Hi Daniel, hi list,
Daniel Kahn Gillmor wrote (28 Apr 2014 16:29:14 GMT) :
> Truecrypt seems to be a popular encryption layer. I'm not a huge fan of
> truecrypt because of their history of cagey licensing and source
> obscurantism (they only publish the latest version of their source
> code). but it can still be useful to read and write to truecrypt volumes.
Fully agreed. TrueCrypt seems to be a must for anyone who needs to
inter-operate with the major non-free operating systems, but we
dislike it to for the very reasons you are mentioning.
We have on our roadmap to Tails 2.0 to replace TrueCrypt (that can
currently be installed, in an opt-in way, at Tails boot) with
something that suit our taste better:
https://tails.boum.org/blueprint/replace_truecrypt/
https://labs.riseup.net/code/issues/5373
We try to (mostly) include tools in Tails that are usable by the
general public, that is integrated with the desktop environment, or at
least providing a GUI. This is why I think that our best long-term
plan is to (have someone) add support in udisks, Nautilus and friends
for cryptsetup 1.6+'s TrueCrypt support:
https://bugs.freedesktop.org/show_bug.cgi?id=70164
If you know people who might be either interested in creating the
needed patches, or able to pull strings so that this task moves higher
on upstream's priorities, don't hesitate suggesting them :)
I'll discuss the shorter-term below.
> I recently discovered tcplay (in main in jessie and sid right now)
... and wheezy-backports, FWIW.
> and it seems to work for me when testing with a trivial truecrypt
> volume. [...] it seems like this might be something useful to have
> available in Tails.
Now that cryptsetup 1.6+ supports the TrueCrypt on-disk format, it's
unclear to me what are tc-play's advantages, apart of being in
wheezy-backports already, while cryptsetup 1.6+ is not.
Note that Tails is still based on Squeeze, so I'm afraid none of these
solutions are usable in Tails right now. Once Tails based on Wheezy is
out (June 10), users can choose to install tc-play themselves from
wheezy-backports if they wish, so the usecase you're talking of is
basically covered.
Now, I'm unsure if it would be worth installing tc-play by default, as
1. it cannot fully replace the "real" TrueCrypt yet; 2. most users who
have the skills to use a command-line tool are also able to install
tc-play themselves; and 2. I hope we can replace it with
a udisks-integrated solution later.
Thoughts?
Thanks a lot for your input,
cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc