Daniel Kahn Gillmor wrote (28 Apr 2014 21:31:42 GMT) :
> looks like cryptsetup still won't be able to create truecrypt volumes,
> though.
> [...]
> the main advantage of tcplay seems to be volume creation.
Ah, right. Thanks for the info, added to the blueprint.
Then, perhaps we could install tcplay on Tails/Wheezy anyway.
The advantages I see would be:
1. in the current state of things, it allows people who prefer to use
tcplay than the TrueCrypt software to do so;
2. in the future, once we replace the TrueCrypt software with
a udisk-based approach, the inclusion of tcplay will mitigate the
feature-set regression brought by this change (the udisk-based
approach will likely not be able to create TC volumes).
OTOH, it seems to me that most usecases of TC volumes are about
interoperability with major non-free OS, so assuming one is
comfortable unlocking a TC volume (created in Tails) using one such
OS, then why not use it as well to create the volume in the first
place. With this in mind, including tcplay could be seen as a mere
temporary measure, aimed at addressing #1 only, and valid only until
we ship a version of cryptsetup that supports unlocking TC volumes on
the command-line (Tails/Jessie, or cryptsetup 1.6+ in
wheezy-backports). But then, if we go this way, perhaps it would be
worth skipping the tcplay step and jumping directly at a cryptsetup
backport attempt.
Thoughts, volunteers?
(I'm aware I am entirely ignoring the "plausible deniability" usecase
of TrueCrypt volumes here. This is because 1. this has never been
a reason for us to ship TrueCrypt; 2. IMO this would be better solved
by #5929, aka. "Create encrypted TailsData by default".)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc