
Did the FBI Lean On Microsoft for Access to Its Encryption Software? - asmosoinio
http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/
======
r0h1n
This post links to the original Mashable article that Boing Boing excerpts:
[https://news.ycombinator.com/item?id=6368367](https://news.ycombinator.com/item?id=6368367)

[Edited to add: do read the Mashable story, because it is _much richer_ and
features significantly more detailed conversations b/w the FBI and Microsoft.]

------
nivla
Hmm.. are there any independent audits done on BitLocker? Since TrueCrypt's
validity is so so and TPM modules cannot be fully trusted, may it be more
secure to run Truecrypt and Bitlocker on top of each other? What other good
encryption alternatives do we have?

~~~
conductor
> What other good encryption alternatives do we have?

If you don't trust TrueCrypt, I would recommend dm-crypt/LUKS (with cryptsetup
front-end) for Linux and DiskCryptor [0] for Windows.

[0] -
[http://diskcryptor.net/wiki/Main_Page/en](http://diskcryptor.net/wiki/Main_Page/en)

~~~
tinco
I don't mean to spread FUD about LUKS, because I think it's great software,
but our team has ran a LUKS setup for a while in production and it gave rise
to vague problems. If you plan to use LUKS, please do test it extensively on
real hardware before going production.

------
nathan_long
...and it sounds like they didn't do it.

A bit of good news for once?

~~~
andyakb
Still not news. This article is nothing new, it simply took a piece from
another article, added a title and called it good. They didn't even really add
any commentary, other than saying one of the sources was their friend.

------
smnrchrds
How long till we hear a similar story about TrueCrypt. Except no one even
knows who is behind TrueCrypt. I hope there was some audited fork or another
software with similar features(esp. hidden volumes) from a reputable company I
could use.

~~~
mariusmg
Why is so important to "know" who is behind TrueCrypt ? They publish the code
and you can inspect it and build it yourself if you don't trust the provided
binaries.

~~~
nivla
The issue is that the source code is too complex to audit personally. Having
no real identity behind it also removes the risk of finger pointing if a
backdoor were to be discovered.

"There has been no known comprehensive review of the source code by a
qualified cryptographer.[46][44] Thorough security code review and testing is
hard, tedious, and painstaking work, and very few people have the skills to do
it. There was, however, a functional evaluation of the deniability of hidden
volumes in an earlier version of TrueCrypt by Schneier et al. that found
security leaks." [1]

[1][https://en.wikipedia.org/wiki/Truecrypt#Reasonable_paranoia](https://en.wikipedia.org/wiki/Truecrypt#Reasonable_paranoia)

~~~
miopa
It's about time then that few qualified cryptographers make an audit.
Kickstarter project maybe.

------
JonSkeptic
Microsoft: Commoditizing the shaft since 1975.

------
gametheoretic
I don't get it. :(

~~~
nivla
Read the original detailed article: [http://mashable.com/2013/09/11/fbi-
microsoft-bitlocker-backd...](http://mashable.com/2013/09/11/fbi-microsoft-
bitlocker-backdoor/)

I don't know why the one from boing boing was even posted.

