Originally Posted By: haertig
I take this with a grain of salt. Even if the Truecrypt developers gave it up, and even if there is some security flaw in the existing Truecrypt, I probably won't write it off immediately.

For one, who am I trying to protect my encrypted stuff from? It's not the NSA. And even if I were using Truecrypt and expecting it to stand up against the NSA, that would be quite naive of me to believe that. The average hacker? Chances are they wouldn't be able to exploit any security flaws in Truecrypt, unless a wide-open hole gets so widespread that there is a pre-packaged script for all the "script kiddie" hackers to use. That leaves the common laptop thief. And they probably couldn't decrypt some as simple as ROT-13.


If the NSA want's your stuff, the NSA will get your stuff. I harbor no illusions about keeping anything from them that isn't handwritten on a piece of paper.

What I am trying to protect my stuff against is a semipro civilian hacker. Think about the breaches at Target, Ebay, Citigroup, GE Money, Countywide Mortgages, etc. These were not amateurs.

Also consider data mining viruses like 'Flame'.

And lastly, what happens if your computer is stolen? The tweaker who stole it may not be able to remember his own SS#, but he knows a hacker who will buy it. The hacker can then sell your identity for a nice chunk of change, clear out anything tracable from the computer, and sell it for another couple of hundred. You're out the cost of a new computer and $$$ to fix the damage done when your identity went on the market.
_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane