Sho Fukamachi Online

For some time MacOSX has lacked a top quality, open source, plausible-deniability encryption solution. TrueCrypt is the obviously leader here, but is incompatible with OSX – you could try and run the Windows version in a VM, but that’s not an option for serious day to day use; a native version is infinitely preferable.

Seems like the drought has broken, however, with the latest version of OSXCrypt, which looks very much like it will become the encryption client for MacOSX.

While OSX has shipped for some time with some built-in encryption capability, namely encrypted disk images and FileVault, these have severe problems in that they support only a single internal password & volume, and thus provide no plausible deniability. There is no point encrypting files if you can be arrested for not divulging your password – unless it’s to simply divert casual 3rd party inspection as in the “computer repair shop” scenario. Until now the only case I could think of that would be useful for, say, an airport check would be to run a third, FileVault-encrypted account and simply claim it was for your “roommate” or what not and you didn’t know the password. Use of Truecrypt solves all these problems – one password will open one internal volume, another will open another, and there is absolutely no way to prove the second’s existence.

There is also the very real possibility that Apple retains “escrow” keys for all encryption schemes implemented in MacOSX. Without the possibility of source code review by experts, it’s impossible to say. Microsoft certainly backdoors its encryption (NSAKEY, anyone?).

The source code is available and an alpha is available for testing. Command line only for now, a GUI is on the way. Finally, a real encryption solution for the Mac! Great news for the ultra-paranoid .. like me ..

UPDATE: a tutorial is available (in german) here.

Tags: osxcrypt

This entry was posted on Monday, January 28th, 2008 at 1:08 am and is filed under mac, recommendation. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.