Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

P. Le Roux (author of E4M) accused by W.Hafner (SecurStar)

1,944 views
Skip to first unread message

TrueCrypt Team

unread,
Feb 3, 2004, 7:17:40 PM2/3/04
to

February 3, 2004

In the last two days, we have been receiving e-mails from Wilfried
Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
Paul Le Roux, the author of Encryption for the Masses (E4M), of the
following:

1) Intellectual property theft, stealing the source code of E4M
from SecurStar (as an employee of SecurStar)

2) Writing an illegal license that permits anyone to base his/her
own work on E4M and distribute such modified work (while, according
to W. Hefner, P. Le Roux did not have any right to do so).

3) Distributing E4M illegally (according to W. Hefner, all versions
of E4M always belonged only to SecurStar)


These statements have been made to make us stop developing and
distributing TrueCrypt, which is based on E4M 2.02a.

As we have a strong suspicion that these statements are false, we
e-mailed Paul Le Roux and asked him to clear up this issue. Paul, we
would also appreciate if you could post a statement to this newsgroup
and sign it with the PGP key used to sign the archives containing
the original E4M 2.02a source code. The PGP key properties:


Name: Software Professionals <in...@swprofessionals.com>
ID: 0xE7959B99
Fingerprint: B37D C864 9437 CD4D C313 9DC9 60E9 73E4
Type: RSA Legacy
Created: December 15, 1998


TrueCrypt distribution is suspended, until this issue is resolved.


Members of TrueCrypt Team

Ridge Cook

unread,
Feb 3, 2004, 8:50:01 PM2/3/04
to
Dear TrueCrypt team-

Sorry to hear about your problem. I've been using OTFE programs for a few
years and looked forward to putting TC through the paces.

After seeing this post, I went back and reread the original lic that Mr. Le
Roux placed on E4M (copied below). Perhaps an attorney can comment, but I
don't understand how a company can claim ownership over intellectual
property that was released into the public domain before the company was
born. The license is written in plain English . It certainly looks like Mr.
Le Roux granted you (and anyone else) the right to use his work as a basis
for modification, improvement and distribution; as long as its heritage was
acknowledged. Appears to me that you, in your posts and website, fulfilled
the terms of that license; but I'm sure you have consulted the proper people
for advice. Perhaps a counter suit for restriction of trade is in order?

In anycase, thanks for the work. and don't give up.....it just goes to show,
no good deed goes unrewarded.<g>

Yours-
Ridge Cook


-----------------------------------

License agreement for Encryption for the Masses.

Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.

This product can be copied and distributed free of charge, including
source code.

You may modify this product and source code, and distribute such
modifications,
and you may derive new works based on this product, provided that:

1. Any product which is simply derived from this product cannot be
called E4M, or Encryption for the Masses.

2. If you use any of the source code in your product, and your product
is distributed with source code, you must include this notice with
those portions of this source code that you use.

Or,

If your product is distributed in binary form only, you must display
on any packaging, and marketing materials which reference
your product, a notice which states:

"This product uses components written by Paul Le Roux
<ple...@swprofessionals.com>"

3. If you use any of the source code originally by Eric Young, you must
in addition follow his terms and conditions.

4. Nothing requires that you accept this License, as you have not
signed it. However, nothing else grants you permission to modify or
distribute the product or its derivative works.

These actions are prohibited by law if you do not accept this License.

5. If any of these license terms is found to be to broad in scope, and
declared invalid by any court or legal process, you agree that all other
terms shall not be so affected, and shall remain valid and enforceable.

6. THIS PROGRAM IS DISTRIBUTED FREE OF CHARGE, THEREFORE THERE IS NO
WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. UNLESS OTHERWISE
STATED THE PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE
QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.

7. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM, INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS, EVEN IF SUCH HOLDER OR OTHER PARTY HAD PREVIOUSLY BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.

--------------------------------------------------


"TrueCrypt Team" <tmp0...@truecrypt.org> wrote in message
news:a7b8b26d77f67aa7...@news.teranews.com...

<snip>


Peter Gutmann

unread,
Feb 4, 2004, 12:07:08 AM2/4/04
to
TrueCrypt Team <tmp0...@truecrypt.org> writes:

>2) Writing an illegal license that permits anyone to base his/her
>own work on E4M and distribute such modified work (while, according
>to W. Hefner, P. Le Roux did not have any right to do so).

>3) Distributing E4M illegally (according to W. Hefner, all versions
>of E4M always belonged only to SecurStar)

Disclaimer: IANAL, and it's been a long time since I talked to one about this
sort of thing, so count this as just an opinion:

This would depend on the terms of the license that Paul signed with SecurStar.
From discussions over this many years ago, it's not possible to unilaterally
retroactively change a license in this manner (this is why you'll occasionally
find open-source apps based on formerly freely-available work that's gone
commercial building on really old code that was distributed under a more
liberal license). If the license that Paul signed with SecurStar explicitly
says that it supersedes all previous ones then it'd be more tricky and you'd
need to get a lawyer to look at it. I assume it's also going to be governed
by European law, which may rule out getting a US lawyer to comment on it (for
example Europe has a stronger concept of moral rights than the US, which may
help in this case since it affects an artist's ability to control future use
of their work).

You could always submit it to slashdot and get the peanut gallery's opinion
:-).

Peter.

tadwoe

unread,
Feb 4, 2004, 4:59:08 AM2/4/04
to
TrueCrypt Team <tmp0...@truecrypt.org> wrote in message news:<a7b8b26d77f67aa7...@news.teranews.com>...

> In the last two days, we have been receiving e-mails from Wilfried

> Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
> Paul Le Roux, the author of Encryption for the Masses (E4M), of the
>

> ...


> TrueCrypt distribution is suspended, until this issue is resolved.
>

Boah! I am missing my words. Hafner is desperate! And he better should
be. Why would anyone go with his fishy company if there is now a
open-source product available.

Now let me ask you one thing: How many times did Shaun himself
(=SecurStar) mention that we were always free to use the available
sources to make a new otf-encryption program, given that we figure out
by ourselves how to write the
super-brainkilling-complex-win2k/xp-compatible-drivers?

This is getting funnier and funnier. With Hafner's latest actions,
would you really trust a company like SecurStar?

cymago

unread,
Feb 4, 2004, 6:19:00 AM2/4/04
to
"tadwoe"

> how to write the super-brainkilling-complex-win2k/xp-compatible-drivers?

One can extract from the Imad Faiad PGP658ckt09b3 distribution the
PGPdisk code only with the drivers.
It works well with WinXP SP1 but one must install the
full distribution to use only the PGPdisk function.

Remember that the first PGPdisk version was a stand-alone one.

cymago

Links to pgp658ckt
ftp://ftp.hacktic.nl/pub/crypto/pgp/pgp60/pgp658_ckt/pgp658ckt09b3.zip
ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/
http://www.staff.uiuc.edu/~ehowes/fixes.htm#ckt-un

Andraia Matrix

unread,
Feb 4, 2004, 11:42:01 AM2/4/04
to
> Disclaimer: IANAL, and it's been a long time since I talked to one about this
> sort of thing, so count this as just an opinion:

Me too. I just had to put in my comments as well.



> This would depend on the terms of the license that Paul signed with SecurStar.
> From discussions over this many years ago, it's not possible to unilaterally
> retroactively change a license in this manner (this is why you'll occasionally

Right. Once you place a license on it, that license applies to all
distributes of that release.

You can change the license and re-release the exact same files, but it
wont increase any restrictions or limitations that the original
release did (not) have.

> liberal license). If the license that Paul signed with SecurStar explicitly
> says that it supersedes all previous ones then it'd be more tricky and you'd
> need to get a lawyer to look at it. I assume it's also going to be governed

If that license says that, then it's probably not valid. You just
can't do that to stuff that has already been distributed with a
license that gives distribution / modification rights.

If SecureStar is claiming they signed something like that, then their
license with Paul is probably invalid / illegal. And Paul could
probably claim damages & extra fees from them for trying to claim
something they don't own the rights to.

> You could always submit it to slashdot and get the peanut gallery's opinion
> :-).

**EXCELLENT** idea!

Sarah Dean

unread,
Feb 4, 2004, 12:54:25 PM2/4/04
to
Anonymous...@See.Comment.Header (Bye Bye SecurStar) wrote in
news:33E8CBP038020.8079976852@anonymous.poster:

> Sam Simpson has been hosting E4M forever, apparently without complaint
> (certainly none legally). Now these NAZI FUCKS try to kill an OPEN
> SOURCE competitor so they can continue to shill their BACKDOORED crap
> to the public.
>
>
>
> FUCK YOU, SecurStar--we've got it already!
>
> And FUCK YOU, too, Shaun, for selling your soul to the devil.

Hey, take it easy (and *please* stop hitting the NG)!

Even though TrueCrypt may be down (for the time being, at least); it's
(literally) only a matter of time before further open source products are
released.

Hopefully though, the TrueCrypt team will be able to resolve the issues
SecureStar are throwing up without too many problems...

Sarah Dean

unread,
Feb 4, 2004, 1:10:28 PM2/4/04
to
TrueCrypt Team <tmp0...@truecrypt.org> wrote in
news:a7b8b26d77f67aa7...@news.teranews.com:

> February 3, 2004
>
> In the last two days, we have been receiving e-mails from Wilfried
> Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
> Paul Le Roux, the author of Encryption for the Masses (E4M), of the
> following:
>

[snip]


>
> TrueCrypt distribution is suspended, until this issue is resolved.

I'm very sad to hear that :(

AIUI, the TrueCrypt project has been under development for awhile now -
*surely* if SecureStar had any complaints about E4M, these would have been
raised, very publicly, a long time ago?

If there were any problems wrt E4M IPRs, I would have expected the E4M
source to have been widthdrawn completely a few *years* ago, at the time
DriveCrypt was first released...


I think I can safely say that the majority of people who read this NG
(myself very much included) want to see TrueCrypt stay open, and stay free;
hopefully the items SecureStar have raised can be resolved quickly and
successfully.


undertaker

unread,
Feb 4, 2004, 1:20:54 PM2/4/04
to
"Sarah Dean" <sde...@softhome.net> wrote in message
news:Xns9485B8F16...@130.133.1.4...

>
> hopefully the items SecureStar have raised can be resolved quickly and
> successfully.

Is just hot-air and bowel-gas. SecurStar is only trying to bluff and bully
their way to what they think will be a win for them. Of course, since they
are morons, they do not realize that any such attempts that they are making
is only speeding-up and escalating their inevitable demise. The errors of
TrueCrypt were to have real addresses, names and telephone numbers listed so
that they could fall victim to unfounded, frivolous, lawsuits, and
harassment. SecurStar has shown the true colors of their criminal
employees/partners, so expect them to be dirty in all ways until the bitter
end.

undertaker


Andraia Matrix

unread,
Feb 4, 2004, 3:55:07 PM2/4/04
to
pgu...@cs.auckland.ac.nz (Peter Gutmann) wrote in message news:<bvpulr$v2kcm$1...@ID-195212.news.uni-berlin.de>...

> TrueCrypt Team <tmp0...@truecrypt.org> writes:
>
> >2) Writing an illegal license that permits anyone to base his/her
> >own work on E4M and distribute such modified work (while, according
> >to W. Hefner, P. Le Roux did not have any right to do so).
>
> >3) Distributing E4M illegally (according to W. Hefner, all versions
> >of E4M always belonged only to SecurStar)

> This would depend on the terms of the license that Paul signed with SecurStar.


> From discussions over this many years ago, it's not possible to unilaterally
> retroactively change a license in this manner (this is why you'll occasionally
> find open-source apps based on formerly freely-available work that's gone
> commercial building on really old code that was distributed under a more
> liberal license). If the license that Paul signed with SecurStar explicitly


When DriveCrypt was freshly released, didn't SecurStar *continue* to
distribute both Scramdisk & E4M and their sources directly from their
own web site?

Those web sites just redirected you to a securstar web page that asked
for your email so they could send you a web site link and password for
you to go and download them.

I remember that becuase I refused to give them my main address and I
used a disposable address. (I already had the products, I was curious
as to whether they had changed anything or were offereing anything
new.)

I'd be willing to bet that if you went through the scramdisk archives
(and perhaps elsewhere) right here on goggle, you'd be able to find
references, comments, and links to where you could get hold of E4M
from SecurStar themselves.

If *they themselves* were distributing the old programs and their
sources, then that makes their entire argument invalid.

Perhaps you might want to look at this google thread here:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=66b01437.0110310340.1fd5bf45%40posting.google.com&rnum=14&prev=/groups%3Fq%3Ddownload%2Bscramdisk%2Be4m%2Bgroup:alt.security.scramdisk%26hl%3Den%26lr%3D%26ie%3DUTF-8%26group%3Dalt.security.scramdisk%26scoring%3Dd%26start%3D10%26sa%3DN

I'm sure there is more, but that alone should be interesting.

Of course, admittedly that does *not* prove that the files there were
distributing were the exact same files we already have & had. But,
with that and other items you could probably find in Google, you
should be able to easily pick apart SecurStar's claims.

Shaun Hollingworth

unread,
Feb 4, 2004, 7:11:15 PM2/4/04
to
On Wed, 04 Feb 2004 00:17:40 GMT, TrueCrypt Team
<tmp0...@truecrypt.org> wrote:

>
>February 3, 2004
>
>In the last two days, we have been receiving e-mails from Wilfried
>Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
>Paul Le Roux, the author of Encryption for the Masses (E4M), of the
>following:
>

<snipped>

Then why don't you just go write your own drivers etc. and use your
OWN code for your OWN programs ? Then you can be really glorious.

That's what Paul (and it seems some other people with him) and I
did......


As for open source, watch this space....

Shaun.

The expressed views are personal and not necessarily those of
Securstar.

Jeff

unread,
Feb 5, 2004, 2:42:05 AM2/5/04
to
andrai...@subdimension.com (Andraia Matrix) wrote in
news:e1cd25ba.04020...@posting.google.com:


> If *they themselves* were distributing the old programs and their
> sources, then that makes their entire argument invalid.

Not only that, if you go to http://www.e4m.net, which redirects to
securstar's homepage after a few secs, you will read the following note:

"THE PUBLIC VERSION OF E4M IS NO LONGER SUPPORTED AS IT IS NOW
OBSOLETE."

I wonder what "PUBLIC" means in Hafner's eyes.

us...@paranoid.xx

unread,
Feb 5, 2004, 3:20:20 AM2/5/04
to

On Wed, 04 Feb 2004 00:17:40 GMT, TrueCrypt Team
<tmp0...@truecrypt.org> wrote:

>As we have a strong suspicion that these statements are false...

Then why give in to your accusers? Reopen the web site and keep the
download available. Let them PROVE their point and shut you down. Dont
just throw in the towel and give them what they want without a fight.

Unless, of course, you believe them.

us...@paranoid.xx

unread,
Feb 5, 2004, 3:30:45 AM2/5/04
to
On Thu, 05 Feb 2004 00:11:15 GMT, sh...@securstarNS.de (Shaun
Hollingworth) wrote:

>
>As for open source, watch this space....
>
>Shaun.

That's so fucking lame, Shaun. And desperate. First of all it's
questionable at best that SS would go open source, and even if they
did, after the way you've yanked the security community's chain for
the last few years with your closed source product, why would anyone
buy open source SS when open source True Crypt is available?

And yes, it will be available, even with the web site down, you know
the source code and executable will start popping up everywhere (if it
hasnt already).


Leto

unread,
Feb 5, 2004, 5:58:14 AM2/5/04
to
sh...@securstarNS.de (Shaun Hollingworth) wrote in message news:<402187ad...@news-text.dsl.pipex.com>...

> Then why don't you just go write your own drivers etc. and use your
> OWN code for your OWN programs ? Then you can be really glorious.
>
> That's what Paul (and it seems some other people with him) and I
> did......


Scramdisk NT was based on E4M.
Scramdisk 98 driver includes work by Walter Oney.
E4M was partially based on SFS.
DriveCrypt uses E4M driver... Shall I continue?


We also remember you saying it was a HARD thing to do,
to make E4M work under Windows XP. To refresh your memory,
you said:

'And many many hours of burning the candle at both ends may be required
to deal with all of these.......

But this is the reason why we are reticent to release the DriveCrypt
source code...... UNLESS we can hide the solutions to these very
problems...

Why should we prevent our competitors (or would be competitors) going
through the hell we did ?

Given that the DriveCrypt device driver is a direct development of the
E4M driver, I know the answer to all these issues, and spent many many
solitary hours dealing with them. But I am afraid I must keep the
solutions to myself, as would anyone involved commercially...

However some people appear to think it's "easy"......'

[end of quote]


By the way, I thought you had left this newsgroup.

Shaun Hollingworth

unread,
Feb 5, 2004, 8:01:59 AM2/5/04
to
On 5 Feb 2004 02:58:14 -0800, selen...@yahoo.com (Leto) wrote:

>sh...@securstarNS.de (Shaun Hollingworth) wrote in message news:<402187ad...@news-text.dsl.pipex.com>...
>
>> Then why don't you just go write your own drivers etc. and use your
>> OWN code for your OWN programs ? Then you can be really glorious.
>>
>> That's what Paul (and it seems some other people with him) and I
>> did......
>
>
>Scramdisk NT was based on E4M.

The driver code, used the driver as a template. The added functions
and necessary modifications made it more different than similar......


>Scramdisk 98 driver includes work by Walter Oney.

Walter Oney wrote a skeleton driver, which monitored IO requests,
called "ReqMon" and passed them up for printing in a window, using an
associated GUI. This was published in a book called "Systems
Programming for Windows98" and I used this driver as a skeleton. for
SD, nothing more. Out of courtesy, I acknowledged him by way of
thanks.

Having written a book which was published by MicroSoft, I'm pretty
convinced that he wanted people who bought it, to make use of the
information published within its pages.........

As for going away, I've come to the conclusion I was mistaken, because
I was driven away by lunatics.....

Shaun.
Speaking for himself, rather than for Securstar.

Sam Simpson

unread,
Feb 5, 2004, 12:12:34 PM2/5/04
to
"Shaun Hollingworth" <sh...@securstarNS.de> wrote in message
news:402187ad...@news-text.dsl.pipex.com...

> On Wed, 04 Feb 2004 00:17:40 GMT, TrueCrypt Team
> <tmp0...@truecrypt.org> wrote:
>
> >
> >February 3, 2004
> >
> >In the last two days, we have been receiving e-mails from Wilfried
> >Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
> >Paul Le Roux, the author of Encryption for the Masses (E4M), of the
> >following:
> >
>
> <snipped>
>
> Then why don't you just go write your own drivers etc. and use your
> OWN code for your OWN programs ? Then you can be really glorious.

Hang on Shaun, the E4m license specifically allows derived works as long as
the product isn't called E4m - where's the problem? Who wants to go to all
the effort to write it from scratch if they don't have to?

If Paul didn't want this then he should have released it with this license.
If WH doesn't like it then tough shit - he can't retract the perpetual
license now.

> That's what Paul (and it seems some other people with him) and I
> did......

And you've both been (rightfully...) praised for it.

> As for open source, watch this space....

SecurStar closing down TrueCrypt is hardly going to make DC popular, even if
you release and open source version!

Cheers,

Sam


Sam Simpson

unread,
Feb 5, 2004, 12:13:16 PM2/5/04
to

"TrueCrypt Team" <tmp0...@truecrypt.org> wrote in message
news:a7b8b26d77f67aa7...@news.teranews.com...

>
> February 3, 2004
>
> In the last two days, we have been receiving e-mails from Wilfried
> Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
> Paul Le Roux, the author of Encryption for the Masses (E4M), of the
> following:
>
> 1) Intellectual property theft, stealing the source code of E4M
> from SecurStar (as an employee of SecurStar)

Crap, it's available from www.samsimpson.com and was previously distributed
on the www.scramdisk.clara.net site.

Note that E4m was produced many years ago (I can probably find the
date...) - certainly before SD was purchased by SecurStar.

> 2) Writing an illegal license that permits anyone to base his/her
> own work on E4M and distribute such modified work (while, according
> to W. Hefner, P. Le Roux did not have any right to do so).

The only way that this assertion could be true is if E4m contained code that
was from another source. From inspection, the only source that appears to
be copied is some cipher code and this code doesn't forbid the use in E4m.

> 3) Distributing E4M illegally (according to W. Hefner, all versions
> of E4M always belonged only to SecurStar)

Smells like bull to me.

> These statements have been made to make us stop developing and
> distributing TrueCrypt, which is based on E4M 2.02a.
>
> As we have a strong suspicion that these statements are false, we
> e-mailed Paul Le Roux and asked him to clear up this issue.

I think you'll be lucky to get a response from PLR - last couple of
conversation I've had with him were very pro-SecurStar (though he may have
moved on by now).

<SNIP>


Cheers,

Sam


Sam Simpson

unread,
Feb 5, 2004, 12:22:15 PM2/5/04
to
Take it easy on picking on people with the initials SS ;)

"Creature with the Atom Brain" <Anonymous...@See.Comment.Header> wrote
in message news:9F6K5WLU3802...@anonymous.poster...
> What, now you losers are going to go open source all of a sudden? Gee,
what
> a little competition will do.
>
>
>
> I wouldn't buy anything from SS (apt initials) after this episode of
thuggery
> if Jesus Christ endorsed it.
>
>
>
> Go to hell, both of you.
>
>
>
> .
> --
> Questo messaggio e' stato inoltrato automaticamente
> da un paio di anonymous remailer. Il mittente originale
> e' sconosciuto e non identificabile. Datevi pace.
>
>


Carsten Krueger

unread,
Feb 5, 2004, 12:23:44 PM2/5/04
to
"Sam Simpson" <s...@samsimpson.com> wrote:

>Crap, it's available from www.samsimpson.com and was previously distributed

Found a bug on your page:
Q: How does Scramdisk compare to it's competitors?
PGPDisk. A previously free and open source program, the current
releases isneither.

Current release is open.

greetings
Carsten
--
http://learn.to/quote - richtig zitieren
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://oe-faq.de/ - http://www.oe-tools.de.vu/ - OE im Usenet
http://www.spamgourmet.com/ - Emailadresse(n) gegen Spam

David T.

unread,
Feb 5, 2004, 8:28:27 PM2/5/04
to
"Sam Simpson" <s...@samsimpson.com> wrote in message news:<bvttjc$ehe$1...@sparta.btinternet.com>...

> "TrueCrypt Team" <tmp0...@truecrypt.org> wrote in message
> news:a7b8b26d77f67aa7...@news.teranews.com...
> >
> > February 3, 2004
> >
> > In the last two days, we have been receiving e-mails from Wilfried
> > Hafner, manager of SecurStar. In the e-mails he repeatedly accuses
> > Paul Le Roux, the author of Encryption for the Masses (E4M), of the
> > following:
> >
> > 1) Intellectual property theft, stealing the source code of E4M
> > from SecurStar (as an employee of SecurStar)
>
> Crap, it's available from www.samsimpson.com and was previously distributed
> on the www.scramdisk.clara.net site.
>
> Note that E4m was produced many years ago (I can probably find the
> date...) - certainly before SD was purchased by SecurStar.


Yes, Sam, E4M was beyond any doubt released before DriveCrypt.

> > 2) Writing an illegal license that permits anyone to base his/her
> > own work on E4M and distribute such modified work (while, according
> > to W. Hefner, P. Le Roux did not have any right to do so).
>
> The only way that this assertion could be true is if E4m contained code that
> was from another source. From inspection, the only source that appears to
> be copied is some cipher code and this code doesn't forbid the use in E4m.


This is what W. Hafner told us. He claims, that E4M contains certain
parts that Paul Le Roux had no rights to release (under the E4M
license). He also said that SecurStar had all the necessary
permissions and/or rights to the mentioned parts.

> > 3) Distributing E4M illegally (according to W. Hefner, all versions
> > of E4M always belonged only to SecurStar)
>
> Smells like bull to me.


To be honest, we do not believe it either.

> > These statements have been made to make us stop developing and
> > distributing TrueCrypt, which is based on E4M 2.02a.
> >
> > As we have a strong suspicion that these statements are false, we
> > e-mailed Paul Le Roux and asked him to clear up this issue.
>
> I think you'll be lucky to get a response from PLR - last couple of
> conversation I've had with him were very pro-SecurStar (though he may have
> moved on by now).


Paul told us that his lawyer had advised him not to comment on any
details regarding these issues - and unfortunately he hasn't. This is
a difficult situation for us, because we need a confirmation that the
E4M license is legal and valid. The only thing Paul told us was that
there was (and still is) a legal dispute between him and SecurStar
(intellectual property theft) and that he hadn't been involved with
SecurStar since 2002. If we continued distributing TrueCrypt, Paul
might someday have to pay consequent damages, caused by the allegedly
illegal E4M license, to SecurStar. We would like to protect Paul from
any negative consequences now. As soon as the E4M license is verified
to be valid, TrueCrypt distribution will continue.

We would like to thank everybody for their support. We appreciate it.


Regards,
David

Member of TrueCrypt Team

Peter Gutmann

unread,
Feb 5, 2004, 9:37:45 PM2/5/04
to
da...@atlas.cz (David T.) writes:

>This is what W. Hafner told us. He claims, that E4M contains certain
>parts that Paul Le Roux had no rights to release (under the E4M
>license).

Let me guess, he can only tell you what those parts are under NDA? Has
SecurStar been acquired by SCO now?

Peter.

Geoff Dyer

unread,
Feb 6, 2004, 1:41:37 AM2/6/04
to
On 6 Feb 2004 02:37:45 GMT, pgu...@cs.auckland.ac.nz (Peter Gutmann)
wrote:

>Let me guess, he can only tell you what those parts are under NDA? Has
>SecurStar been acquired by SCO now?

I think this fits the description "cruel but fair". 8-)

--
Geoff
(to e-mail me, remove any instances of "-nospam" from my address)

cymago

unread,
Feb 7, 2004, 5:22:00 AM2/7/04
to

"Lucifer"
> this is actually a case of unethical electronic fraud.

Is it a hoax? If not, there are some public infos available for this case
(at least in german) to show the reality of it.

If not, the company selling a security product with no source available is
headed by an "unethical" person.

I have been following Shaun since Scramdisk days. How I can longer trust the
DriveCrypt product?

cymago


P. Burrows

unread,
Feb 7, 2004, 12:07:11 PM2/7/04
to
In article <a7b8b26d77f67aa7...@news.teranews.com>,
tmp0...@truecrypt.org says...

> TrueCrypt distribution is suspended, until this issue is resolved.

Arrrrrrgh! Why couldn't i have found you a few days before this :-/

P. Burrows

unread,
Feb 7, 2004, 12:14:58 PM2/7/04
to
In article <MGF0X1BZ3802...@anonymous.poster>, Anonymous-
Rema...@See.Comment.Header says...

Stop this spamming!

Andraia Matrix

unread,
Feb 7, 2004, 12:17:30 PM2/7/04
to
Hey, just post a disposable email address in here, and I'm sure somebody
will be willing to send you v1.0 and v1.0a and the source code for it.
(each package is 500k, total 2meg.)

Or if you are just interested in v1.0, just go over to one of the mirrors
and grab it. Although I can't vouch for their legitmacy since I haven't
downloaded from them.

I'm surprised somebody hasn't already put this up on sourceforge or
something, since that seems to be the place to put things like Lame, WASTE,
etc. etc. SF doesn't seem to care in the slightest what it hosts.


"P. Burrows" <m...@privacy.net> wrote in message
news:MPG.1a8f39ad9...@news.usenetserver.com...

Andraia Matrix

unread,
Feb 7, 2004, 12:53:23 PM2/7/04
to
You got close....

http://chitchat.at.infoseek.co.jp/vmware/vdk.html#top

Is their virtual disk driver. GPL'ed


"John Smith" <m...@privacy.net> wrote in message
news:549a20lr4t35614q9...@4ax.com...
> On Sat, 7 Feb 2004 18:14:58 +0100, in article
> <MPG.1a8f3b725...@news.usenetserver.com>, P. Burrows

> Be careful! Shaun may accuse you of being a "Usenet Policeman".


Shaun

unread,
Feb 7, 2004, 1:08:22 PM2/7/04
to
On Sat, 07 Feb 2004 17:47:47 +0000, John Smith <m...@privacy.net> wrote:

>On Sat, 7 Feb 2004 18:14:58 +0100, in article
><MPG.1a8f3b725...@news.usenetserver.com>, P. Burrows
><m...@privacy.net> wrote:
>

>Be careful! Shaun may accuse you of being a "Usenet Policeman".


Well, isn't he ?

Regards,
Shaun.

Shaun

unread,
Feb 7, 2004, 3:40:52 PM2/7/04
to
On Sat, 07 Feb 2004 18:18:07 +0000, John Smith <m...@privacy.net> wrote:

>He probably wouldn't appreciate being called a "fascist bastard"
>though, so I thought it best to warn him, that's all.

Look I'm really very sorry about calling you that. I should not have
done so.

Regards,
Shaun.


watc...@shaun's.space

unread,
Feb 28, 2004, 8:46:41 PM2/28/04
to

>On Thu, 05 Feb 2004 00:11:15 GMT, sh...@securstarNS.de (Shaun
>Hollingworth) wrote:
>
>>
>>As for open source, watch this space....
>>
>>Shaun.

CMON SHAUN - We've been watching this space for almost a month - how
long do we have to watch it for ??????????????????????????????????

Open Source SS - UH HUH - I could be wrong but right now I'm LMAO!!

0 new messages