tag:blogger.com,1999:blog-4147841314301981805.post5820230211282424453..comments2023-03-26T07:38:56.925-06:00Comments on Heisencoder: TrueCrypt Releases version 6.0Matthew V Ballhttp://www.blogger.com/profile/04512577643269096659noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-4147841314301981805.post-18924509471220964342012-01-28T11:55:02.898-07:002012-01-28T11:55:02.898-07:00I can't comment directly on TrueCrypt itself, ...I can't comment directly on TrueCrypt itself, since I haven't used it in years, but concerning XTS-AES, Apple has shipped support for XTS-AES in OS X Lion 10.7 as the algorithm used in their full disk-encryption offering (which comes free with the operating system). I don't see anything else meaningfully competing with Apple on OS X Lion. For OS X 10.6 and 10.5, there's FileVault, but this just provides encryption of the home directory, not the entire hard disk. But this isn't nearly as secure as something like PGP-full disk encryption or TrueCrypt's full disk encryption.<br /><br />I haven't used Windows laptops in a couple years, so don't really know what's currently the best solution there (probably just PGP full-disk encryption). Linux has a number of encryption solutions, like ecryptfs, but these can sometimes be a bit slow. I'm using ecryptfs for a Linux box in my living room, and there is a substantial delay when logging in due to the time it takes to mount the ecryptfs home directory. I'm half tempted to just turn off the encryption and make sure that I don't put any sensitive information on that computer.<br /><br />XTS-AES has been an Approved algorithm under NIST's FIPS 140-2 for a couple years now, so the algorithm seems to have some staying power. There's some talk about maybe recommending that NIST also accept the EME-2 mode of IEEE Std 1619.2, but no one has done this coordination work yet. I think that PGP's full disk encryption may use EME-2 or some similar mode.Matthew V Ballhttps://www.blogger.com/profile/04512577643269096659noreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-8702421663070642112012-01-28T06:47:40.999-07:002012-01-28T06:47:40.999-07:00So where do we stand now in 2012? Is truecrypt and...So where do we stand now in 2012? Is truecrypt and the standard maturing into something that will compete on a level with symantec and the purchase of guardian edge?John Hammmondhttp://www.saic.comnoreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-78715808857227342282009-08-18T21:29:10.557-06:002009-08-18T21:29:10.557-06:00For those following this issue, now especially imp...For those following this issue, now especially important under the HITECH Act, to avoid security breach reporting requirements for HIPAA Covered Entities and Business Associates -- TrueCrypt XES-AES has been approved by NIST with a few caveats. see http:/www.law2point0.com/Robert Hudockhttp://www.ebglaw.comnoreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-12948242955513572332009-06-28T13:37:48.954-06:002009-06-28T13:37:48.954-06:00Hi John: NIST has told me privately that they have...Hi John: NIST has told me privately that they have approved XTS-AES, and will publish an SP 800-XX series draft that says so. There will be a public review period, and then NIST will update their FIPS 140-2 documentation to allow XTS-AES. It will take several months before NIST issues algorithm certificates for XTS-AES. I haven't heard of any temporary permission to use XTS-AES yes, but I'm not involved in certifying a product that uses XTS.Matthew V Ballhttps://www.blogger.com/profile/04512577643269096659noreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-30831178885927174592009-06-27T10:31:07.168-06:002009-06-27T10:31:07.168-06:00Matt you and I communicated by email a few weeks a...Matt you and I communicated by email a few weeks ago. Do you know if the approval has come through as an extension so XTS can be considered FIPS 140-2 for a period past the end of May. I thought that was when the temporary permission to use XTS as a FIPS 140-2 compliant encryption expired.John Hammondnoreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-67484235486619853242009-05-18T11:49:00.000-06:002009-05-18T11:49:00.000-06:00NIST expects to make a decision by the end of May ...NIST expects to make a decision by the end of May 2009, or shortly thereafter.Matthew V Ballhttps://www.blogger.com/profile/04512577643269096659noreply@blogger.comtag:blogger.com,1999:blog-4147841314301981805.post-31898380392142451522009-05-18T10:52:00.000-06:002009-05-18T10:52:00.000-06:00Any update on whether NIST has listed XTS as an Ap...Any update on whether NIST has listed XTS as an Approved Mode of Operation for protecting U.S. government confidential data under FIPS 140-2? Thanks.Anonymousnoreply@blogger.com