Please stop this thing of caps letters, is disturbing.
You can think what you like, but it is VERY WEIRD for someone to be carting around a randomized disk. Yes, sometimes you write random junk to the disk to obscure old data, but HOW OFTEN DO YOU HAVE SUCH THINGS HANGING AROUND? Chances are that you are either going to DISPOSE of the thing or put it back into service with NEW ORDERED DATA ON IT. You're NOT going to just sit around with a stockpile of randomness.
THE SIMPLE FACT that it makes NO SENSE to have a disk with randomness on it means that you ARE UNDER SUSPICION for having encrypted data.
You can go ahead and try to mess with plausible deniability, but you can be CERTAIN that this kind of game will NOT stand up in court. Especially if you are posting messages like this on the internet and/or have a copy of the truecrypt binary installed on your non-encrypted hard disk somewhere. You can't seriously believe that this wouldn't raise a bunch of red flags, can you?
And face it... the ONLY reason to obscure the FACT that you have encrypted data is because that encrypted data is ILLEGAL and you don't want THE COURTS to know that the data exists. If the data is NOT illegal, then there is no reason to hide the fact that it exists because the ONLY institution that can ORDER the decryption of that data is the COURT.
And no, your girlfriend isn't going to go forensic-nuts and find that you have an encrypted loop filesystem stored in /var/encfs filled with pr0n, so she's no excuse.
And yes, the court KNOWS about this game.
And yes, despite the appearance of randomness, it is virtually trivial to identify the fact that you actually have encrypted data. Especially since you have no means of generating genuine random numbers.
Here is an AMATEUR analysis of ONE FORM of vulnerability.
Just imagine what tricks the NSA has against you. Deniability is a MYTH.
Please stop this thing of caps letters, is disturbing.
Maybe they are secure or they don't. If they are not, at least there is no public information on how to crack them.
On having courts force you - depends very much on local laws. In many places you cannot be forced to testify/incriminate against yourself, a relative, or a close person.
- "recently used" shortcutsHere is an AMATEUR analysis of ONE FORM of vulnerability.
- a desktop tracker
- temp files
All good points, but also something anyone security-conscious will avoid. In other words, only handle secure content on known secure systems; in addition to those there could be keyloggers, screen cappers etc.
And remember most carefully that the justice systems in even the most "free" countries in the world ARE NOT black-and-white. Plausible deniability does NOT hold water in court. Even if you GENUINELY HAVE randomness on your disks, a JUDGE or JURY is NOT likely to believe you given the evidence that you DO and CAN rig encryption to look like randomness. I certainly wouldn't believe you, and in my (qualified) EXPERT OPINION (the key word being OPINION, which means that I get to say it without being held legally liable for the consequences), you DO HAVE encrypted data stored on your disk in a manner designed to appear to be random.
As a result, you will be issued an order to provide an unencrypted copy of the contents of the encrypted disk, which will result in some bad stuff either way... you will either finally admit to it and provide the data, or you will persist in your denial, resulting in you being charged and convicted with failure to obey a court order, and the assumption by the judge and jury (who are HUMAN and therefore you can't assume will offer you the full benefit of the law) that you are hiding vital information that would prove your guilt (whether it is true or not).
In other words, it is now in **your** best interests to ensure that you don't have any genuinely random data on any disk in your possession, lest it be assumed to contain encrypted data.
Sound a little paranoid? Well the world's legal systems give very good reason for being paranoid. "0" is a good number. Especially when there are billions of them back-to-back.
FYI: randomness is not always a good approach to killing data (at least not by itself). In fact, it is a bad approach since (1) there is no such thing as truly random computer generated data, (2) randomness allows for the possibility that some segment of the disk will NOT be overwritten at all -- which means that SOME segment of the disk will survive the wipe, I dare you to try to guess which. There are several sequences of PATTERNS that you can write to disks in various orders in order to guarantee that data is completely obscured. The final pass should be some predictable pattern for a couple of reasons -- the magnetic fields of the pattern will tend to "sink in" to the disk, and second, you won't be accused of hiding encrypted data. Here you can stand up and say that it is policy (even your personal policy) to erase securely and that it was done prior to the investigation rather than to hide evidence.
HOWEVER NOTE: that there is no such thing as a secure erase since the drive will remap bad sectors as they are discovered, and it may still be possible to read these bad sectors.
The moral of the story: the only absolutely secure means of destroying data is to mix the disk into a vat of molten iron, and denying the existence of encrypted data is dangerous.
You are always speaking about judges and court, what you have in mind? there are much more scenarios.
The ONLY cases where denying the existence of data matters are where those you are denying it TO have some means of forcing you to decrypt it for them.... and I can only think of the two cases where this is true; judicial orders or criminal coercion.
Denying it to your GF/wife doesn't matter since she isn't even bound by logic. Denying it to a competitor doesn't matter since you can simply thumb your nose at them unless they are able to obtain assistance in the form of the previous paragraph.
You may have pointed out your opinion, or the law, but you know as well as OJ knows that the justice system is flawed -- you can never assume that the law will be executed perfectly.False, I already pointed why.
Unfortunately, as I've pointed out, any kind of randomness, real or pseudo, GUARANTEES a chance of non-randomness, especially as the size of the data set increases. The chance of partial non-randomness actually approaches 100% as the data size approaches infinity. We're talking in calculus and chaos here. Basically, as the data set approaches an infinite size, application of a random transformation over the entire data set will yield an infinitely long set of non-random data (since a data set of infinite length has an infinite number of infinite-length subsets). I.e. an infinite number of monkeys on an infinite number of typewriters.... etc.False, You are right about true randomness. Although the numbers created by some chaotic equations are very very near to truly randomness, in a large numbers of applications it doesn't care if the data comes from true randomness or very very near true randomness. And formating is one of them.
Which, as you reiterate, is exactly why we need the following:
Strictly BECAUSE it is guaranteed overwrite.Obviously the erasing software takes care of that. It really matters that "12345" is formated to "abcd5" (Hex values), preserving the 5.¿?
I.e., if you write every bit on the disk with 0's and then every bit on the disk with 1's, then you have definitely changed every bit on the disk.
And as I pointed out.... magnetic fields take time to align. When you just change the surface bit, the underlying layers SLOWLY absorb the changes over some period of time, and so you want to overwrite it with some non-incriminating and highly predictable pattern and let it sit for as long as possible in order for THAT PATTERN to sink in. After sitting for a long time, it is a good idea to do it again with a DIFFERENT pattern.
It can mean lots of things, that the data wouldn't change when you wrote to it, that the checksum doesn't match the data, etc. The data that IS there is NEVER impossible to retrieve, though may require a specialized disk controller that is able to ignore the read errors and just spit out the data that's there.If they are marked as a bad sectors is because they contain wrong data, or the data could not be accessed.
The key being TRY. If the disk controller has them remapped, then you may need a specialized controller to REALLY try to force a rewrite.There are tools that try to format them anyway.
This is the big question. HOW MUCH data is too much? I.e. sometimes all it takes is a little bit... and now with sector sizes up in the range of 4 kB.... you can store a lot of sensitive information in 4 kB. And if it can be determined or guessed that the data is encrypted, then all that's needed (even if it is just a fragment) is your decryption key or in the worst case a FEELING that you're trying to hide something.Plus, if this sectors contains fragments of encrypted / random data what is the problem? They will lead to nothing. Even if they could access to some bad sectors information, how many critical data could contain?
NOW you've asked the RIGHT QUESTION.what solution you suggest if you want to preserve the data?
There is a limit to how far you can go to preserve data while keeping it a secret. Burying it 10 feet down in your neighbour's back yard (without his knowledge) and accessing it wirelessly/encrypted using a machine with read-only access to local disks is probably fairly safe.
If you can only see mafia and court bad for u, plausible denial exist and is used, in many aspects. For example, there is a big difference if your boss suspect you steal information and then he goes to your desk:
- 1, your boss finds stolen data. In your “my documents folder”.
- 2, your boss finds an encrypted archive.
- 3, your boss finds an unformatted pen.
And there are much more situations, simpler, complex, legal, illegal.. not only mafia and courts. I repeat plausible denial exist and it is used.
Your idea of randomness is incorrect as the data increases the randomness is even more random, this is just why “good” chaotic functions are used, there is no pattern to be found. Although in this context we are speaking about formating a partition with random data, even if a pattern is found the important is that the erased data can not be recovered.
I have already pointed that the erase software takes care of writing every sector of the disk, more than 1 time (you can configure it), what kind of erase software should left untouched data on the disk?. You are not saying nothing new with this 0 first then 1.
yeah wireless 802.11 is so untraceable and so secure. I can even imagine something more secure, good point!