Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-tr…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [review'n'merge:1.2] feature/5373-replace-truecrypt
Hi,

sajolida@??? wrote (18 Sep 2014 14:33:21 GMT) :
> I anyway reviewed the documentation. See 169493d..82722e8.


Great job! I'm convinced that making this piece of doc as best as we
can will make the user support much easier (and even though, I guess
it'll be hard and take plenty of time => I would find it sound that
all front desk people try out this documentation and report back if
there are issues they expect users to have, or anything; once we're
done with this discussion, I can ask them).

Here are a few comments:

* "You can open most standard and hidden *TrueCrypt* volumes using the
`cryptsetup` command line." <-- s/command line/command line tool/
would be more accurate, I think.

* "losetup [device] [file]" <-- s/device/loop/, or s/loop/device/
above. I think that the latter is better, as "[device]" is used
consistently everywhere else.

* "mkdir /media/[name]" <-- on Jessie, there is another level in the
namespace, taken by the username, e.g. /media/amnesia/[name].
Maybe directly do "mkdir -p /media/amnesia/[name]" to make the
transition to Jessie a bit smoother? It might break the great bonus
bit that you've added, about having the device appear in the Places
menu, though => needs to be tested. If we go this way, then other
bits of the doc need to be adjusted accordingly.

* The explanation why one should close the TrueCrypt volume was
removed. I'm unsure about it. Maybe look into the GNOME
documentation and see if they give the user any hint why unmounting
filesystems is useful, e.g. before removing the backing device from
the system?

* In the provided example, the file container is stored in the Tails
persistent volume. I believe this is a very rare usecase, and giving
as the only example one with two levels of encryption can be confusing.
I think we should instead use /media/myusbstick/mytruecryptcontainer,
or similar. My understanding is that this is how people use
TrueCrypt in the real world.

> I put Tails
> 1.2.1 in there but feel free to change it for Tails 1.3. I'm still in
> favor of allowing a bit more time for our users to learn that new
> technique before being on their own. But 1.2.1 would work too.


I don't think I can argue on this any further without repeating myself :)

> I still have two little doubts regarding the text:


> - You said "most standard and hidden *TrueCrypt* volumes", which volumes
> wouldn't be covered by this technique? If there is any short way of
> putting it or external documentation then it might be worth pointing to
> it. Otherwise people who might failed will following our instructions
> might think it is because of that "most".


The "TCRYPT (TrueCrypt-compatible) EXTENSION" section in the
cryptsetup(8) manpage [1] has the details. Specifically, what's not
supported is "legacy cipher chains using LRW encryption mode with 64
bits encryption block (namely Blowfish in LRW mode".

[1] http://manpages.debian.org/cgi-bin/man.cgi?query=cryptsetup&apropos=0&sektion=8&manpath=Debian+testing+jessie&format=html&locale=en

> - In step 3 I explain how to attach a file container to a loop device.
> This is marked as "recommended for new users" in the TrueCrypt interface
> so I thought that this was really need.


Makes a lot of sense.

> But I'm doubting whether say "*loop device*" (with the *s) instead
> of "device" in that step.


I would do that everywhere in this step (without the *s*).

> That would impact a bit step 4


The fact we use [device] in the command lines in step 3 should be
enough for the reader understand that the "device" referred to by
[device] in step 4 is the "loop device" referred by [device] in
step 3, I think, so IMO step 4 can be left untouched.

Cheers,
--
intrigeri