This is apparently where you stopped reading.

It's a great write-up, I read the whole thing. You clearly understand the domain well.

I really just don't get why you'd, in one breath, decry XTS, and then in that same breath, recommend people use TrueCrypt, which is, as you call it, "the best-known implementation of XTS".

Maybe just lead me to the water on this one. It's really the only thing left unresolved in our conversation.

Block-level encryption is a terrible, terrible approach for many reasons (which 'tptacek has referenced a million times). However, Truecrypt is the best such implementation, and it's a required approach in certain cases. You should be doing crypto at the application/filesystem level; if you can't, use Truecrypt. This isn't contradictory advice.

This is like, 89% of what I think (I don't think TC is the best, but it's not the worst).

What's weird to me is why we have a gigantic thread dedicated to the precise nuances of what I think about Truecrypt. Isn't this incredibly boring?

I didn't conduct phase 1 of the audit, and that's not precisely what I think.

Then you're right, it's entirely uninteresting.

That's not just what he said, he also said, "By encouraging people to rely on tools like Truecrypt, you are, in a very small but real way, endangering them."