Encryption tools: Open source vs. commercial

Posted on 2008-10-20
Last Modified: 2012-05-05
I have been using TrueCrypt volume encryption since a long time. It is a nice product, no doubt. But when I see it's commercial counterparts like PGP and WinMagic, I wonder how reliable the open source products are. Does any government organization use these products? When you are serious about encryption, you will think of commercial products as they are tested thoroughly,  have been designed by experts in the field and most importantly, many government organizations are relying on them.

I want to know, when seriously talking about mission-critical data and encryption, should one go for open source tools?
Question by:rpkhare
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 43

Accepted Solution

ravenpl earned 125 total points
ID: 22761474
No matter what tool You use, You will get the same encryption strength. The encryption is the same.
The problem with open source is that nobody certifies it (nobody wants to spare money on that), yet some open source application are certified (like openvpn). Anyway, if You work for gov and need some guarantees (so You have some company to blame) - stay out from open source. Otherwise go with open source, especially such widely respected like trueCrypt.

About testing: the history showed that closed source is not more secure than open source...

Expert Comment

ID: 23349694
dont forget such important features like

1) centralized keymanagement
2) recovery mechanism


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question