Hi all,

I used to use Truecrypt and loved it. I would use it on Windows, Mac and Linux.

Now, Truecrypt is no longer available.

I would be interested in any suggestions and feedback on free encryption software, perhaps something similar to Truecrypt, or other alternatives if not.

Thanks in advance,

rm

http://www.spi.dod.mil/ewizard.htm

Uses passwords for encryption. I'd consider this source as dubious as far as truly private encryption.

Many thanks habitual. I'm not sure about what you mean in your message.

You are recommending Encryption Wizard as a free, multiplatform encryption tool. Is that right?

I don't know what you are referring to when you say "this source". Could you explain?

Many thanks,

rm

Yes.

The United States Department of Defense is a "cousin" of the NSA IMO.

You are very welcome.

Lifehacker had a writeup of varoius encyrption software

http://lifehacker.com/5677725/five-b...cryption-tools

Current forks of Truecrypt:

stable version available:
http://veracrypt.codeplex.com/

in alpha:
https://ciphershed.org/

Personally, I still use TrueCrypt. I am not trying to protect info from the NSA. I encrypt things like my Christmas shopping list, so the family won't see it. For that use, TrueCrypt - even if it is flawed or contains an NSA backdoor - is fine IMHO. Overkill actually. I think I could defeat my family if I ROT13'ed the list...

The problem is, is there really ANY encryption product that is easy to use, ultimately secure, cross platform, that will be supported indefinitely? I think not. I also fear that newer offerings are probably MORE prone to have an NSA backdoor inserted than older stuff (that's just paranoia speaking, I have no proof). But then, older products have most certainly already been cracked by the NSA. If you really have need for NSA-proof level security, I'd say to encrypt with whatever software you like (reasonable at least), then split the resulting file up into ten chunks - every tenth byte going to a particular chunk. Then ship each of those chunks off to a different corner of the globe (not by electronic means - by courier pidgeons carrying hand-transcribed written copies of each chunk). Then destroy the computer used to create the encryption and chunks in a blast furnace. To decrypt, first you have to gather the written notes, hand-transcribe them back into a single file, then decrypt. ONLY THEN, will the NSA be able to view your Christmas shopping list.

All things considered, I think it's very hard to beat GPG. There are peer-reviewed implementations for every platform, and the architecture of the total system is very well thought-out ... not only in terms of the encryption itself, but (much more important, really) the handling of content-signing and keys.

At the end of the day, you usually have to transmit encrypted data somewhere, possibly many megabytes of it, maybe sending it to someone you've never met. You need to know that the data as-received exactly matches as-tendered, and the recipient needs to know that the data came from you. You need to make "merely guessing a password" nowhere near good enough to get to the data. And so on.

And, "okay, okay, spooks can still get to it." But spooks and law-enforcement officers really aren't what you're protecting your data against.

While the OP is unclear of the purpose of the encryption software, there is a reference to truecrypt, so they are likely looking for block level encryption.

Also, evidence is supporting the fact that "spooks" cannot get to files encrypted by gpg (or pgp). In this istance, I am referring to "spooks" as agents of NSA.
Now, if you leave your gpg messages unencrypted somewhere on a encrypted filesystem, that is no fault of gpg.

GPG, without a doubt. However, tcplay does seem interesting for containers:

https://wiki.archlinux.org/index.php/Tcplay

how is this different than using 7-zip and saying encrypt with aes-256 ?

my guess is the public version you can download without a cac or .mil email is the one with the backdoor in it.