Would you like to put money on whether my opinion about Truecrypt is identical to Matthew Green's and Kenn White's, or would you like to include them in your critique?

It's amusing that you feel you've "wrung out" of me something one of the few things I've recently blogged at length about.

Then why are any of you three working on it if you all think it's dangerous to promote its use?

You've blogged, "Don't use TrueCrypt"?

I've already answered that question, directly, on this thread.

And no, I blogged "don't use sector-level crypto". In a post literally titled "You Don't Want XTS". Under the subhed "Disks Are The Last Thing You Want To Encrypt". As in, "the last thing in the world".

The first sentence of your own article says:

> This piece is written for software designers, not end-users. If you’re an end-user looking for crypto advice: use Truecrypt, use Filevault, use dm-crypt

This is apparently where you stopped reading.

It's a great write-up, I read the whole thing. You clearly understand the domain well.

I really just don't get why you'd, in one breath, decry XTS, and then in that same breath, recommend people use TrueCrypt, which is, as you call it, "the best-known implementation of XTS".

Maybe just lead me to the water on this one. It's really the only thing left unresolved in our conversation.

Block-level encryption is a terrible, terrible approach for many reasons (which 'tptacek has referenced a million times). However, Truecrypt is the best such implementation, and it's a required approach in certain cases. You should be doing crypto at the application/filesystem level; if you can't, use Truecrypt. This isn't contradictory advice.

This is like, 89% of what I think (I don't think TC is the best, but it's not the worst).

What's weird to me is why we have a gigantic thread dedicated to the precise nuances of what I think about Truecrypt. Isn't this incredibly boring?

I didn't conduct phase 1 of the audit, and that's not precisely what I think.

Then you're right, it's entirely uninteresting.

That's not just what he said, he also said, "By encouraging people to rely on tools like Truecrypt, you are, in a very small but real way, endangering them."

You also completely changed the comment I originally replied to. I much prefer your new comment, though my fundamental issue with the fact that you're working on the audit of software you think is dangerous to promote remains.

No, I did no such thing.

I don't know what you think you're accomplishing by saying "nuh uh" like this. You've done it a few times, and I don't understand, in any of these cases, why you think anyone would think you'd say otherwise.

If you'd care to elaborate beyond, "nuh uh", I'm sure we'd all be glad to hear it.

The "No you haven't" was in regard to the fact that you haven't answered why you're involved in TrueCrypt at all, if you don't think it should be used.

Yes, that's what I thought you meant. Perhaps reread the thread.

Well, you have edited a lot of your comments, so perhaps you did include this information in a later edit?

Edit:

Having re-read the thread, you haven't explained why you're involved in the TrueCrypt audit, or why you recommend folks use TrueCrypt if you think XTS is bad.