Author: Jasper Date: To: tails-dev Subject: Re: [Tails-dev] GUI for encrypted volumes from LUKS/TrueCrypt
container files
sorry, intented to drop in on irc for a while, but being a bit busy atm.
spot on with the clarification between the TrueCrypt application and the
encryption format, let me in turn clarify the difference between
encrypted partitions and encrypted containers
tltr:
partions put another level of abstraction between user and use case - a
difficulty that a vast majority of the users wont be able to handle
unless you provide first class (graphical) support .. see the evolution
of installers for linux distros as an example: partitioning is so much
easier nowadays but it is still the main hurdle for people to give
linux a try. most users dont fully understand partitions and are afraid
to break things
from the users perspective, the TrueCrypt format is similar to FAT32 -
probably the worst of all widespread disk encryption formats (especially
if you dont use keyslots) but also the only one thats accessible from
windows, osx and linux alike. odds are this wont change anytime soon.
regular users wont be able to use TrueCrypt containers/partitions
without a GUI - your documentation on how to use containers on the
command line is fine, but only for the ~5% of users that have to
confidence to actually use the command line
while I share your concerns about alienating users with too many
different GUIs, right now you only (graphically) support luks
partitions, not luks containers. what probably adds to the confusion is
that the TrueCrypt format is rarely used with partitions (although you
can do that as well) but mostly with containers. the name might sound a
bit more general but luckyluks is only about luks containers - since
luks partitions are already covered eg by udisks2/gnome disks
advantages of encrypted containers:
-> No need to deal with partition table wizardry when creating an
encrypted container, you basically create a file on a harddrive, it
doesn't matter if its an internal one or an external usbstick etc..
-> Backup is straightforward as well, just copy the file somewhere else
-> sharing confidential information: again, copy the container
file. similar to gpg encrypted archives but easier to handle:
unlock/view or modify data/lock again
-> You can easily add some encrypted private data to an unencrypted
external harddrive without repartitioning
-> Lots of users are already quite familiar with all this, because
their first touch with data encryption has been TrueCrypt which uses
the encrypted container approach
advantages of encrypted partitions:
-> partition tables can be scanned automatically, so integration into
automounting tools can be possible
there is support for encrypted (luks, encfs) partitions in automounting
tools because it is straightforward to implement. unfortunately with
encrypted containers/partitons using the TrueCrypt format this is not
possible. they can only be verified as such if you successfully open
them with your password. btw, that would probably be the answer if
somebody from the udisks team finally finds some time to respond to the
bugreport from 2013 you've been referring to
hope you dont feel like I want to sell you a tool just because I put a
bit of effort into writing it ;) if I'd like to promote anything it is
the reduced complexity that encrypted containers offer for casual
users. maybe give it a thought - happy to discuss things
cheers,
jasper
On Thu, 19 Mar 2015 19:48:15 +0100
intrigeri <intrigeri@???> wrote:
> Hi,
>
> sajolida wrote (10 Mar 2015 16:08:41 GMT) :
> > We had been trying to get rid of TrueCrypt for many reasons and for
> > years before we actually managed to do so in Tails 1.2.1. So I'm
> > pretty sure that we don't want to make it easier for people to go on
> > using it.
>
> I think you're mixing up "using the TrueCrypt software" and "using
> TrueCrypt volumes". Let's clarify.
>
> We stopped shipping the TrueCrypt software for good reasons, but we
> still support TrueCrypt volumes (as you know, since you wrote part of
> the documentation). For interoperability purposes (not mentioning the
> "hidden volume" feature, which I'm less sure about), IMO it would be
> good to support such volumes graphically.
>
> Now, introducing yet another frontend would feel inconsistent IMO
> (especially one that also supports LUKS, that we already have good
> support for) => I believe the needed support should be added to
> udisks first (that's #6337), so that GNOME Disks can support it as
> well some day, in the very same interface as LUKS :)
>
> Cheers,
