while I am a great fan of truecrypt, tc files are now identifiable and searchable.

http://www.ghacks.net/2011/04/11/tchunt-search-for-truecrypt-volumes/

that said, truecrypt has many features I like, like diffrent and/or multiple encryption techniques, benchmarking, hidden containers within containers(deniability which hasn't been cracked), and of course its portable. It also supports keyfiles and pkcs #11 for authentication.

Its also portable, it can encrypt an entire partition, or just an easy to distribute container, which of course runs mac-linux-windows compatibility.

LUKS is easier to use though with gnome-disk-tool, but it lacks the many features of truecrypt.

I aruge that TAILS continue to provide both and let the user decide.

[TrueCrypt is] also portable, it can encrypt an entire partition, or just an easy to distribute container, which of course runs mac-linux-windows compatibility.

LUKS can of course encrypt entire partitions, and beyond Linux it's supported on Windows and DragonFly BSD. AFAIK it's not supported on Mac OS X (yet?), though.

[...] I would like to request that Truecrypt remains an option indefinitely. Despite its less than open nature it does have some important advantages.

Regardless of TrueCrypt's "less than open nature" and other issues there might be very real security reasons to not include it exactly because it supports plausible deniable encryption. Below I will detail some thought I've been entertaining for the last couple of years that I feel are ripe for venting now:

While a very cool idea, simply possessing tools supporting plausible deniable encryption could be dangerous in itself if you live in an area where the "law" either practices rubber-hose "cryptanalysis" (i.e. torture), or has a key disclosure law (which includes countries like UK, France, Canada). As you know, it's precisely these practices and laws that plausible deniable encryption is intended to protect against. So, imagine that you live in such an area, get suspected or arrested for some crime, that the authorities seize you computer as a result, and that they find your TrueCrypt installation on it.

Problem 1: If a TC volume indeed is indistinguishable from random junk, then any file that looks like random junk may be considered as TC volumes by your adversaries, even those that in fact are not TC volumes or encrypted data.

Hence, even if you hand out keys and passphrases to the real TC volumes, your adversaries may demand keys and passphrases for the other random looking (but non-TC volume) files. You can truthfully deny that they are TC volumes all you want, but they will torture you, or throw you in jail. You're screwed.

As have been pointed out, it may still be possible to determine whether a file is a TC volume or not by using analyzers such as TCHunt. However, after learning TCHunt's technique I must say it looks pretty weak and simplistic, and that it very easily can produce false positives. In fact, I did a simple test:

TMPDIR=$(mktemp -d)
for X in $(seq 1 100); do
    dd if=/dev/urandom of=${TMPDIR}/test.${X} bs=1b count=20000 2> /dev/null
done
echo $TMPDIR
# run TCHunt on ${TMPDIR}, i.e. the directory printed above

So, I generated 100 files of ~10 MB (but divisible by 512 bytes) of pseudo-random data generated from Linux' PRNG and then ran TCHunt on these. Every single one of them was incorrectly identified as a TC volume, so we have a 100% false positive rate. There may be better commercial alternatives to TCHunt, though. If not, the problem with false positives just strengthens problem 1. Personally I generate such files from time to time for various reasons, so I would be screwed.

Problem 2: Since TC supports hidden volumes, even if you disclose all your keys and passphrases to your adversaries they may insist that you have hidden volumes when you in fact don't.

This could for instance happen if your adversaries didn't find what they were looking for in the "normal" TC container that you supplied them keys and passphrases for. Or perhaps they found what they wanted, but the prosecutor (naturally) just wants to fuck you even more by adding a few additional years on your prison sentence for refusal of (non-existing) key disclosure. You're screwed.

The essence, or generalization, of these two problems is that plausible deniable encryption gives your adversaries "plausible suspicion" (in lack of a better term). Since there are so few encryption tools that allow plausible deniable encryption, choosing a tool that supports it (like TC) instead of a tool which doesn't (like dm-crypt/LUKS) may give them strong reasons to believe that you are indeed using that specific feature, and thus that you're not cooperating with them even when you really are cooperating as much as you can.

For the above reasons it seems like plausible deniable encryption will only work as intended if either one of the following statements are true:

1. You live in a sane country with no practice of rubber-hose cryptanalysis/torture, and no key disclosure laws. (Note that if you do, you really don't need plausible deniable encryption -- "undeniable" encryption is enough.)
2. The implementation of plausible deniable encryption you use is completely secret; it isn't public, widely used or documented anywhere. You and everyone else using it must be able to keep that secret even under torture and serious legal threats/implications.
3. You live in a future where more or less all encryption software supports plausible deniable encryption, so it's nothing out of the ordinary. (OTOH, in such a future key disclosure laws may just be upgraded to a complete ban on encryption. Who knows?)

Let's see how these statements pan out with Tails:

We distribute Tails globally, and since there are countries for which 1 isn't true, 1 wouldn't be true for all Tails users. Hence inclusion of TC (or similar tool) would make Tails potentially dangerous for those users. 2 is trivially untrue for TrueCrypt in particular, and tautologically untrue (per definition) in general for any other such encryption tool we ever would ship with Tails. And 3 is not the case (yet?) as you probably know.

That said, I'd love to have the above proven wrong as I see plausibly definable ecnryption as a very desirable feature.

The UK has a key disclosure law, but they still need to prove beyond reasonable doubt that you have the key before they can convict and send you to jail. If you use a hidden volume or occasionally wipe partitions by overwriting with pseudo-random data then you have easily created enough doubt to avoid prosecution (assuming you didn't screw up in other ways and that is all they have).

TrueCrypt in portable mode is an option I suppose, but not ideal because you need to store the portable version somewhere or download it every time. If you want to store it then you need an unencrypted partition somewhere.

If your adversary wants to beat you, then they'll do it. No guarantee once they get what they want from you anyway they'll spare you. Even with LUKS, whatever other encryption.

Then you also have TOR and setups to use everything for it. The entire tails CD is reasonable suspicion to a paranoid or fascist government or adversary.

Again if they want to torture you, they're gonna do it no matter what they tell you.

You can discount truecrypt for working better.

Besides, its container files make it really portable, i.e. can be uploaded and shared on internets, copied and pasted like any other file.

Oh, and your truecrypt container can be used on just about any computer in existence with truecrypt because its been ported so widely, with official ports representing 99.9% of desktop usage.

but really....if your that scared, just use unencrypted FAT patitions. Don't use TOR either. quickly delete TAILS out of your browser history.

Pointless argument.

At least with Truecrypt, if they find your containers you can give them the decoy passwords to get into your fake storage. There's no way to prove there is another hidden container inside that unlocks with a separate password that contains all your revolutionary plans and contacts.

If you use LUKS/ect then you have no such options. If I'm an Iranian, and the choice is open the fake container and show the Basij my mild yet illegal porn, take the sentence and live another day OR handing over my LUKS password with hundreds of dissident contacts in it (guaranteeing execution for me and everybody on the list) I'm gonna go for option #1

Truecrypt is simply the best option. Read all the stolen FBI leaked emails from Antisec on Nov 18 where they talk back and forth about being unable to break TC encryption or read any data using their useless EnCase forensic software

Problem 1: If a TC volume indeed is indistinguishable from random junk, then any file that looks like random junk may be considered as TC volumes by your adversaries, even those that in fact are not TC volumes or encrypted data.

If a TC volume indeed is indistinguishable from random junk expect your enemies to shoot you in the head.

Problem 2: Since TC supports hidden volumes, even if you disclose all your keys and passphrases to your adversaries they may insist that you have hidden volumes when you in fact don't.

Even if you disclose all your keys, expect your enemy to shoot you in the head.

That said, I'd love to have the above proven wrong as I see plausibly definable ecnryption as a very desirable feature.

Because your such a little know it all twit, your users get shot in the head.

Seriously grow the fuck up, you can either give your users a chance to play along, play dumb and hope for the best, or you can force them to resist, give in, and be killed. I know what the real problem is, you just dont want to do the work.

I agree with the OP. TrueCrypt's allowing hiding a second OS without any evidence that it's there is a big deal. OTFE/LUKS apparently allows for this kind of functionality as well, but it needs a GUI since encryption in general is complicated for an average user and the more complicated operations involving creating and using an OS inside a hidden volume would confuse many even further. So, yes, please keep TC at least for as long as an adequate alternative is not available. Btw, has anybody successfully transplanted their Tails into a hidden partition/volume as TC supposed to do?

The problem of being caught in possession of TrueCrypt in a jurisdiction where it can cause problems is easily solved by allowing the user an option to get rid of TrueCrypt altogether without depriving the rest of us of the advantages TrueCrypt affords.

See ?create encrypted TailsData by default.