TrueCrypt Gets a New Life, New Name

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

"CipherShed"

[supertall]

Suddenly I think of banjos.

Re:"CipherShed"

[pushing-robot]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Re:"CipherShed"

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Say thank you to the governments of the world for copyrights, and trademarks, because of them it is almost impossible to create a uniquely identifying name
without finding out that is has already been trademarked and/or copyrighted.

A quick example. IBM's RiscSystem/6000... ever wonder why you never saw it abbreviated as RS/6000 ... the answer, Pontiac had a trademark in place for "RallySport/6000" as well as RS/6000 and they wouldn't release it to IBM.

Re:"CipherShed"

[Kjella]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Clearly you didn't use it for your own project, I suppose you had to write it first or it would have suggested HorribleUniqueNameGenerator. Because like the developers of the GNU Image Manipulator Program knows, a catchy acronym never hurt anyone.

Re: "CipherShed"

[aix+tom]

It worked pretty OK for centuries. You could buy a "Plow from John Smith over in Blurn Hollows", or you could buy a "Plow from George Smith over in Redneck Fields", and nobody would be confused that they were called the same.

These days, if you buy a "FuxMatic3000XP from XentTeck" one day, you have to make sure if you want to buy one a year later that neither the FuxMatic3000XP nor the XentTeck Trademark have been sold in the meantime and are completely different things and/or products, or if the company itself did a product switcheroo in the meantime.

Re:"CipherShed"

[Spy+Handler]

Nah, it wouldn't be cool to go against the wishes of the original authors. They put a lot of work into it. If you're gonna leech off their code then naming your project something other than Truecrypt is the least you can do.

I suggest RealCrypt.

Re:"CipherShed"

Respecting licenses is not done to respect the authors. It's done so you gain the credibility to have your own license enforced.

If the authors said "fuck'em", the next guy would come along and do the same and they wouldn't really be able to complain.

Re:"CipherShed"

Well it`s better than the NSA fork - DeCrypt. ;-)

Re:"CipherShed"

[ericloewe]

To make things worse, GIMP is an acronym that includes a backronym.

The ATA guys really like their silly nested acronyms like nobody else, though. Seriously, whose brilliant idea was "eSATAp".
eSATA powered
external SATA powered
external Serial ATA powered
external Serial AT Attachment powered
external Serial AT-sounds-like-a-cool-name Attachment powered

Re:"CipherShed"

[WaywardGeek]

So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)

This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!

RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.

Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.

Re:"CipherShed"

[Snotnose]

I suggest TrooKrypt.

Re:"CipherShed"

[supertall]

I suggest IronCrypt or something of the sort that projects strength and security.

Re:"CipherShed"

[kaatochacha]

I'd have to agree, "CipherShed" is just awful.
TrueCrypt was an excellent name, and working off the -crypt portion is logical.
Perhaps you can vary off the True prefix? or maybe "TrueCrypt II. It seems to work for movies.

Re:"CipherShed"

[WaywardGeek]

IronCrypt is a good suggestion. It is fucking squated. God I hate squatters. Worse than lice or ticks.

Re:"CipherShed"

[WaywardGeek]

No, we can't use TrueCrypt in the name. The license terms are clear about that. We're trying not to use True, and we have been told that it would be best not to use Crypt, though I think that's going a bit far.

Re: "CipherShed"

[bill_mcgonigle]

but in this case the authors were anonymous - they are NOT going to de-cloak to enforce a trademark.

It's probably better for the security of the community at large to carry on calling it TrueCrypt (3.0, clear who the new team is, etc.). Trademarks exist to prevent confusion - in this case, using the same name is the minimally confusing option. The license is unenforceable and securing people's communications is more important to society than the wishes of the retired authors.

Imaginary property ain't real but the risks of electronic adversaries certainly are.

Re:"CipherShed"

[TheEyes]

At least choose a suffix other than "shed" Maybe "vault" for "CypherVault" or "StoreVault"

The Latin word for "padlock" is "sera" "CypherSera"? "SeraCypher"? Bet nobody's squatting that.

"Cipher" comes from the medieval Latin "cifra" Maybe "BitCifra"? "CifraStore"?

Re:"CipherShed"

[Inigo+Montoya]

So here's my contributions to the naming

TruerCrypt :-)

CryptBlock CryptAll CryptMore MoreCrypt CryptoCase CryptMyRide CoolCrypt CryptoMagnolia MagnusCryptum Cryptonomy CryptoFilo

And here are some names that do not have Crypt in them (note: I have not checked copywrites or squatter rights on any of these)

AssetTag Lockdown FileBlocker TickTockLock SquirrelCage AcornVault

I can't think of any more :-)

Re: "CipherShed"

[currently_awake]

That's why there is an entire occupation devoted to handling legal stuff. I'd tell you the name, but every time I think of it the phrase "first up against the wall" jumps into my mind.

Re:"CipherShed"

Following your suggestions, BitCypher sounds pretty awesome, and uses neither crypt nor true.

captcha: labels

Re:"CipherShed"

[plazman30]

DataSafe CryptoSafe IronWall DataLocker DataLock

Re:"CipherShed"

[AmiMoJo]

LibreCrypt
NewCrypt
TC-X
MidoriCrypt (I just like that word)
FreeCrypt
SafeCrypt
SnowdenCrypt (with permission of course)
ImmortalCrypt (the NSA can't kill it)
SafeHouse (domains probably taken...)
CryptoBox
CryptoSafe
CryptoFreedom

Maybe a Slashdot poll?

Re: "CipherShed"

[flyingfsck]

Careful dude, you may get a ton of pre-orders for your new FuxMatic3000XP by advertizing on Sloshdat.

Re:"CipherShed"

I would use Lockdown

Re:"CipherShed"

[RandomFactor]

EuCrypt

Re:"CipherShed"

[AC-x]

personally I'd rather go for Serial Attached Small Computer System Interface over Small Form Factor 8470

To be fair they do just go for "SAS" rather than "SASCSI"

Re:"CipherShed"

[amxcoder]

How about "Data Crypt" or "DataCryptor"?

or "Crypt Locker"?

or "The Crypt-inator"

"TC-Fork"

"the program formally known as 'TrueCrypt'" (and then have some unpronounceable symbol)

there is always "Data Information Crypt Keeper"

Re:"CipherShed"

[crolix]

CryTruept

Re:"CipherShed"

[badkarmadayaccount]

Magnetite HDD Security Suite?

Re:"CipherShed"

[badkarmadayaccount]

Magnetite HDD Security Suite Has a geek pun, but sounds normal what do you think?

Re:"CipherShed"

[silentcoder]

>A quick example. IBM's RiscSystem/6000... ever wonder why you never saw it abbreviated as RS/6000 ... the answer, Pontiac had a trademark in place for "RallySport/6000" as well as RS/6000 and they wouldn't release it to IBM.

I'm assuming your story is true but if it is - then IBM was overly cautious and just didn't want to risk an expensive lawsuit over an abbreviation even though they would be guaranteed to win.
Trademarks apply *only* within the same field of industry - they don't apply to products from very different industries where there is no chance of confusion. There is no way that IBM could be confused with a car company and their RS-6000 with the Pontiac RS-6000.

People tend to forget (and the false logic of the "intellectual property" brigade re-enforces this) that trademarks do NOT exist to protect producers - they are a CONSUMER protection law. The idea being that if you buy something with company X's label for product Y on it you can be reasonably certain that you actually GET product Y from company X and not some cheap knock-off.

That is why they are so restricted - you can't trademark a common word or phrase, and if a trademark *becomes* a generic phrase for the type of product you lose the trademark. You also lose it if you don't aggressively defend it - which would explain why Pontiac would be loathe to agree even though their trademark clearly couldn't apply to IBM - for fear that somebody else could later claim they were not defending it and using that agreement as evidence.

In practise though, IBM should just have gone ahead - if Pontiac actually went ahead and filed suit they would have been laughed out of court.

Re:"CipherShed"

[caution+live+frogs]

Skip made up names and look to mythology. Greek guardians (Kerberos obviously already taken), Norse guardians (Fafnir?), etc. The best made-up names will be taken, but the mythological names might still be open for use. Especially if you get away from Western mythology.

Re:"CipherShed"

[WaywardGeek]

I just want you and the other Slashdotters to know we're taking your suggestions very seriously. Cryptonomy seems to be a leading condender. Thank you for the suggestion!

Re:"CipherShed"

[RavenLoon]

OmniCrypt, to highlight the cross-platform feature? Probably taken...

Re: "CipherShed"

[uberdilligaff]

OneCrypt... TwoCrypt... RedCrypt... BlueCrypt

Maybe it'll actually be trustworthy this time

Here's hoping the audit is a success.

Re:Maybe it'll actually be trustworthy this time

For anyone that doesn't have time to read the article, here's the audit part:

Organizations are loathe to walk away from TrueCrypt because it is free, it is cross platform and, perhaps most importantly, the code is available for inspection. Critically, the code is not just available, but a security audit of the code is underway. The eyeballs on the code are not just theoretical, but are also there in practice -- and they are professional eyeballs at that.

The first part of the code audit was completed in April - a source code assisted security assessment of the TrueCrypt bootloader and Windows kernel driver. No serious problems were found, although many issues were highlighted, including a lack of comments, use of insecure or deprecated functions and inconsistent variable types. The product is also nearly impossible to compile from the source code, which means the majority of users download pre-compiled binaries, with all the attendant security risks.

The next part of the audit, a formal cryptanalysis, is underway.

I would keep my eye on the project that the remaining parts of the audit actually get completed properly.

Does the TrueCrypt License

[I'm+New+Around+Here]

allow a fork to be released under a standard open source license?

Because I can take software with a standard open source license and put TrueCrypt's name back into it.

Not that I intend to do so, but it just seems off, somehow.

Re:Does the TrueCrypt License

Having RTFA (I know, I know), I can answer your question.
The first CipherShed version will be under the TrueCrypt license. They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.

Re:Does the TrueCrypt License

[Marginal+Coward]

I think you're onto something. Perhaps *that's* why the secret formula for Coke has never been open-sourced, but remains locked in a vault in Atlanta to this very day. Likewise for the secret Krabby-patty formuler. Just think what havoc Pepsi and Plankton could wreak with the TrueCrypt code...

Re:Does the TrueCrypt License

Section III.1.4 of the license (https://tldrlegal.com/license/truecrypt-license-version-3.0#fulltext) says that any code that you provide that is not part of the original TrueCrypt can be licensed under completely different terms, as long as the terms satisfy certain conditions listed in that section.

Re:Does the TrueCrypt License

[sexconker]

KFC's secret recipe leaked a while ago, and they're still around.
Chicken, grease, salt.

Re:Does the TrueCrypt License

[ihtoit]

pepper and monosodium glutamate.

Makes even town pigeons taste like chicken!

Re:Does the TrueCrypt License

[apraetor]

I think that's what the parent was implying. Until CipherShed is totally re-written it will still have portions encumbered by TrueCrypt licensing; a progressive refactoring would have the rapid time to market of a fork but without the predecessor's license (eventually).

Re:Does the TrueCrypt License

[viperidaenz]

I thought it was up, up, down, down, left, right, left, right, B, A, start

Re:Does the TrueCrypt License

[Khashishi]

Isn't it like half-life though? You can always remove half more of the original code, but when can you be confident you got it all?

FOSS names

[asmkm22]

Just curious. Is there some kind of unwritten rule that FOSS project names have to as crappy as possible? Is it just a translation thing, where maybe the name makes more sense or sounds better in the dev's native tongue? Has anyone been part of a FOSS project and was involved in the naming of it?

Re:FOSS names

[gigaherz]

The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.

Re:FOSS names

[Marginal+Coward]

Not all FOSS project names are as crappy as possible. But one is. Have you heard about the new "Crappy" project: "Crappy's really a praiseworthy project, yutz".

Re:FOSS names

[jones_supa]

Good ones: Inkscape, Thunderbird, Blender, VirtualBox, Linux...

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

I personally think that you hit the sweet spot when you have a name which sounds cool and professional, is easy to remember, and at least tries to vaguely describe the function of the program.

Re:FOSS names

[CaptSlaq]

You forgot that Google is also misspelled, so it's almost worse. The worst name I can think of off of the top of my head was the thankfully short lived "Flooz", despite Wikipedia stating that it has a reasonable base.

Re:FOSS names

[sexconker]

The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.

I'm happy to announce my new FOSS project: CUNTT. It's a universal network tracing tool.
It stands for "CUNTT isn't a Universal Network Tracing Tool".

Re:FOSS names

[sexconker]

LAME
WINE
MAME
etc.

LAME and WINE are especially terrible since their names are lies - LAME IS an MP3 encoder, and WINE IS an emulator (the word "emulation" is not restricted to emulating hardware or an instruction set).

Re:FOSS names

[Dragonslicer]

Good ones: Inkscape, Thunderbird, Blender, VirtualBox, Linux...

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

I personally think that you hit the sweet spot when you have a name which sounds cool and professional, is easy to remember, and at least tries to vaguely describe the function of the program.

A lot of software fails your last requirement (Thunderbird, Blender, Linux for a lot of people), but that isn't limited to open source software. While Microsoft has the reasonably-named Windows and Word, they also have Outlook, Excel, and PowerPoint.

Re:FOSS names

[ihtoit]

WINE is a recursive acronym, it stands for "WINE Is Not an Emulator"...

Bit of a clue, there.

Re:FOSS names

[monkey999]

As well as the obvious GIMP theres BitchX, gnome-toaster, squid, the Security Administrator's Tool for Analyzing Networks (SATAN), Back Orifice (arguably cool as well) , touch, finger and fsck

Re:FOSS names

[sexconker]

WINE emulates bits of Windows, it is an emulator. it does not emulate hardware, an instruction set, or even all of Windows, but it is an emulator nonetheless.
In fact, WINE originally stood for "Windows Emulator", before clowns decided to change it to that recursive backronym lie.

Check your facts.

Re:FOSS names

[sexconker]

I don't know if you're joking or not.
LAME is in fact an encoder, and it infringes on tons of the MP3 patents held by Fraunhofer.
Originally, LAME was just a set of changes to existing encoders, and you were expected to provider your own copy of the encoder. That scheme went out the window really fucking quickly, though. LAME quickly became a full-fledged encoder in itself, infringing on many patents. I don't give a shit about the patents, but I do give a shit when people claim it isn't an encoder when it is.
Shitty fucking name.

Re:FOSS names

[sexconker]

WINE is a recursive acronym, it stands for "WINE Is Not an Emulator"...

Bit of a clue, there.

WINE originally stood for Windows Emulator.
WINE is in fact emulating bits of Windows - it is an emulator.
The backronym comes later.

It's a shitty name and propagate a shitty belief that it is not an emulator, that an emulator has some strict definition relating to hardware or instruction sets, etc.

I included it on my list for precisely these reasons, and your ignorant post validates those reasons nicely.

Re:FOSS names

[BronsCon]

and it infringes on tons of the MP3 patents held by Fraunhofer

I think you mean "infringed", as those patents have long expired.

Re:FOSS names

[ihtoit]

citations needed. My information comes from the WINE project, not your arse. WINE is a compatibility layer. A compatibility layer is not an emulator.

Re:FOSS names

[sexconker]

and it infringes on tons of the MP3 patents held by Fraunhofer

I think you mean "infringed", as those patents have long expired.

Have they? Do I care?
The point is that the LAME developers made the claim that LAME wasn't an encoder in order to skirt the patent infringement issue.
First they claimed they were only releasing changes, which was true. Then they were releasing a full encoder and claimed they were only releasing source code as as an educational effort and were not actually distributing an encoder so they weren't infringing on the patents (which is obviously bullshit). I don't think they were ever really pursued by the Fraunhofer people but I don't really care either way/ The fact is LAME is in fact an MP3 encoder, despite the name.

Re:FOSS names

[BronsCon]

When it was named that, it was ,in fact, *not* an MP3 encoder. In fact, that it now ships with an encoder at its core does not change the fact that the LAME project (the part built around that encoder), in and of itself, is not an MP3 encoder. It's called nuance, those little details that matter oh so much.

Did the eventually-included encoder violate patents? Yeah, probably. Does it now? No, they've expired. Is LAME the encoder? No, it just includes it.

Re:FOSS names

[sexconker]

"Citation needed" is the internet equivalent of "Nuh-uh! PROVE IT!" and "LALALALA I CAN'T HEAR YOU!".
Go look at the Wikipedia page, the kind of drivel morons like you slurp up.

The name Wine initially was an acronym for Windows emulator.[5] Its meaning later shifted to the recursive backronym, Wine is not an emulator in order to differentiate the software from CPU emulators.[6] While the name sometimes appears in the forms WINE and wine, the project developers have agreed to standardize on the form Wine.[7]

You lose.

The phrase "wine is not an emulator" is a reference to the fact that no processor code execution emulation occurs when running a Windows application under Wine. "Emulation" usually refers to the execution of compiled code intended for one processor (such as x86) by interpreting/recompiling software running on a different processor (such as PowerPC). Such emulation is almost always much slower than execution of the same code by the processor for which the code was compiled. In Wine, the Windows application's compiled x86 code runs at full native speed on the computer's x86 processor, just as it does when running under Windows. Windows system services are also supplied by Wine, in the form of wineserver.

Emulate (verb)
1 - To match or surpass (a person or achievement), typically by imitation.
2 - To imitate.

WINE is an emulator. It is not emulating hardware or an instruction set, it is emulating pieces of Windows. They initially claimed it was an emulator because it was. They later claimed it wasn't an emulator because they didn't want idiots (like yourself) to think that meant they were emulating hardware or an instruction set, and thus incurring a severe performance penalty. Emulation is absolutely not restricted to hardware or instruction sets, using recompilers, interpreters, or anything else.

Re:FOSS names

[fnj]

I'm not impressed by what it is named. It *IS* an amulator; fact; get over it.

Emulate: reproduce the function or action of (a different computer, software system, etc.).

So it's not an instruction-set emulator like qemu (was originally). Big deal. There are other things than instruction sets you can emulate.

Re:FOSS names

[fnj]

So you think fsck is something besides a descriptive abbreviation for File System Check? What about ls (List), rm (Remove), cp (Copy), or touch (literally, Touch File). Oh, I see. It's a pre-teen double entendre.

Re:FOSS names

[monkey999]

So you think fsck is something besides a descriptive abbreviation for File System Check?

Dennis Ritchie thought so too:

Dennis Ritchie: “So fsck was originally called something else”
Question: “What was it called?”
Dennis Ritchie: "Well, the second letter was different"
~ Q&A at Usenix

I don't know if he was a pre-teen when he wrote it, but it's a bad name anyway because it doesn't suggest anything to do with the purpose of the tool.

Re:FOSS names

[WaywardGeek]

I find EncryptAll not bad. The bar here is not that high... just has to be an improvement. The guys on the CipherShed team would kill me for suggesting Pure-Crypt, but I think that's available and also aligns us well with Pure-Privacy, the new foundation promoting online privacy.

Re:FOSS names

[kaatochacha]

ugh.

Re:FOSS names

[Xenna]

Cryptal is nice, with one L.
Chryptal is probable taking it a bit too far.

Re:FOSS names

[hackertourist]

I think there's one more criterium: the name has to avoid collisions. If you do an internet search for your program name and you need extra qualifiers to avoid unrelated stuff from ranking higher than the page you need, the name is bad.

Re:FOSS names

[fisted]

Doesn't matter, as long as it's SomeThingCamelCased. /me pukes

Re: FOSS names

That is NOT emulsion.

You are correct, sir, although the final product may indeed be indistinguishable from mayonnaise.

Re:FOSS names

[silentcoder]

It's a bunch of libraries with an interface compatible with a different library, recreated as a clean-room implementation.

If that's an "emulator" then Android is using a JAVA emulator !

Hell it means every library ever released that's backwards compatible is "emulating" the previous version !

Re:FOSS names

[DarthVain]

Not sure if it is FOSS, but I always thought DosBox was a good one.

How about CryptCipher or CipherCrypt? Heck CipherBox or CryptBox would be better than Shed.

When I think about how hard it is to break into my garden shed, the answer is "not hard". Not exactly the image you want for your cryptographic software.

CryptoCipher... or following the names you hate just call it CC.

Expect a FISA or PRISM notice in...

[Bomarc]

How long before they get a FISA or PRISM notice?
Wonder if they will have a "Warrant Canary" posting.

Re:Expect a FISA or PRISM notice in...

I think once they know where to send the letter, posting it might not be such a bright idea.

Re:Expect a FISA or PRISM notice in...

[apraetor]

The problem with multi-person assurance games is that they require everyone to cooperate to maximize the payoff. Think of it like the Prisoner's Dilemma, where "civil disobedience" is the "cooperation" case, and "keeping quiet" is the "defection" case. From Wikipedia: The dilemma then is that mutual cooperation yields a better outcome than mutual defection but it is not the rational outcome because the choice to cooperate, at the individual level, is not rational from a self-interested point of view.

Re:Expect a FISA or PRISM notice in...

[WaywardGeek]

Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.

Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.

TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.

Re:Expect a FISA or PRISM notice in...

[Cafe+Alpha]

Since it's an open sourced project, the only ways they could maintain a back door would be:
1) find a pre-existing flaw, and either hope it isn't fixed or threaten each developer to keep them from fixing or mentioning that flaw.. Perhaps they could monitor the developers and catch them as soon as they talk about a flaw privately
2) threaten a developer and REQUIRE him to add a flaw and not reveal that he's doing it.

1) is a harder case, but it can partially be prevented by making all communication through a public forum. 2) could be prevented by treating every change to the code as a possible attack and reviewing it publicly by multiple people... But even then it could be let through by the government getting to everyone involved first. Danger could be detected by people dropping out of the project or changes not being reviewed publicly anymore.

Why does this always happen?

[westlake]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Nothing inspires more confidence in a complex cryptographic system than a name like "CipherShed.'

Is the geek born with this impulse to shoot himself in the foot?

Re:Why does this always happen?

[GameboyRMH]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

And if they wanted to make it a commercial product, they could market it under a different name like SecureVault, or more likely Zitzzers since all the real words are no longer available.

Re:Why does this always happen?

[MightyMartian]

It's better than EncryptoBarn or KeyHaul.

Re:Why does this always happen?

[UnknownSoldier]

Hey, it could be worse -- they could of picked a retarded name like the GIMP team ...

/me ducks

Re:Why does this always happen?

LibreCrypt wasn't available?lol

Re:Why does this always happen?

[Agent0013]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

This makes me think of all the horrible names that Microsoft has chosen for their products. :-)

Re:Why does this always happen?

[s.petry]

Their first choice was TrueCrypt, but that would not have worked so well...

Re:Why does this always happen?

[idontgno]

SecretShack?

Re:Why does this always happen?

[ihtoit]

Dammit, I was going to go with "Popplers" or "Tastecicles".

Re:Why does this always happen?

[Noah+Haders]

It's better than EncryptoBarn or KeyHaul.

Lol I would totally store my shizz in an encryptobarn.

Re:Why does this always happen?

The word "gimp" is considered an rude and offensive word to describe "a physically handicapped or lame person".

Re:Why does this always happen?

[westlake]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

If the geek wants encryption to become universal, he has to remove any and all barriers to adoption, both technical and psychological. That implies reaching out to the PHB, the home and SOHO user, and so on.

Re:Why does this always happen?

[CreatureComfort]

Howbout...MaybeCrypt? Wouldn't want to use FalseCrypt...

I've got it! SchrödingersCrypt!

Re:Why does this always happen?

[s.petry]

Hahaha!!

Re:Why does this always happen?

[ncc74656]

Dammit, I was going to go with "Popplers"

Already taken.

Re:Why does this always happen?

[The+Snowman]

Nothing inspires more confidence in a complex cryptographic system than a name like "CipherShed.'

At least they did not call it The Gimp.

Re:Why does this always happen?

[qpqp]

The 90s called, they want their anti-OSS rhetoric back.

Re:Why does this always happen?

[flyingfsck]

Aww come-on, what is wrong with squirting songs with your Zune??? ;)

Re:Why does this always happen?

[flyingfsck]

There is nothing wrong with the word gimp in most of the civilized world. It is only a slightly derogatory teenager slang word in some US high schools.

Re:Why does this always happen?

[viperidaenz]

I'm all for open source software.
There's some good projects out there and I've contributed to a few of them. Most are shit though.

Re: Why does this always happen?

[Threni]

Yes but that's an even stupider name.

Re: Why does this always happen?

[Threni]

If people don't want to use it then nobody else can force them. Or care, come to that. I'll continue to use it no matter how specious the arguments for not using it become.

Re:Why does this always happen?

[alci63]

humm... I'm not a native english speaker, so to me it sound like all those globish trademarks and buzz words, that is... foreign and globish. So, it does mean somethings or has some connotation for native english speakers ?

Re: Why does this always happen?

[shonangreg]

"Shed" sounds like a cheap, DIY building in the country or on your litter-strewn backyard. "Shack" has similar connotations. I don't think there is actually anything that wrong with the name. If the CipherShed product is high quality, then the "shed" part well be imagined as a clean, well-constructed small building in a well-maintained lawn. Some people have to bitch, though.

Re:Why does this always happen?

[davydagger]

oh nothing:

https://www.youtube.com/watch?v=yZ4w41ZYY9A

BRING OUT THE GIMP.

something about being stored in a closet being only taken out for dirty nasty degrading homosex

They've already screwed the pooch.

[tlambert]

They've already screwed the pooch.

They've published the source archive under the original TrueCrypt license. As a result, unless there's a legal entity (person or company) to which all contributors make an assignment of rights, or they keep the commit rights down to a "select group" that has agreed already to relicense the code, they will not be able to later release the code under an alternate license, since all contributions will be derivative works and subject to the TrueCrypt license (as the TrueCrypt license still in the source tree makes clear).

The way you do these things is: sanitize, relicense, THEN announce. Anyone who wants to contribute as a result of the announcement can't, without addressing the relicensing issue without having already picked a new license.

Re:They've already screwed the pooch.

[Kjella]

First of all, there's very little in a rebranding effort that will be of any significance if they're looking to relicense. The tricky part is that they must replicate the functionality from scratch, without getting derivative - typing it up again or changing the function or variable names won't be enough. That's a job they have to do in parallel, in the background until they're ready to ditch CipherShed 1.x (based on TrueCrypt) and release CipherShed 2.0 based entirely on non-TrueCrypt source code under the new license.

Yes, you might argue that they should do it in bits and pieces to the current source tree with dual licensed code, but that will make it harder to make non-derivative code. If you keep making things that fit into the current project, the internal structure will be very similar which is a bad thing from a legal point of view. I guess if you're interested in making new code for the new version they'll tell you what license they plan to use. Or you could dual license it TrueCrypt/BSD yourself, since that'll work no matter what they pick.

Re:They've already screwed the pooch.

[viperidaenz]

or an ARM instruction set, designed by poms.

Re:They've already screwed the pooch.

[WaywardGeek]

This is not correct. Each individual file in TrueCrypt has a clear copyright notice at the top. Every file with any E4M license will be replaced from scratch. After that, we'll do the files that have TrueCrypt license, though mainly so we can migrate to a better FOSS license.

Re:They've already screwed the pooch.

[complete+loony]

Apparently any new code they write can co-exist with a different license. So they intend to slowly replace it all.

Re:Shed??

[GameboyRMH]

Lots of great things have been invented in a shed.

Re:Shed??

[CaptSlaq]

Like TVR.

Re:Veracrypt

[Kjella]

Veracrypt seems to be similar inconcept but has made several releases so far and added some fixes from the code audit. This one OTOH has yet to release a version. It'd be good to have someone emerge the "generally recognized best" successor.

Veracrypt is also a one-man copyright fraud. No, not just infringement but as in actually taking the Truecrypt code and slapping another license on it. That project stinks to high heaven.

YEEAAHHHH!!!!!

This news seriously made my day (an no I don't care about the name). I have TrueCrypt running on all my machines and couldn't live without it. It gives me great piece of mind should a computer be stolen or lost. TrueCrypt was a breathe to install and use and, while I have not looked into the code, is vastly superior to having no encryption at all or using a commercial product which is almost certainly back-doored. I hope this project gets off the ground.

But who?

[koan]

Is really writing the code?

Re:But who?

[jpyeron]

See https://ciphershed.org/about

and

https://lists.ciphershed.org/p...

Re:But who?

[koan]

Does to me.

Like LAME

[tepples]

They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.

LAME was developed in the same way, by replacing pieces of the ISO's reference MP3 encoder until it was finished in May 2000. Is there a better name for this "ship of Theseus" method?

Re:Like LAME

[Orestesx]

"Clean Room Design"
"Chinese Wall Implementation"
"Brewer and Nash Model"

The key isn't replacing the code...it's replacing the code in such a way that it does not infringe on the copyright of the original code. Usually this means new code created by someone with no knowledge of the original code, therefore it cannot be a derivative work, therefore it does not infringe on the original copyright.

Re:Like LAME

[Bill_the_Engineer]

Since they are working with the original source code and simply implementing new code with a different license, I don't think those three terms you gave apply. When I think of "Clean Room Design", I think of programmers who program a different implementation knowing only the API and the expected results of the subroutine, method, or entire Application.

This is probably more of a "wink... wink.. Clean Room Design... cough... cough."

Re:Like LAME

[WaywardGeek]

Infringement has a lot to do with who you're pissing off. I this case, I am not so worried about the original TrueCrypt team. These guys did a ton of work for years, almost for free, because they thought the world needed it. Well, the world still needs it, and we have some new volunteers (but need more!). The E4M owner has some gripes about use of E4M licensed code in the tool. I think we need to focus on the E4M code and get it out of there ASAP. We can then take some more time to redo the whole GUI and everything else.

Re:Like LAME

[myowntrueself]

Is there a better name for this "ship of Theseus" method?

How about Neurath's boat?

GIMP, Ubuntu, Xfce

[tepples]

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

As a user of Xubuntu who brings out the GIMP at least twice a week, I'm interested in how you'd name them better.

• What better name would you suggest for the GNU Image Manipulation Program? It "at least tries to vaguely describe the function of the program".
• How is Blender (English for "food processor", referring to a 3D modeling app) any better than Ubuntu (Zulu for "humankind", referring to a Linux distribution)? Is it just that English is historically more prestigious than Zulu as a naming language?
• Xfce (XForms Common Environment) used to be descriptive back when it used XForms, but it became an artifact title once Xfce switched to GTK+. The X part can be reinterpreted to refer to the X Window System, but then the F needs a meaning, a problem that it shares with FVWM (Something Virtual Window Manager).

Re:GIMP, Ubuntu, Xfce

[mrchaotica]

What better name would you suggest for the GNU Image Manipulation Program?

GNUImage?

Or, what's the Zulu word for "Photoshop?" ; )

How is Blender (English for "food processor", referring to a 3D modeling app) any better than Ubuntu (Zulu for "humankind", referring to a Linux distribution)?

1. Artists blend colors and shapes. 2. Blenders and food processors are not the same appliance -- the former liquifies; the latter dices. 3. I agree that Ubuntu isn't a bad name.

Xfce (XForms Common Environment) used to be descriptive

Any new user: "WTF does 'common environment' mean, and why would I want one made out of 'Xforms' (whatever those are)?!"

Aside from that, you could do a lot worse than a random unpronounceable but short acronym when trying to come up with a name for something these days...

Re:GIMP, Ubuntu, Xfce

[WaywardGeek]

I totally agree with your list, which means you are better than most of us geeks at picking, or at least evaluating names. I would love an alternative to CipherShed. I bet you could help here. Can you think of better names.

I like the name password-hashing entry in the PHC called OmegaCrypt. I was considering contacting the author, Brandon, to see if he'd let us use it. Some people on the CipherShed project don't want either True or Crypt in the name, partly for fear of trade-mark dispute, and partly to show that we're doing an honest clean fork, with an intent to rewrite it all under a popular FOSS license (the latest BSD license is currently the leading condender).

Re:GIMP, Ubuntu, Xfce

[dactylus]

I definitely have avoided promoting GIMP to friends and colleagues because of the stupid name. You could make it "GNU Image", "GNU Image Editor", "GNUPic", or dozens of other titles that don't bring to mind enfeebling disabilities or that disturbing scene from Pulp Fiction.

Re:GIMP, Ubuntu, Xfce

[jones_supa]

How about "Confidisk"?

Fine as long as

[jordanjay29]

For the sake of keeping these tools out of the greedy hands of corporations, I'd almost be okay with using GPL for this project. It's not a cool license for developers, but I'd almost consider the value for end-users more important in this case. Locking this technology up behind a paywall won't do anyone any good.

I guess FalseCrypt was taken

[gatkinso]

CipherShed indeed.

Re:I guess FalseCrypt was taken

[NReitzel]

Strange that you should mention this. In point of fact, they released the source code.

Let's read that again:

      They Released The Source Code

Dude, that genie is -out- of the bottle. The source builds easily on several platforms, and produces a nice functional FakeCrypt wherever you might want it. Now, let us examine the implications of litigation against people who have brought up their own version.

First, ostensibly honest people who just want some security will be the targets. And what will happen to fundamental terrorist groups? Why, nothing of course. They will have strong crypto and being sued for copyright infringement is the very least of their worries, since they intend on doing rather nastily illegal acts in any case. Law abiding people get harassed, the bad guys don't give a crap.

Are you listening, NSA? What you've done, so you can intercept Aunt Mabel's sex texts, is force the use of this strong package underground. Your only recourse is going to be making any use of crypto illegal, which may in fact have been where you were going in the first place.

You guys are -supposed- to defend the Constitution of the United States. I've actually listened to the oath. The idea is not, and never has been, that the people are entitled to Life, Liberty, and the Pursuit of Happiness as long as it is under strict government supervision.

Re:Veracrypt

[xeio87]

It's interesting though, if the authors of TrueCrypt really do want to stay anonymous... how will they ever exercise their copyright? Or for that matter prove that they ever owned the project in the first place?

I prefer doxbox

[monkey999]

I like the doxbox project - it works with linux crypto containers as well. Its a fork of freeotfe that was always better than truecrypt because its easier to use and has a license that encourages people to contribute.

Re:I prefer doxbox

[ron_ivi]

Thank You!!! I've occasionally looked for something exactly like this.

Secure? Wordpress?

[X10]

Their site says "proudly powered by wordpress". Err, "security", "wordpress", isn't that mutually exclusive?

Re:Secure? Wordpress?

[thatkid_2002]

You beat me to it. You can't write security software and have a Wordpress based website. It's just insane. My trust level went from 70% to 0% as soon as I noticed Wordpress in the footer.
Go use Nikola (or similar). You can easily maintain the website publicly within a Git repo!

best news all day

[CosaNostra+Pizza+Inc]

This is great news and honestly, its the best news I've had today.

Re:Fine as long as

[fnj]

Really? But by implication you'd be totally fine with closed source (as in Microsoft)? Just asking.

GIMP

[dutchwhizzman]

It's not as if their excellent communication skills or competitiveness with professional programs has anything to do with it. They even got a reference in a Tarantino movie which I am sure was to honor their excellent contact with the graphics design professionals.

Used to be Cipher-Two-Sheds...

[qw(name)]

But then he sold one.

Re:What's in a name?

[thatkid_2002]

I think CiperhShed is one of the slickest names I've seen...
Yes, there is some poorly named Open Source software but the majority is really on-par with proprietary shit.

What about CryptKeeper

[OutOnARock]

CryptKeeper, owned by HBO?

Re:Veracrypt

[Luckyo]

How is it a violation of TrueCrypt's license when TrueCrypt's license specifically ALLOWS for this?

For the idiots who can't even read the story: TrueCrypt's license allows for taking all the code and reusing it, with only requirement being using a different name.

BeerCrypt

[hodet]

Well we only had one Beer story today, so I nominate BeerCrypt. Because we all love beer and crypto. It's a no brainer and the quicker you bring Cipher-Shed behind the wood shed the better. Let Mcafee have Endpoint and Microsoft have BitLocker. Nice catchy names to make the most hard assed CEO blush and gush. BeerCrypt. You know you want it.

don't care squat

[monkey999]

Why worry about squatters, if ironcrypt.org is taken just use ironcrypt.foo. My favorite open-source transparent crypto product uses doxbox.eu; doxbox.org is something else - who cares?

how about "InvisiFile"?

[cellocgw]

That's easy to pronounce, and since part of the intent of the encryption software is to present a disk with no evidence of there being an encrypted file, the 'invisibility' part may make sense to the nontechies.

I was going to suggest Data-B-Gone but that's probably trademarked by QVC :-)

do you mean DosBox?

[kevlar_rat]

Thanks for posting this. I am the maintainer of DoxBox. If you have any questions or want to flame me about the name, go ahead.

Re:"CipherShed" --> OneCrypt

[Ted+Stoner]

OneCrypt. One = true zero = false.

~crypt

[irishatheist]

How about TildeCrypt, a pun on until decrypt-ed, for those who have had to wait hours to decrypt hp notebook hard disks before installing a bios and utility partition update before re-encrypting.

VeriKrypt

[stigweard]

VeriKrypt would be a translation into mixed Latin & Greek.

FortKnox

[DarthVain]

Another catchy one that is easy to remember that most people could identify with would be "FortKnox"... a very secure environment for your valuables... Then again, maybe it is taken or trademarked or something.

NotablySafeArchival?

[DarthVain]

or perhaps CipherIndexedArray?

I can't think of one for FBI. :)

Canada is much easier...

[DarthVain]

CipherSecureInformationSystem

and

CryptSecureEasyCipher