials from being included in Wikipedia unless they are directly supported by reliable sources (proving the challenge is invalid).
The validity of the attack is challenged but no reliable source directly supports it. Nothing proves the claim of the developers (that the attack is invalid) is wrong and, therefore, the challenge remains valid.
The 2nd paragraph of Wikipedia:Verifiability applies to the material: This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question.
LogicKey (talk) 15:29, 16 October 2010 (UTC)[reply]
I already explained this once, but I will try again: The verifiability policy only applies to material on Wikipedia. You quoted the 2nd paragraph only partially — if you read the whole paragraph, it's clear that your interpretation is not the intended one:
"All material in Wikipedia articles must be attributable to a reliable published source to show that it is not original research, but in practice not everything need actually be attributed. This policy requires that anything challenged or likely to be challenged, including all quotations, be attributed to a reliable source in the form of an inline citation, and that the source directly supports the material in question."
It talks abouit challenging material on Wikipedia, not material in sources. The part that you quoted is simply a clarification of when to add citations: in situations where material [in Wikipedia articles] may be challenged. -- intgr [talk] 15:42, 16 October 2010 (UTC)[reply]
The 2nd paragraph is not only a clarification of "when to add citations". The rule applies to anything challenged or likely to be challenged, including all quotations. It requires that a challenged material must be directly supported by a reliable source (eliminating the challenge). If the condition is not met, the challenged material must not be included. LogicKey (talk) 16:52, 16 October 2010 (UTC)[reply]


Uff guys guys, first of all the TrueCrypt "attack" was just 1 page (not even one page) out of 46 in the Stoned Bootkit paper. Whats special about the bootkit is that you can install it on the encrypted drive without knowing the password. There is no other software that allows you that, you cannot install any rootkit on an encrypted drive and other bootkits will make the computer unusable (the boot process will fail). One point why I criticized TrueCrypt was because they do not secure their own software on a running system (you can simply overwrite the MBR). Thats why the fancy emails with them. But the bottom line is that Stoned was a dedicated "attack" on the TrueCrypt software, thus its worth mentioning here. And multiple law enforcements are using my software already. They get a court order, they install Stoned (and their own trojan) and give back the laptop. Once the suspect logs on, they have the evidence. -Peter Kleissner

FYI LogicKey was banned for edit warring (User talk:LogicKey) so this argument is pretty much over. But thanks for chiming in. :) -- intgr [talk] 15:16, 27 October 2010 (UTC)[reply]

Am I the only one who think that LogicKey and "Austrian software developer Peter Kleissner" are the same person? This section about "Stoned" bootkit are useless! Above section already explains Physical security issues applicable to TrueCrypt. 91.77.254.56 (talk) 11:35, 10 March 2011 (UTC)[reply]

Considering LogicKey was arguing the attack was a hoax and for exclusion of the section about 'Stoned' to the extent of edit warring leading up to a block. And meanwhile Peter Kleissner is apparently the author of the Stoned software and saying it's been used by law enforcement and in particular, saying that in their opinion TrueCrypt's implementation was flawed because didn't even attempt to stop the MBR being overwritten after TrueCrypt had been loaded. It seems rather unlikely they are the same person.... Nil Einne (talk) 23:30, 14 July 2011 (UTC)[reply]

Operation Satyagraha Information should be removed

Until it is confirmed that there was actually something usable on the drive (perhaps the disk was filled with tripe?), that truecrypt (rather than something else) prevented access to it (there are mentions in some articles about another security method), and that the government did not, in fact, decrypt the drive. —Preceding unsigned comment added by 68.165.132.208 (talk) 14:02, 20 November 2010 (UTC)[reply]

How do you expect it to be confirmed? It won't ever be. Also what are these "some articles"?
Per verifiability policy, the current source supports everything that's in the article. If another source contradicts these claims then the contradiction can be covered in the article as well, but I see no reasons to remove it. -- intgr [talk] 16:41, 20 November 2010 (UTC)[reply]

Performance

Let's start a civil discussion about this issue. You're set on emphasizing the *poor* performance of TrueCrypt. Sources being to the contrary, I dispute that point of view. 68.102.20.122 (talk) 22:31, 20 January 2011 (UTC)[reply]

I'm not certain who you mean by "you're", though I can't see the current article as suggesting anything about "poor" performance at all; the article as it was before your changes seemed to reflect the sources listed quite accurately, and in neutral terms. Your edits on the other hand seem to only detail only selected parts of the sources.
I've reverted your change back pending consensus being reached Moonradar (talk) 23:56, 20 January 2011 (UTC)[reply]
Please review this diff of the first time I touched the article. At this point, the only sources on the article at all talked about good performance, so I removed an unsourced assertion about poor performance. It was reverted to re-emphasize TrueCrypt's poor performance. This attitude has persisted, even as I have introduced sources that describe its good performance. Without exception, bits about performance reductions are cherry-picked out of sources, and I'm left with commit comments that state "inherently true," "Overhead still present," as well as some unhelpful standard "Undid..." messages. There was the appearance of an "it's obvious" attitude that led people to not bother to provide sources for statements like "though using TrueCrypt on a drive will still decrease performance." I find that non-obvious, so I've challenged it, with inline tags and commit comments asking for a source to make that case. No one else has added any sources, and every source I've found (excluding blogs) spins its performance in a positive light. And yet, looking at the article, the reader is left with a distinctly different impression.
I feel my latest edit introduced a neutral point of view in an even-handed manner, without plagiarizing Tom's Hardware, without excessively close paraphrasing, and without giving undue weight to lines about performance reduction. Particularly, the line about "power users" is off the mark in an encyclopedic article: the review doesn't say anything about what that means, or how it was measured. The sources themselves spend far more ink talking about good performance, which is reflected in my work. 68.102.20.122 (talk) 00:25, 21 January 2011 (UTC)[reply]
I've attempted a further compromise, rewording what I consider the three most negative parts to be more neutral:
  • "was slower compared to an unencrypted disk" changed to "had a performance impact"; 'slower' implies a judgment not present in the article
No judgment present; it's just simple WP:UPE
  • "on dual-core Core i5-600-series CPU or a quad-core Core i5-700-series chip" changed to "on multi-core systems"; test rig specifics weren't key to that article, only the distinction between multi- and single-core chips
In benchmarking, the test system used is very significant - that's why Toms Hardware details it. The source article doesn't state the difference is between N-cored CPUs
  • "though can still have a noticeable impact in some instances, and power users will complain" changed to "depending on the application"; 'complain' is subjective and tossed in at the last second, and the first clause feels weaselly
Thoughts? 68.102.20.122 (talk) 00:42, 21 January 2011 (UTC)[reply]
That's understandable - I've kept this in, but put back the power users comment as per the source Moonradar (talk) 12:45, 30 January 2011 (UTC)[reply]
You seem to have an axe to grind about this topic. I don't understand how you can read the same sources I'm reading and come to such different conclusions. 68.102.20.122 (talk) 01:40, 31 January 2011 (UTC)[reply]


Hello,
Regarding the sentence "Using a fast multi core processor and a fast system drive, preferably a Flash SSD, makes TrueCrypt almost transparent" which is an excerpt of tomshardware website, I strongly disagree with the assertion that "a fast system drive, preferably a Flash SSD" makes true crypt more performant. The tomshardware review does not provide enough evidence (benchmark with a hard drive, then with a SSD) to validate such an assertion. However, what is sure:
  1. the performance of true crypt is limited solely by the processing capacities of the computer (if the processor can encrypt/decrypt faster than the storage device can write/read, then obviously you wouldn't see a performance degradation due to encryption)
  2. for security reasons, it is not recommended to store a true crypt encrypted file/partition on a SSD or a USB key because such devices use a wear-leveling mechanism to extend their lifetime. The true crypt website states: "we recommend that TrueCrypt volumes are not created/stored on devices (or in file systems) that utilize a wear-leveling mechanism" (http://www.truecrypt.org/docs/?s=wear-leveling). Using a RAID of hard-drives to achieve read/write performance is thus preferable in this respect.
Regards. —Preceding unsigned comment added by 77.194.156.87 (talk) 00:07, 10 March 2011 (UTC)[reply]

TrueCrypt Foundation non-profit status

What evidence is there that the TrueCrypt Foundation is legally a non-profit? I searched for them using GuideStar to no avail. Inclined to remove the "a non-profit organization" phrase unless it is somehow evidenced outside truecrypt.org. Threexk (talk) 16:07, 7 July 2011 (UTC)[reply]

Performance

An IP recently changed the performance section to make it more favourable to TrueCrypt, removing "subjective" text even though it was being quoted from a source, and even though there was favourable unquoted subjective comment in the same sentence ("the performance impact of TrueCrypt on desktop applications is not generally noticeable"). That section already had a citation [1] to back up a claim that TrueCrypt is "almost transparent", when in fact that page says nothing specific about TrueCrypt's performance.

I've tidied up that section a little to try and put objective statements in the first paragraph, and more accurately quote Tom's hardware review in the second. However I'm still very unhappy with this; I don't think Tom's hardware is a reliable source for the claims they make. For a start, they describe TrueCrypt performance in practice, but only test with benchmarks, which are rather artificial. (For instance, I find that TrueCrypt makes Windows 7 thrash it's hard drive for several minutes after a hibernation; this isn't checked by that source, which presumably lets things settle down before conducting a benchmark.) Even worse, they discuss performance over different hardware configurations, but had only tested with one, so this is clearly pure speculation. And this is precisely the stuff being quoted in this article!

I think some more reliable, accurate sources need to be found. Quietbritishjim (talk) 00:28, 24 July 2011 (UTC)[reply]

David Tesařík no longer the owner of the trademark in the Czech Republic

The info on David Tesařík as the person who registered the trademark TRUECRYPT in the Czech Republic should be amended; the registration has been changed to:

(730) Applicant/Owner TrueCrypt Developers Association, LC 375 N. Stephanie St., Suite 1411 Henderson US

This can be seen by doing a search on the pages of the Czech Industrial Property Office, http://upv.cz , specifically at http://isdv.upv.cz/portal/pls/portal/portlets.ozs.frm?plan=English (English search)

http://isdv.upv.cz/portal/pls/portal/portlets.ozs.det?pozk=154085&plan=en (English result)

David Tesařík appears in the Trade Register as licensed for "Advertising, marketing, media representation, translation and interpreting". http://www.rzp.cz/cgi-bin/aps_cacheWEB.sh?VSS_SERV=ZVWSBJVYP&OKRES=&CASTOBCE=&OBEC=&ULICE=&CDOM=&COR=&COZ=&ICO=64907279&OBCHJM=&OBCHJMATD=0&JMENO=&PRIJMENI=&NAROZENI=&ROLE=&VYPIS=1&PODLE=subjekt&IDICO=f5314fa8dff4894b&HISTORIE=1 — Preceding unsigned comment added by 109.232.208.11 (talk) 08:20, 18 August 2011 (UTC)[reply]

The page (in English) states that David Tesařík registered it, and the applicant was renamed. The topic as written states that he registered it (which appears to be factual). TEDickey (talk) 08:41, 18 August 2011 (UTC)[reply]

RealCrypt

TrueCrypt is being distributed by some distributions e.g. Mandriva, or communities around distributions e.g. RPM Fusion for Fedora, or as installers for TrueCrypt e.g. Gentoo. In the case of Mandriva and RPM Fusion they have rebranded TrueCrypt as RealCrypt in order to comply with TrueCrypt License Version 3.0. It would be useful to add this information and elaborate on it in the main article, for anyone who is knowledgeable about RealCrypt and it's implications. It would also be worth updating the information related to the differences between the 2.5, 2.8 and 3.0 licences and the implications they changes in the licences may have for other distributions able or willing to distribute TrueCrypt/RealCrypt. Some links:

Stephen Judge (talk) 16:36, 5 October 2011 (UTC)[reply]