Author: sajolida Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
intrigeri wrote: > * "You can open most standard and hidden *TrueCrypt* volumes using the
> `cryptsetup` command line." <-- s/command line/command line tool/
> would be more accurate, I think.
See 6c266c5.
> * "losetup [device] [file]" <-- s/device/loop/, or s/loop/device/
> above. I think that the latter is better, as "[device]" is used
> consistently everywhere else.
See 4abf3d5.
> * "mkdir /media/[name]" <-- on Jessie, there is another level in the
> namespace, taken by the username, e.g. /media/amnesia/[name].
> Maybe directly do "mkdir -p /media/amnesia/[name]" to make the
> transition to Jessie a bit smoother? It might break the great bonus
> bit that you've added, about having the device appear in the Places
> menu, though => needs to be tested. If we go this way, then other
> bits of the doc need to be adjusted accordingly.
Adding an extra subfolder breaks the magic in Wheezy. So I instead
created ticket #7919 so we remember to do that in time for Jessie.
> * The explanation why one should close the TrueCrypt volume was
> removed. I'm unsure about it. Maybe look into the GNOME
> documentation and see if they give the user any hint why unmounting
> filesystems is useful, e.g. before removing the backing device from
> the system?
I replaced it originally by "safely remove" which is the usually
shortcut on most interfaces. But now I added an extra sentence copied
from the Nautilus documentation with 738d9ff.
> * In the provided example, the file container is stored in the Tails
> persistent volume. I believe this is a very rare usecase, and giving
> as the only example one with two levels of encryption can be confusing.
> I think we should instead use /media/myusbstick/mytruecryptcontainer,
> or similar. My understanding is that this is how people use
> TrueCrypt in the real world.
See 3890859.
>> I put Tails
>> 1.2.1 in there but feel free to change it for Tails 1.3. I'm still in
>> favor of allowing a bit more time for our users to learn that new
>> technique before being on their own. But 1.2.1 would work too.
>
> I don't think I can argue on this any further without repeating myself :)
I know, that's why I prepared it for 1.2.1. Let's wait for anonym to
answer :)
>> - You said "most standard and hidden *TrueCrypt* volumes", which volumes
>> wouldn't be covered by this technique? If there is any short way of
>> putting it or external documentation then it might be worth pointing to
>> it. Otherwise people who might failed will following our instructions
>> might think it is because of that "most".
>
> The "TCRYPT (TrueCrypt-compatible) EXTENSION" section in the
> cryptsetup(8) manpage [1] has the details. Specifically, what's not
> supported is "legacy cipher chains using LRW encryption mode with 64
> bits encryption block (namely Blowfish in LRW mode".
Thanks to the very detailed Wikipedia pages on TrueCrypt and TrueCrypt
release history I identified that this was only true for TrueCrypt 4.1
to 4.3 so I added this an extra info and got rid of the "most".
>> But I'm doubting whether say "*loop device*" (with the *s) instead
>> of "device" in that step.
>
> I would do that everywhere in this step (without the *s*).
See a1625b2.
> The fact we use [device] in the command lines in step 3 should be
> enough for the reader understand that the "device" referred to by
> [device] in step 4 is the "loop device" referred by [device] in
> step 3, I think, so IMO step 4 can be left untouched.
I think that this is now ready for a final review and merge by anonym.
Updated the ticket #5373 accordingly.
