Very interesting information. I really do hope they implement an open
version of this software, if for no other reason because I hate it
when big bullies (SecurStar) start throwing their weight around ;).
There are very few good encryption programs on sourceforge.
I also do not understand why Truecrypt cannot exist, the lisence that
comes with E4M (listed below) clearly states that "you may derive new
works based on this product" (with two slight limitations in #1 and
#2, BSD type).
I think he should write a story to slashdot and newsforge and get the
open source community in on this, its total bullshit the scare tactics
that securestar is doing.
License agreement for Encryption for the Masses.
Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.
This product can be copied and distributed free of charge, including
You may modify this product and source code, and distribute such
and you may derive new works based on this product, provided that:
1. Any product which is simply derived from this product cannot be
called E4M, or Encryption for the Masses.
2. If you use any of the source code in your product, and your product
is distributed with source code, you must include this notice with
those portions of this source code that you use.
If your product is distributed in binary form only, you must display
on any packaging, and marketing materials which reference
your product, a notice which states:
"This product uses components written by Paul Le Roux
3. If you use any of the source code originally by Eric Young, you
in addition follow his terms and conditions.
4. Nothing requires that you accept this License, as you have not
signed it. However, nothing else grants you permission to modify or
distribute the product or its derivative works.
These actions are prohibited by law if you do not accept this License.
5. If any of these license terms is found to be to broad in scope, and
declared invalid by any court or legal process, you agree that all
terms shall not be so affected, and shall remain valid and
6. THIS PROGRAM IS DISTRIBUTED FREE OF CHARGE, THEREFORE THERE IS NO
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. UNLESS
STATED THE PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK
AS TO THE
QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
7. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
OUT OF THE USE OR INABILITY TO USE THE PROGRAM, INCLUDING BUT NOT
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY
PROGRAMS, EVEN IF SUCH HOLDER OR OTHER PARTY HAD PREVIOUSLY BEEN
OF THE POSSIBILITY OF SUCH DAMAGES.
Post by Andraia Matrix
It'd be better if they'd just go ahead and fix their end, though.
Or at the least make the needed changes in their hosting so you could just
do it directly with the IP address. http://220.127.116.11/ Having to do it
in the hosts file is kind of bizarre. (Of course, not every web host allows
that, so that may be beyond their control. Many web hosts will put lots of
web sites onto the same IP address.)
As for their distribution issues.... All they really need to do is make
their changes into a "Diff" patch against e4m, and distribute that instead.
(And instead of requiring MSVC, Intel C, etc., let it work with MingW,
Borland C, or OpenWatcom, all of which are free. I think there are a few
others, but those are the major ones.)
That'd solve the whole situation for them. The user could take their freely
distributable patch, find their own e4m, apply it, and build their own copy.
That's what the LAME mp3 encoder team did for a long time. Just supplied a
Diff against the official free ISO demo source. That kept them out of legal
trouble from people far more powerful than SecurStar. (Eventually they did
just release their own, since they had completely rewritten it anyway and
there was no longer any original code left.) Since it's only source code,
it is protected under US law as free speech, unlike binaries.
And if the TrueCrypt team wanted to, they could still provide md5 hashes
etc. against their correct builds. (User compiled ones should generate
identical binaries, provided the build environment is set right.) Just so
users could make sure they did it right. (Or in case they got it from some
other source (p2p, etc.), they could verify that it is what it's supposed to
And if they didn't want to keep their own web site going, there are plenty
of places to host it, such as SourceForge and several other open source
development sites. LAME is even hosted at SF.
I don't see any real problems with them doing this... They just need to get
up and actually do it.
Post by WinTerMiNator Post by Gordon
I have NEVER been able to get to this site. www.truecrypt.org
What does the line below mean?
Site is always on. If you have DNS problems, add "18.104.22.168
Post by WinTerMiNator
www.truecrypt.org" in your hosts file.
If you are using Windows, you have "a local DNS" (Domain Name Server) on
your PC, which is called "hosts" (without extension).
It is a text file, that you can edit it with Notepad.
Locate it on your PC, open it with Notepad, add a line "22.214.171.124
www.truecrypt.org" and save your modified "hosts" file. Next time you will
want to connect to "http://www.truecrypt.org", your browser will read your
"hosts" file and connect to 126.96.36.199, which is the IP adress of
Just try it...
Michel Nallino aka WinTerMiNator
(Internet et sécurité: comment surfer en paix)
(GnuPG pour Windows)
Adresse e-mail: http://www.cerbermail.com/?vdU5HHs5WG