> Block-level encryption is a terrible, terrible approach for many reasons (which 'tptacek has referenced a million times). However, Truecrypt is the best such implementation, and it's a required approach in certain cases. You should be doing crypto at the application/filesystem level; if you can't, use Truecrypt. This isn't contradictory advice.
The only reason this even seems remotely contradictory is because you've taken Thomas's statement completely out of context (perhaps because it's nested about 50 lines in from the top-level comment that even provided the context in the first place).
Alternatively, it's only contradictory if you take a black-and-white, all-or-nothing interpretation of what Thomas says... which is quite ironic, because one of his key criticisms of Truecrypt is that it is all-or-nothing, as stated in the very same post that you quote[1].
No comments yet.
