Announcement

Collapse
No announcement yet.

TrueCrypt 7.0 Released With Hardware-Accelerated AES

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    You can think what you like, but it is VERY WEIRD for someone to be carting around a randomized disk. Yes, sometimes you write random junk to the disk to obscure old data, but HOW OFTEN DO YOU HAVE SUCH THINGS HANGING AROUND? Chances are that you are either going to DISPOSE of the thing or put it back into service with NEW ORDERED DATA ON IT. You're NOT going to just sit around with a stockpile of randomness.

    THE SIMPLE FACT that it makes NO SENSE to have a disk with randomness on it means that you ARE UNDER SUSPICION for having encrypted data.

    You can go ahead and try to mess with plausible deniability, but you can be CERTAIN that this kind of game will NOT stand up in court. Especially if you are posting messages like this on the internet and/or have a copy of the truecrypt binary installed on your non-encrypted hard disk somewhere. You can't seriously believe that this wouldn't raise a bunch of red flags, can you?

    And face it... the ONLY reason to obscure the FACT that you have encrypted data is because that encrypted data is ILLEGAL and you don't want THE COURTS to know that the data exists. If the data is NOT illegal, then there is no reason to hide the fact that it exists because the ONLY institution that can ORDER the decryption of that data is the COURT.

    And no, your girlfriend isn't going to go forensic-nuts and find that you have an encrypted loop filesystem stored in /var/encfs filled with pr0n, so she's no excuse.

    And yes, the court KNOWS about this game.
    And yes, despite the appearance of randomness, it is virtually trivial to identify the fact that you actually have encrypted data. Especially since you have no means of generating genuine random numbers.

    Here is an AMATEUR analysis of ONE FORM of vulnerability.


    Just imagine what tricks the NSA has against you. Deniability is a MYTH.

    Comment


    • #22
      Please stop this thing of caps letters, is disturbing.

      Originally posted by droidhacker View Post
      You can think what you like, but it is VERY WEIRD for someone to be carting around a randomized disk. Yes, sometimes you write random junk to the disk to obscure old data, but HOW OFTEN DO YOU HAVE SUCH THINGS HANGING AROUND? Chances are that you are either going to DISPOSE of the thing or put it back into service with NEW ORDERED DATA ON IT. You're NOT going to just sit around with a stockpile of randomness.
      As weird as you wish, the important thing is that it doesn't implies you have encrypted data. Maybe you are just paranoid or you working in an government, or a company that forces you to erase data using random data.

      Originally posted by droidhacker View Post
      THE SIMPLE FACT that it makes NO SENSE to have a disk with randomness on it means that you ARE UNDER SUSPICION for having encrypted data.
      You may be suspicious but there is no 100% guarantee.

      Originally posted by droidhacker View Post
      You can go ahead and try to mess with plausible deniability, but you can be CERTAIN that this kind of game will NOT stand up in court. Especially if you are posting messages like this on the internet and/or have a copy of the truecrypt binary installed on your non-encrypted hard disk somewhere. You can't seriously believe that this wouldn't raise a bunch of red flags, can you?

      And face it... the ONLY reason to obscure the FACT that you have encrypted data is because that encrypted data is ILLEGAL and you don't want THE COURTS to know that the data exists. If the data is NOT illegal, then there is no reason to hide the fact that it exists because the ONLY institution that can ORDER the decryption of that data is the COURT.
      No, not only illegal. Governments, governments agencies, F1 teams, illegal porn, whatever you can imagine, legal or illegal.

      Originally posted by droidhacker View Post
      Just imagine what tricks the NSA has against you. Deniability is a MYTH.
      True, that there is no public paper/algorithm showing a flaw against an encryption doesn't mean that it doesn't exist, who knows if all truecrypt encryptions are already cracked.

      Comment


      • #23
        Maybe they are secure or they don't. If they are not, at least there is no public information on how to crack them.

        Comment


        • #24
          On having courts force you - depends very much on local laws. In many places you cannot be forced to testify/incriminate against yourself, a relative, or a close person.

          Here is an AMATEUR analysis of ONE FORM of vulnerability.
          http://www.usenix.org/event/hotsec08.../czeskis_html/
          - "recently used" shortcuts
          - a desktop tracker
          - temp files

          All good points, but also something anyone security-conscious will avoid. In other words, only handle secure content on known secure systems; in addition to those there could be keyloggers, screen cappers etc.

          Comment


          • #25
            Originally posted by Jimbo View Post
            Maybe they are secure or they don't. If they are not, at least there is no public information on how to crack them.
            Although it may be possible to crack some encryptions (i.e. using known vulnerabilities or back doors), typically you don't NEED to crack them. All you need is *reasonable suspicion* of the existence, and carting around what looks like randomness combined with the fact that you have a truecrypt binary and post messages about plausible deniability in this forum.... is about enough to HANG you.

            And remember most carefully that the justice systems in even the most "free" countries in the world ARE NOT black-and-white. Plausible deniability does NOT hold water in court. Even if you GENUINELY HAVE randomness on your disks, a JUDGE or JURY is NOT likely to believe you given the evidence that you DO and CAN rig encryption to look like randomness. I certainly wouldn't believe you, and in my (qualified) EXPERT OPINION (the key word being OPINION, which means that I get to say it without being held legally liable for the consequences), you DO HAVE encrypted data stored on your disk in a manner designed to appear to be random.

            As a result, you will be issued an order to provide an unencrypted copy of the contents of the encrypted disk, which will result in some bad stuff either way... you will either finally admit to it and provide the data, or you will persist in your denial, resulting in you being charged and convicted with failure to obey a court order, and the assumption by the judge and jury (who are HUMAN and therefore you can't assume will offer you the full benefit of the law) that you are hiding vital information that would prove your guilt (whether it is true or not).

            In other words, it is now in **your** best interests to ensure that you don't have any genuinely random data on any disk in your possession, lest it be assumed to contain encrypted data.

            Sound a little paranoid? Well the world's legal systems give very good reason for being paranoid. "0" is a good number. Especially when there are billions of them back-to-back.

            FYI: randomness is not always a good approach to killing data (at least not by itself). In fact, it is a bad approach since (1) there is no such thing as truly random computer generated data, (2) randomness allows for the possibility that some segment of the disk will NOT be overwritten at all -- which means that SOME segment of the disk will survive the wipe, I dare you to try to guess which. There are several sequences of PATTERNS that you can write to disks in various orders in order to guarantee that data is completely obscured. The final pass should be some predictable pattern for a couple of reasons -- the magnetic fields of the pattern will tend to "sink in" to the disk, and second, you won't be accused of hiding encrypted data. Here you can stand up and say that it is policy (even your personal policy) to erase securely and that it was done prior to the investigation rather than to hide evidence.

            HOWEVER NOTE: that there is no such thing as a secure erase since the drive will remap bad sectors as they are discovered, and it may still be possible to read these bad sectors.

            The moral of the story: the only absolutely secure means of destroying data is to mix the disk into a vat of molten iron, and denying the existence of encrypted data is dangerous.

            Comment


            • #26
              Originally posted by curaga View Post
              On having courts force you - depends very much on local laws. In many places you cannot be forced to testify/incriminate against yourself, a relative, or a close person.



              - "recently used" shortcuts
              - a desktop tracker
              - temp files

              All good points, but also something anyone security-conscious will avoid. In other words, only handle secure content on known secure systems; in addition to those there could be keyloggers, screen cappers etc.
              These are, of course, the "low hanging fruits".

              One of the things that a lot of people don't think about (but is extremely obvious) is the contents of their SWAP FILE/PARTITION.

              Comment


              • #27
                You are always speaking about judges and court, what you have in mind? there are much more scenarios.

                Originally posted by droidhacker View Post
                In other words, it is now in **your** best interests to ensure that you don't have any genuinely random data on any disk in your possession, lest it be assumed to contain encrypted data
                False, I already pointed why.

                Originally posted by droidhacker View Post
                FYI: randomness is not always a good approach to killing data (at least not by itself). In fact, it is a bad approach since (1) there is no such thing as truly random computer generated data, (2) randomness allows for the possibility that some segment of the disk will NOT be overwritten at
                ...
                False, You are right about true randomness. Although the numbers created by some chaotic equations are very very near to truly randomness, in a large numbers of applications it doesn't care if the data comes from true randomness or very very near true randomness. And formating is one of them.

                Originally posted by droidhacker View Post
                randomness allows for the possibility that some segment of the disk will NOT be overwritten at
                ...
                Obviously the erasing software takes care of that. It really matters that "12345" is formated to "abcd5" (Hex values), preserving the 5.??

                Originally posted by droidhacker View Post
                that there is no such thing as a secure erase since the drive will remap bad sectors as they are discovered.
                If they are marked as a bad sectors is because they contain wrong data, or the data could not be accessed. There are tools that try to format them anyway. Plus, if this sectors contains fragments of encrypted / random data what is the problem? They will lead to nothing. Even if they could access to some bad sectors information, how many critical data could contain?

                Comment


                • #28
                  Originally posted by droidhacker View Post
                  The moral of the story: the only absolutely secure means of destroying data is to mix the disk into a vat of molten iron, and denying the existence of encrypted data is dangerous.
                  More or less agree, but what solution you suggest if you want to preserve the data?.

                  Comment


                  • #29
                    Originally posted by Jimbo View Post
                    You are always speaking about judges and court, what you have in mind? there are much more scenarios.
                    Ok, sure. The MAFIA can come in and threaten to break your legs if you dont hand over the data... and since they aren't bound by the justice system, you're even LESS likely to win against THEM using plausible deniability.

                    The ONLY cases where denying the existence of data matters are where those you are denying it TO have some means of forcing you to decrypt it for them.... and I can only think of the two cases where this is true; judicial orders or criminal coercion.

                    Denying it to your GF/wife doesn't matter since she isn't even bound by logic. Denying it to a competitor doesn't matter since you can simply thumb your nose at them unless they are able to obtain assistance in the form of the previous paragraph.

                    False, I already pointed why.
                    You may have pointed out your opinion, or the law, but you know as well as OJ knows that the justice system is flawed -- you can never assume that the law will be executed perfectly.

                    False, You are right about true randomness. Although the numbers created by some chaotic equations are very very near to truly randomness, in a large numbers of applications it doesn't care if the data comes from true randomness or very very near true randomness. And formating is one of them.
                    Unfortunately, as I've pointed out, any kind of randomness, real or pseudo, GUARANTEES a chance of non-randomness, especially as the size of the data set increases. The chance of partial non-randomness actually approaches 100% as the data size approaches infinity. We're talking in calculus and chaos here. Basically, as the data set approaches an infinite size, application of a random transformation over the entire data set will yield an infinitely long set of non-random data (since a data set of infinite length has an infinite number of infinite-length subsets). I.e. an infinite number of monkeys on an infinite number of typewriters.... etc.

                    Which, as you reiterate, is exactly why we need the following:
                    Obviously the erasing software takes care of that. It really matters that "12345" is formated to "abcd5" (Hex values), preserving the 5.??
                    Strictly BECAUSE it is guaranteed overwrite.
                    I.e., if you write every bit on the disk with 0's and then every bit on the disk with 1's, then you have definitely changed every bit on the disk.

                    And as I pointed out.... magnetic fields take time to align. When you just change the surface bit, the underlying layers SLOWLY absorb the changes over some period of time, and so you want to overwrite it with some non-incriminating and highly predictable pattern and let it sit for as long as possible in order for THAT PATTERN to sink in. After sitting for a long time, it is a good idea to do it again with a DIFFERENT pattern.

                    If they are marked as a bad sectors is because they contain wrong data, or the data could not be accessed.
                    It can mean lots of things, that the data wouldn't change when you wrote to it, that the checksum doesn't match the data, etc. The data that IS there is NEVER impossible to retrieve, though may require a specialized disk controller that is able to ignore the read errors and just spit out the data that's there.

                    There are tools that try to format them anyway.
                    The key being TRY. If the disk controller has them remapped, then you may need a specialized controller to REALLY try to force a rewrite.

                    Plus, if this sectors contains fragments of encrypted / random data what is the problem? They will lead to nothing. Even if they could access to some bad sectors information, how many critical data could contain?
                    This is the big question. HOW MUCH data is too much? I.e. sometimes all it takes is a little bit... and now with sector sizes up in the range of 4 kB.... you can store a lot of sensitive information in 4 kB. And if it can be determined or guessed that the data is encrypted, then all that's needed (even if it is just a fragment) is your decryption key or in the worst case a FEELING that you're trying to hide something.

                    what solution you suggest if you want to preserve the data?
                    NOW you've asked the RIGHT QUESTION.
                    There is a limit to how far you can go to preserve data while keeping it a secret. Burying it 10 feet down in your neighbour's back yard (without his knowledge) and accessing it wirelessly/encrypted using a machine with read-only access to local disks is probably fairly safe.

                    Comment


                    • #30
                      If you can only see mafia and court bad for u, plausible denial exist and is used, in many aspects. For example, there is a big difference if your boss suspect you steal information and then he goes to your desk:

                      - 1, your boss finds stolen data. In your “my documents folder”.
                      - 2, your boss finds an encrypted archive.
                      - 3, your boss finds an unformatted pen.

                      And there are much more situations, simpler, complex, legal, illegal.. not only mafia and courts. I repeat plausible denial exist and it is used.

                      Your idea of randomness is incorrect as the data increases the randomness is even more random, this is just why “good” chaotic functions are used, there is no pattern to be found. Although in this context we are speaking about formating a partition with random data, even if a pattern is found the important is that the erased data can not be recovered.

                      I have already pointed that the erase software takes care of writing every sector of the disk, more than 1 time (you can configure it), what kind of erase software should left untouched data on the disk?. You are not saying nothing new with this 0 first then 1.

                      yeah wireless 802.11 is so untraceable and so secure. I can even imagine something more secure, good point!

                      Comment

                      Working...
                      X