70
31
I have been using TrueCrypt for a long time now. However, someone pointed me to a link that described the problems with the license.
IANAL and so it really didn't make much sense to me; however, I want my encryption software to be open source — not because I can hack into it but because I coan trust it.
Some of the issues with it I have noticed:
- There is no VCS for the source code.
- There are no change logs.
- The forums are a bad place to be. They ban you even if you ask a genuine question.
- Who really owns TrueCrypt?
- There were some reports of tinkering with the MD5 checksums.
To be honest, the only reason why I used TrueCrypt was because it was open source. But however, some things are just not right.
Has anyone ever validated the security of TrueCrypt? Should I really be worried? Yes I am paranoid; if I use an encryption software, I trust it with all my life.
If all my concerns are genuine, is there any other open source alternative to TrueCrypt?
4Great question. I'm concerned as well, and particularly troubled by the anonymity of the authors (making it impossible to assess what their motivations might be). I only take (some) comfort from the positive references Bruce Schneier has made to True Crypt on his blog, despite having an business interest in a competing product, thought those have been narrow and limited. – Will M – 2010-07-15T20:32:45.943