TrueCrypt Gets a New Life, New Name

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

"CipherShed"

[supertall]

Suddenly I think of banjos.

Re:"CipherShed"

[pushing-robot]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Why does this always happen?

[westlake]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Nothing inspires more confidence in a complex cryptographic system than a name like "CipherShed.'

Is the geek born with this impulse to shoot himself in the foot?

Re:

[GameboyRMH]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

And if they wanted to make it a commercial product, they could market it under a different name like SecureVault, or more likely Zitzzers since all the real words are no longer available.

Re:

[Agent0013]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

This makes me think of all the horrible names that Microsoft has chosen for their products. :-)

Re:

[ihtoit]

Dammit, I was going to go with "Popplers" or "Tastecicles".

Re:

[ncc74656]

Dammit, I was going to go with "Popplers"

Already taken. [freedesktop.org]

Re:

[westlake]

It's not a commercial product so who cares if some PHB who thinks the name of an application is important doesn't like it?

If the geek wants encryption to become universal, he has to remove any and all barriers to adoption, both technical and psychological. That implies reaching out to the PHB, the home and SOHO user, and so on.

Re:

[qpqp]

The 90s called, they want their anti-OSS rhetoric back.

Re:

[MightyMartian]

It's better than EncryptoBarn or KeyHaul.

Re:

[idontgno]

SecretShack?

Re:

[Noah Haders]

It's better than EncryptoBarn or KeyHaul.

Lol I would totally store my shizz in an encryptobarn.

Re:

[UnknownSoldier]

Hey, it could be worse -- they could of picked a retarded name like the GIMP team ...

/me ducks

Re:

[s.petry]

Their first choice was TrueCrypt, but that would not have worked so well...

Re:Why does this always happen?

[CreatureComfort]

Howbout...MaybeCrypt? Wouldn't want to use FalseCrypt...

I've got it! SchrödingersCrypt!

Re:

[s.petry]

Hahaha!!

Re:

[The Snowman]

Nothing inspires more confidence in a complex cryptographic system than a name like "CipherShed.'

At least they did not call it The Gimp [gimp.org].

Re:

[flyingfsck]

There is nothing wrong with the word gimp in most of the civilized world. It is only a slightly derogatory teenager slang word in some US high schools.

Re:"CipherShed"

[Kjella]

They're obviously using my HorribleNameGenerator library. I'm proud to have contributed to so many FOSS projects.

Clearly you didn't use it for your own project, I suppose you had to write it first or it would have suggested HorribleUniqueNameGenerator. Because like the developers of the GNU Image Manipulator Program knows, a catchy acronym never hurt anyone.

Re:

[ericloewe]

To make things worse, GIMP is an acronym that includes a backronym.

The ATA guys really like their silly nested acronyms like nobody else, though. Seriously, whose brilliant idea was "eSATAp".
eSATA powered
external SATA powered
external Serial ATA powered
external Serial AT Attachment powered
external Serial AT-sounds-like-a-cool-name Attachment powered

GIMP

[dutchwhizzman]

It's not as if their excellent communication skills or competitiveness with professional programs has anything to do with it. They even got a reference in a Tarantino movie which I am sure was to honor their excellent contact with the graphics design professionals.

Re: "CipherShed"

[aix tom]

It worked pretty OK for centuries. You could buy a "Plow from John Smith over in Blurn Hollows", or you could buy a "Plow from George Smith over in Redneck Fields", and nobody would be confused that they were called the same.

These days, if you buy a "FuxMatic3000XP from XentTeck" one day, you have to make sure if you want to buy one a year later that neither the FuxMatic3000XP nor the XentTeck Trademark have been sold in the meantime and are completely different things and/or products, or if the company itself did a product switcheroo in the meantime.

Re:"CipherShed"

[Spy Handler]

Nah, it wouldn't be cool to go against the wishes of the original authors. They put a lot of work into it. If you're gonna leech off their code then naming your project something other than Truecrypt is the least you can do.

I suggest RealCrypt.

Re:

[Anonymous Coward]

Well it`s better than the NSA fork - DeCrypt. ;-)

Re:"CipherShed"

[WaywardGeek]

So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)

This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!

RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.

Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.

Re:

[kaatochacha]

I'd have to agree, "CipherShed" is just awful.
TrueCrypt was an excellent name, and working off the -crypt portion is logical.
Perhaps you can vary off the True prefix? or maybe "TrueCrypt II. It seems to work for movies.

Re:

[WaywardGeek]

No, we can't use TrueCrypt in the name. The license terms are clear about that. We're trying not to use True, and we have been told that it would be best not to use Crypt, though I think that's going a bit far.

Re:

[TheEyes]

At least choose a suffix other than "shed" Maybe "vault" for "CypherVault" or "StoreVault"

The Latin word for "padlock" is "sera" "CypherSera"? "SeraCypher"? Bet nobody's squatting that.

"Cipher" comes from the medieval Latin "cifra" Maybe "BitCifra"? "CifraStore"?

Re:

[Inigo Montoya]

So here's my contributions to the naming

TruerCrypt :-)

CryptBlock CryptAll CryptMore MoreCrypt CryptoCase CryptMyRide CoolCrypt CryptoMagnolia MagnusCryptum Cryptonomy CryptoFilo

And here are some names that do not have Crypt in them (note: I have not checked copywrites or squatter rights on any of these)

AssetTag Lockdown FileBlocker TickTockLock SquirrelCage AcornVault

I can't think of any more :-)

Re:

[plazman30]

DataSafe CryptoSafe IronWall DataLocker DataLock

Re:

[WaywardGeek]

IronCrypt is a good suggestion. It is fucking squated. God I hate squatters. Worse than lice or ticks.

Re:

[Snotnose]

I suggest TrooKrypt.

Re: "CipherShed"

[bill_mcgonigle]

but in this case the authors were anonymous - they are NOT going to de-cloak to enforce a trademark.

It's probably better for the security of the community at large to carry on calling it TrueCrypt (3.0, clear who the new team is, etc.). Trademarks exist to prevent confusion - in this case, using the same name is the minimally confusing option. The license is unenforceable and securing people's communications is more important to society than the wishes of the retired authors.

Imaginary property ain't real

Re:

[currently_awake]

That's why there is an entire occupation devoted to handling legal stuff. I'd tell you the name, but every time I think of it the phrase "first up against the wall" jumps into my mind.

Maybe it'll actually be trustworthy this time

[Anonymous Coward]

Here's hoping the audit is a success.

Re:Maybe it'll actually be trustworthy this time

[Anonymous Coward]

For anyone that doesn't have time to read the article, here's the audit part:

Organizations are loathe to walk away from TrueCrypt because it is free, it is cross platform and, perhaps most importantly, the code is available for inspection. Critically, the code is not just available, but a security audit of the code is underway. The eyeballs on the code are not just theoretical, but are also there in practice -- and they are professional eyeballs at that.

The first part of the code audit was completed in April - a source code assisted security assessment of the TrueCrypt bootloader and Windows kernel driver. No serious problems were found, although many issues were highlighted, including a lack of comments, use of insecure or deprecated functions and inconsistent variable types. The product is also nearly impossible to compile from the source code, which means the majority of users download pre-compiled binaries, with all the attendant security risks.

The next part of the audit, a formal cryptanalysis, is underway.

I would keep my eye on the project that the remaining parts of the audit actually get completed properly.

Does the TrueCrypt License

[I'm New Around Here]

allow a fork to be released under a standard open source license?

Because I can take software with a standard open source license and put TrueCrypt's name back into it.

Not that I intend to do so, but it just seems off, somehow.

Re:Does the TrueCrypt License

[Anonymous Coward]

Having RTFA (I know, I know), I can answer your question.
The first CipherShed version will be under the TrueCrypt license. They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.

Like LAME

[tepples]

They hope to rewrite and replace code until they have something new they can release under a standard OSI-approved license.

LAME was developed in the same way, by replacing pieces of the ISO's reference MP3 encoder until it was finished in May 2000 [slashdot.org]. Is there a better name for this "ship of Theseus" method?

Re:

[Orestesx]

"Clean Room Design"
"Chinese Wall Implementation"
"Brewer and Nash Model"

The key isn't replacing the code...it's replacing the code in such a way that it does not infringe on the copyright of the original code. Usually this means new code created by someone with no knowledge of the original code, therefore it cannot be a derivative work, therefore it does not infringe on the original copyright.

Re:

[Bill_the_Engineer]

Since they are working with the original source code and simply implementing new code with a different license, I don't think those three terms you gave apply. When I think of "Clean Room Design", I think of programmers who program a different implementation knowing only the API and the expected results of the subroutine, method, or entire Application.

This is probably more of a "wink... wink.. Clean Room Design... cough... cough."

Re:

[WaywardGeek]

Infringement has a lot to do with who you're pissing off. I this case, I am not so worried about the original TrueCrypt team. These guys did a ton of work for years, almost for free, because they thought the world needed it. Well, the world still needs it, and we have some new volunteers (but need more!). The E4M owner has some gripes about use of E4M licensed code in the tool. I think we need to focus on the E4M code and get it out of there ASAP. We can then take some more time to redo the whole GUI

Re:

[myowntrueself]

Is there a better name for this "ship of Theseus" method?

How about Neurath's boat?

Re:Does the TrueCrypt License

[Anonymous Coward]

Section III.1.4 of the license (https://tldrlegal.com/license/truecrypt-license-version-3.0#fulltext) says that any code that you provide that is not part of the original TrueCrypt can be licensed under completely different terms, as long as the terms satisfy certain conditions listed in that section.

Re:

[apraetor]

I think that's what the parent was implying. Until CipherShed is totally re-written it will still have portions encumbered by TrueCrypt licensing; a progressive refactoring would have the rapid time to market of a fork but without the predecessor's license (eventually).

Re:

[Khashishi]

Isn't it like half-life though? You can always remove half more of the original code, but when can you be confident you got it all?

Re:

[Marginal Coward]

I think you're onto something. Perhaps *that's* why the secret formula for Coke has never been open-sourced, but remains locked in a vault in Atlanta to this very day. Likewise for the secret Krabby-patty formuler. Just think what havoc Pepsi and Plankton could wreak with the TrueCrypt code...

Re:

[sexconker]

KFC's secret recipe leaked a while ago, and they're still around.
Chicken, grease, salt.

Re:

[ihtoit]

pepper and monosodium glutamate.

Makes even town pigeons taste like chicken!

Re:

[viperidaenz]

I thought it was up, up, down, down, left, right, left, right, B, A, start

FOSS names

[asmkm22]

Just curious. Is there some kind of unwritten rule that FOSS project names have to as crappy as possible? Is it just a translation thing, where maybe the name makes more sense or sounds better in the dev's native tongue? Has anyone been part of a FOSS project and was involved in the naming of it?

Re:FOSS names

[gigaherz]

The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.

Re:FOSS names

[sexconker]

The sillier the name the lower the chances someone will abuse that name for commercial reasons. Saves a lot of money on trademarks.

I'm happy to announce my new FOSS project: CUNTT. It's a universal network tracing tool.
It stands for "CUNTT isn't a Universal Network Tracing Tool".

Re:FOSS names

[jones_supa]

Good ones: Inkscape, Thunderbird, Blender, VirtualBox, Linux...

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

I personally think that you hit the sweet spot when you have a name which sounds cool and professional, is easy to remember, and at least tries to vaguely describe the function of the program.

GIMP, Ubuntu, Xfce

[tepples]

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

As a user of Xubuntu who brings out the GIMP at least twice a week, I'm interested in how you'd name them better.

• What better name would you suggest for the GNU Image Manipulation Program? It "at least tries to vaguely describe the function of the program".
• How is Blender (English for "food processor", referring to a 3D modeling app) any better than Ubuntu (Zulu for "humankind", referring to a Linux distribution)? Is it just that English is historically more prestigious than Zulu as a naming language?
• Xfce (

Re:

[mrchaotica]

What better name would you suggest for the GNU Image Manipulation Program?

GNUImage?

Or, what's the Zulu word for "Photoshop?" ; )

How is Blender (English for "food processor", referring to a 3D modeling app) any better than Ubuntu (Zulu for "humankind", referring to a Linux distribution)?

1. Artists blend colors and shapes. 2. Blenders and food processors are not the same appliance -- the former liquifies; the latter dices. 3. I agree that Ubuntu isn't a bad name.

Xfce (XForms Common Environment) used to be des

Re:

[WaywardGeek]

I totally agree with your list, which means you are better than most of us geeks at picking, or at least evaluating names. I would love an alternative to CipherShed. I bet you could help here. Can you think of better names.

I like the name password-hashing entry in the PHC called OmegaCrypt. I was considering contacting the author, Brandon, to see if he'd let us use it. Some people on the CipherShed project don't want either True or Crypt in the name, partly for fear of trade-mark dispute, and partly to

Re:

[Dragonslicer]

Good ones: Inkscape, Thunderbird, Blender, VirtualBox, Linux...

Crappy ones: GIMP, Tahoe-LAFS, Ubuntu, Kdenlive, XFCE...

I personally think that you hit the sweet spot when you have a name which sounds cool and professional, is easy to remember, and at least tries to vaguely describe the function of the program.

A lot of software fails your last requirement (Thunderbird, Blender, Linux for a lot of people), but that isn't limited to open source software. While Microsoft has the reasonably-named Windows and Word, they also have Outlook, Excel, and PowerPoint.

Re:

[sexconker]

LAME
WINE
MAME
etc.

LAME and WINE are especially terrible since their names are lies - LAME IS an MP3 encoder, and WINE IS an emulator (the word "emulation" is not restricted to emulating hardware or an instruction set).

Re:

[ihtoit]

WINE is a recursive acronym, it stands for "WINE Is Not an Emulator"...

Bit of a clue, there.

Re:

[sexconker]

WINE is a recursive acronym, it stands for "WINE Is Not an Emulator"...

Bit of a clue, there.

WINE originally stood for Windows Emulator.
WINE is in fact emulating bits of Windows - it is an emulator.
The backronym comes later.

It's a shitty name and propagate a shitty belief that it is not an emulator, that an emulator has some strict definition relating to hardware or instruction sets, etc.

I included it on my list for precisely these reasons, and your ignorant post validates those reasons nicely.

Re:

[ihtoit]

citations needed. My information comes from the WINE project, not your arse. WINE is a compatibility layer. A compatibility layer is not an emulator.

Re:

[sexconker]

"Citation needed" is the internet equivalent of "Nuh-uh! PROVE IT!" and "LALALALA I CAN'T HEAR YOU!".
Go look at the Wikipedia page, the kind of drivel morons like you slurp up.

The name Wine initially was an acronym for Windows emulator.[5] Its meaning later shifted to the recursive backronym, Wine is not an emulator in order to differentiate the software from CPU emulators.[6] While the name sometimes appears in the forms WINE and wine, the project developers have agreed to standardize on the form Wine.[7]

You lose.

The phrase "wine is not an emulator" is a reference to the fact that no processor code execution emulation occurs when running a Windows application under Wine. "Emulation" usually refers to the execution of compiled code intended for one processor (such as x86) by interpreting/recompiling software running on a different processor (such as PowerPC). Such emulation is almost always much slower than execution of the same code by the processor for which the code was compiled. In Wine, the Windows application's compiled x86 code runs at full native speed on the computer's x86 processor, just as it does when running under Windows. Windows system services are also supplied by Wine, in the form of wineserver.

Emulate (verb)
1 - To match or surpass (a person or achievement), typically by imitation.
2 - To imitate.

WINE is an emulator. It is not emulating hardware or an instruction set, it is emulating pieces of Windows. They initially claimed it was an emulator because it was. They later claimed it wasn't an emulator because they d

Re:

[fnj]

I'm not impressed by what it is named. It *IS* an amulator; fact; get over it.

Emulate: reproduce the function or action of (a different computer, software system, etc.).

So it's not an instruction-set emulator like qemu (was originally). Big deal. There are other things than instruction sets you can emulate.

Re:

[sexconker]

WINE emulates bits of Windows, it is an emulator. it does not emulate hardware, an instruction set, or even all of Windows, but it is an emulator nonetheless.
In fact, WINE originally stood for "Windows Emulator", before clowns decided to change it to that recursive backronym lie.

Check your facts.

Re:

[sexconker]

I don't know if you're joking or not.
LAME is in fact an encoder, and it infringes on tons of the MP3 patents held by Fraunhofer.
Originally, LAME was just a set of changes to existing encoders, and you were expected to provider your own copy of the encoder. That scheme went out the window really fucking quickly, though. LAME quickly became a full-fledged encoder in itself, infringing on many patents. I don't give a shit about the patents, but I do give a shit when people claim it isn't an encoder when it

Re:

[BronsCon]

and it infringes on tons of the MP3 patents held by Fraunhofer

I think you mean "infringed", as those patents have long expired.

Re:

[sexconker]

and it infringes on tons of the MP3 patents held by Fraunhofer

I think you mean "infringed", as those patents have long expired.

Have they? Do I care?
The point is that the LAME developers made the claim that LAME wasn't an encoder in order to skirt the patent infringement issue.
First they claimed they were only releasing changes, which was true. Then they were releasing a full encoder and claimed they were only releasing source code as as an educational effort and were not actually distributing an encoder so they weren't infringing on the patents (which is obviously bullshit). I don't think they were ever really pursued by the Fra

Re:

[BronsCon]

When it was named that, it was ,in fact, *not* an MP3 encoder. In fact, that it now ships with an encoder at its core does not change the fact that the LAME project (the part built around that encoder), in and of itself, is not an MP3 encoder. It's called nuance, those little details that matter oh so much.

Did the eventually-included encoder violate patents? Yeah, probably. Does it now? No, they've expired. Is LAME the encoder? No, it just includes it.

Re:

[CaptSlaq]

You forgot that Google is also misspelled, so it's almost worse. The worst name I can think of off of the top of my head was the thankfully short lived "Flooz", despite Wikipedia stating that it has a reasonable base.

Re:

[fnj]

So you think fsck is something besides a descriptive abbreviation for File System Check? What about ls (List), rm (Remove), cp (Copy), or touch (literally, Touch File). Oh, I see. It's a pre-teen double entendre.

Re:

[WaywardGeek]

I find EncryptAll not bad. The bar here is not that high... just has to be an improvement. The guys on the CipherShed team would kill me for suggesting Pure-Crypt, but I think that's available and also aligns us well with Pure-Privacy, the new foundation promoting online privacy.

Re:

[kaatochacha]

ugh.

Expect a FISA or PRISM notice in...

[Bomarc]

How long before they get a FISA or PRISM notice?
Wonder if they will have a "Warrant Canary" posting.

Re:Expect a FISA or PRISM notice in...

[WaywardGeek]

Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.

Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.

TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.

Re:

[Cafe Alpha]

Since it's an open sourced project, the only ways they could maintain a back door would be:
1) find a pre-existing flaw, and either hope it isn't fixed or threaten each developer to keep them from fixing or mentioning that flaw.. Perhaps they could monitor the developers and catch them as soon as they talk about a flaw privately
2) threaten a developer and REQUIRE him to add a flaw and not reveal that he's doing it.

1) is a harder case, but it can partially be prevented by making all communication through a pu

Re:

[apraetor]

The problem with multi-person assurance games is that they require everyone to cooperate to maximize the payoff. Think of it like the Prisoner's Dilemma, where "civil disobedience" is the "cooperation" case, and "keeping quiet" is the "defection" case. From Wikipedia [wikipedia.org]: The dilemma then is that mutual cooperation yields a better outcome than mutual defection but it is not the rational outcome because the choice to cooperate, at the individual level, is not rational from a self-interested point of view.

They've already screwed the pooch.

[tlambert]

They've already screwed the pooch.

They've published the source archive under the original TrueCrypt license. As a result, unless there's a legal entity (person or company) to which all contributors make an assignment of rights, or they keep the commit rights down to a "select group" that has agreed already to relicense the code, they will not be able to later release the code under an alternate license, since all contributions will be derivative works and subject to the TrueCrypt license (as the TrueCrypt license still in the source tree makes clear).

The way you do these things is: sanitize, relicense, THEN announce. Anyone who wants to contribute as a result of the announcement can't, without addressing the relicensing issue without having already picked a new license.

Re:

[Kjella]

First of all, there's very little in a rebranding effort that will be of any significance if they're looking to relicense. The tricky part is that they must replicate the functionality from scratch, without getting derivative - typing it up again or changing the function or variable names won't be enough. That's a job they have to do in parallel, in the background until they're ready to ditch CipherShed 1.x (based on TrueCrypt) and release CipherShed 2.0 based entirely on non-TrueCrypt source code under the

Re:

[WaywardGeek]

This is not correct. Each individual file in TrueCrypt has a clear copyright notice at the top. Every file with any E4M license will be replaced from scratch. After that, we'll do the files that have TrueCrypt license, though mainly so we can migrate to a better FOSS license.

Re:

[complete loony]

Apparently any new code they write can co-exist with a different license. So they intend to slowly replace it all.

Re:

[viperidaenz]

or an ARM instruction set, designed by poms.

I guess FalseCrypt was taken

[gatkinso]

CipherShed indeed.

Re:

[NReitzel]

Strange that you should mention this. In point of fact, they released the source code.

Let's read that again:

They Released The Source Code

Dude, that genie is -out- of the bottle. The source builds easily on several platforms, and produces a nice functional FakeCrypt wherever you might want it. Now, let us examine the implications of litigation against people who have brought up their own version.

First, ostensibly honest people who just want some security will be the targets. And wha

I prefer doxbox

[monkey999]

I like the doxbox [github.io] project - it works with linux crypto containers as well. Its a fork of freeotfe [wikipedia.org] that was always better than truecrypt because its easier to use and has a license that encourages people to contribute.

Re:

[ron_ivi]

Thank You!!! I've occasionally looked for something exactly like this.

Secure? Wordpress?

[X10]

Their site says "proudly powered by wordpress". Err, "security", "wordpress", isn't that mutually exclusive?

Re:

[thatkid_2002]

You beat me to it. You can't write security software and have a Wordpress based website. It's just insane. My trust level went from 70% to 0% as soon as I noticed Wordpress in the footer.
Go use Nikola (or similar). You can easily maintain the website publicly within a Git repo!

best news all day

[CosaNostra Pizza Inc]

This is great news and honestly, its the best news I've had today.

Used to be Cipher-Two-Sheds...

[qw(name)]

But then he sold one.

BeerCrypt

[hodet]

Well we only had one Beer story today, so I nominate BeerCrypt. Because we all love beer and crypto. It's a no brainer and the quicker you bring Cipher-Shed behind the wood shed the better. Let Mcafee have Endpoint and Microsoft have BitLocker. Nice catchy names to make the most hard assed CEO blush and gush. BeerCrypt. You know you want it.

how about "InvisiFile"?

[cellocgw]

That's easy to pronounce, and since part of the intent of the encryption software is to present a disk with no evidence of there being an encrypted file, the 'invisibility' part may make sense to the nontechies.

I was going to suggest Data-B-Gone but that's probably trademarked by QVC :-)

Re:

[GameboyRMH]

Lots of great things have been invented in a shed.

Re:Shed??

[CaptSlaq]

Like TVR.

Re:

[Kjella]

Veracrypt seems to be similar inconcept but has made several releases so far and added some fixes from the code audit. This one OTOH has yet to release a version. It'd be good to have someone emerge the "generally recognized best" successor.

Veracrypt is also a one-man copyright fraud. No, not just infringement but as in actually taking the Truecrypt code and slapping another license on it. That project stinks to high heaven.

Re:

[Joshua Shaffer]

It's interesting though, if the authors of TrueCrypt really do want to stay anonymous... how will they ever exercise their copyright? Or for that matter prove that they ever owned the project in the first place?

Re:

[Luckyo]

How is it a violation of TrueCrypt's license when TrueCrypt's license specifically ALLOWS for this?

For the idiots who can't even read the story: TrueCrypt's license allows for taking all the code and reusing it, with only requirement being using a different name.

Fine as long as

[jordanjay29]

For the sake of keeping these tools out of the greedy hands of corporations, I'd almost be okay with using GPL for this project. It's not a cool license for developers, but I'd almost consider the value for end-users more important in this case. Locking this technology up behind a paywall won't do anyone any good.

Re:

[fnj]

Really? But by implication you'd be totally fine with closed source (as in Microsoft)? Just asking.

Re:

[thatkid_2002]

I think CiperhShed is one of the slickest names I've seen...
Yes, there is some poorly named Open Source software but the majority is really on-par with proprietary shit.