Open-Source or FIPS-Validated Disk Encryption?

Posted by ryuzaki0 on Tuesday April 18, 2006 @10:45AM from the peer-review-or-third-party-approved dept.

j_crane asks: "Our company is looking for disk encryption software that runs on Windows XP/2003 and Linux. There are hundreds of commercial disk encryption programs (most are Windows-only though). Some of them are FIPS-validated by the US NIST, but none of these are open-source. On the other hand, there is an excellent open-source on-the-fly disk encryption software, called TrueCrypt, for Windows and Linux (the program even provides plausible deniability), but it does not have a FIPS-validation. Which would you prefer -- open source or FIPS-validated -- and why?"

1 of 74 comments (clear)

Min score:

Reason:

Sort:

I use truecrypt by drinkypoo · 2006-04-18 10:53 · Score: 3, Insightful

So I think that answers your question. But why? Because it's open source. I don't trust anything that isn't, and not everything that is... But it's highly used, which suggests that it's highly scrutinized.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"