‐Q&A - glenw921/TripleCrypt GitHub Wiki

Q: Can I trust TripleCrypt (TC) and its developers? A: NO! TC is for securing your most precious secrets. NEVER trust! Verify. Keep reading this Q&A to learn more about HOW to verify, if you need guidance.

Q: How does TripleCrypt's choice to be a low tech web app increase the security of my secrets? A: (1) TC's custom code all runs within, and is overseen by, your web browser. All of it can be inspected and observed by you as it runs. (2) Hiding code is not possible. (3) Secretly loading malicious code is not possible. (4) All hardware access is controlled and conducted by your browser.

Q: I can't read HTML, CSS, or JavaScript...so how can I inspect the code to know if it is safe for my secrets? A: You can upload TripleCrypt's code files to MS Copilot for code inspection. The AI will read the code and answer your questions about the code. [TODO: Create a set of instructions and questions to help with this.]

Q: TripleCrypt (TC) uses 3rd party code libraries. How do I know these are trustworthy? A: (1) All code libraries used by your copy of TC are highly regarded and directly downloaded from widely used FOSS distributors during installation. (2) You can see the links in the

section of TC's HTML and investigate them. (3) You can modify the code and use other libraries and encryption algorithms if you want. [TODO: Provide instructions for using MS Copilot to investigate the libraries.]

Q: How do I know TripleCrypt's encryption will work? A: (1) You can inspect the code to see the encryption methods TC uses. They are all famous, widely scrutinized, and widely used. (2) TC never trusts encryption to just one library or algorithm. Your secrets will be encrypted by multiple, so your secrets will be safe if even only ONE does it's job well. [TODO: Provide instructions for using MS Copilot to investigate the algorithms.]

Q: Why does TripleCrypt only work when my computing device is offline? A: When it comes to managing your truly critical secrets, you should always assume every computing device is infected with malware. Once you begin using TripleCrypt on a computing device to access your secrets, you should NEVER let that device go online again - assume spyware has been recording your secrets and is just waiting for an internet connection so it can transmit them to cyber criminals. It is best to assume the OS itself is spyware.

Q: Is TripleCrypt's encryption safe against quantum code cracking and the relentless advance of computing power? If a cyber criminal gets my TC archive and holds onto it for 20 years, will my secrets still be safe? A: The brute force code cracking power of computers advances geometrically with time. Quantum cracking is only a theoretical threat at the time of this writing, but TripleCrypt (TC) and good archive management will provide you with some security if it ever arrives. Here's how TC will keep your secrets safer for longer: (1) Using multiple encryption algorithms means no single quantum crack or algorithm weaknesses will make your secrets vulnerable. (2) Using TC's own dictionary cipher system ensures that just opening your TC archive will reveal nothing. The cipher dictionary file is required to make the unencrypted archive data meaningful. By storing your unique cipher dictionary separate from your archive, you can ensure no single data breach will make your secrets vulnerable. (3) If you access and store your TripleCrypt files strictly on offline devices, you ensure that no data breach nor spyware will ever reveal your secrets. TripleCrypt makes this offline management possible.