truecrypt

Discussion in 'Mac Apps and Mac App Store' started by ring, Mar 9, 2012.

Most Liked Posts
  1. ring, Mar 9, 2012
    Last edited: Mar 23, 2012

    ring macrumors regular

    Joined:
    Nov 17, 2011
    #1
    If the website providing a download isn't secure, doesn't that mean the ISP can cache an evil FBI version of truecrypt? With the use of subpoenaed proxy caching?

    How do you know you are getting a real version? Couldn't some corrupt powerful agency force your ISP to cache an evil version, or force them to intercept anybody's legitimate traffic, and replace it with a bad version (with a backdoor installed)? I use truecrypt for all my personal backups, financial documents, and school documents, and I don't want an insecure version "protecting" them.

    - Truecrypt doesn't use SSL, or any web encryption. How can we know that the download we are receiving doesn't have any backdoors (RIAA backdoors, MPAA backdoors, third-world-government backdoors, etc?)

    - They offer a .sig PGP verification, but I don't know how to use this...

    Am I missing something?

    [​IMG]
     
    share
    + Quote Reply
  2. miles01110, Mar 10, 2012

    miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #2
    You don't, and honestly it doesn't matter a single bit. If the FBI or RIAA wanted information "protected" by your TrueCrypt install, they would go and get it from another source (like your bank or ISP).
     
    share
    + Quote Reply
  3. ring, Mar 23, 2012

    ring thread starter macrumors regular

    Joined:
    Nov 17, 2011
    #3
    Well, If you download the necessary files from their website, you can do a PGP/GPG verification of the .DMG download (using the .sig file, and the truecrypt team's ASC public key)


    Is this correct?
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page