Slashdot Mirror

Which is why smart people use something that give plausible deniability.

truecrypt allows you to create a double encrypted volume. 2 passphrases. 1 - lets your torturers into a set of incriminating looking but innocent files, the other lets you into the real files. there is NO WAY to detect or extract the real files from the planted files.

look innocent to the coppers while you continue to hide the goodies.

looks even better if you have other things that use the same planted password and are your tax info ,etc...

Unfortunatly someone tried this already and faced the swift hammer of justice...This is colloquially known as tampering with evidence, which i believe is a criminal offence. what you want to do is use TrueCrypt. You give them all your music in triple DES or AES encrypted format. What I think is pretty awesome is that they have fake out passwords that give the appearance of decrypting the volume, while actually hiding it!

Being a general user and having no dicipline.

http://www.truecrypt.org/ is awsome and easy.

But users...are...getting...worse.

When your concept of file structure is such that you can't navigate to a file outside of "My Documents", security is really futile.

Until companies put a moratorium on hiring art-history majors and giving them a laptop, it's a bit much to ask.

Or for windows try Truecrypt (I think there is a linux version as well). It works like a dream, and there are some really niffty features (like addition of plausible deniability). It's pretty cool.

Because the people who steal laptops are often the type of people who won't know about this, so it won't protect you from being robbed...

Woe to the organizartion that loses a laptop computer containing unsecured personal information

http://www.truecrypt.org/

Cat. Mouse. Cat. Mouse.

So now we just counter this illegal wiretapping (yes, its still illegal, even though they've passed a law that makes it "legal") with extra strong encryption and Civil Disobedience.

Use TrueCrypt with the AES-Twofish-Serpent algorithm on your PC (Linux, Mac or Windows). If you want to use something simliar on BSD, look into GELI encryption for those partitions.

For phones, you could look into encryption handsets or telephone scramblers. There's this one too, or the Cryptophone GSM Phone Encryption solution. Google around, there's quite a few hundred solutions in this space... stack them together for even more security.

Disclaimer: I don't personally know how strong these algorithms are on these handsets, so use at your own risk.

With VoIP, you could easily layer whatever encryption you want on top of it. Bounce your call through a few foreign routers, run it through Privoxy, Tor and i2p and you should be good to go. Yes, it will incur some latency.. but I'd rather sacrifice speed for security or privacy, wouldn't you? Here is an article on securing VoIP. Worthwhile reading if you're using it or considering it.

Cat. Mouse. Cat. Mouse.

Now its OUR turn.

You take from us, we take back.

Which is why we're all using truecrypt hidden volumes, right? Right?

Which is why we're all using truecrypt hidden volumes, right? Right?

Quote from the CP Lab About Us page: "Our company is located in Kiev, Ukraine. CP Lab's employs high-class experts, ..."

It's difficult to imagine that it would be acceptable to use an encryption product without having the source code. If you have problems, will you go to Kiev and discuss them with the "high-class" experts? Do you speak Russian?

Suppose a database becomes corrupted, and you need to recover your passwords? Will you send the entire database to the Ukraine?

Suppose the company is now selling an entirely acceptable product. However, suppose that later the company is sold to someone else, without notifying the customers, as is usual with software companies. Possibly the new owner will decide to build a back door into a "minor" a version upgrade.

The Ukraine? Isn't that one of the places that the U.S. government's break-the-law department, the CIA, holds prisoners illegally? Is CP Labs owned by the CIA, perhaps? Is CP Labs owned by the CIA, but most CP Labs employees don't know that?

If you use an encryption product, it should be open source. That at least provides some protection. One advantage of open source, free software is that the users can hide the fact that they are using the product from the developers. Paying creates a connection between your company and the developers.

Possibly there is some way of using TrueCrypt and GnuPG that would work for you. Need passwords for your department? Someone in your organization who acts as password manager sends them to you encrypted with your public key. Only someone who has your department's private key can decrypt them.

Truecrypt

Do it device level on a separate hard drive. Won't even show up on a windows machine. Of course, you shouldn't write the key down, lest someone find it.

Just don't...forget...

...shit

RAID-5 protection for single drive failure isn't without points of failure. The average home user would probably need some training to be able to manage one effectively for disaster-recovery purposes.

I would highly recommend that anyone thinking of implementing one for the first time first read up on the hardware and drivers they intend to use. Next, after purchase & initial install, they should tranfer a bunch of test files & practice a rebuild by simulating a drive going bad (take 1 drive out, erase everything on it from another machine, put it back in and rebuild the array).

I found out the hard way that it's quite easy to end up with a bunch of cross-linked files if you botch a rebuild. At that point, you're basically hosed. My ASUS mobo has built-in nVidia RAID-5, and after my first rebuild about 60% of the original files were just missing. Running chkdisk on it restored the files, but about 50% of the restored files (so 30% of all the original files) were corrupted with bad clusters.

Also, a 1TB RAID-5 will show marked performance degredation if it's used heavily & not defragged regularly. A defrag operation can take 24 hours plus to complete on a terabyte filesystem if not run nightly.

I see Maxtor offers some pretty good sized drives for the OneTouch backup system; you can currently do a 500Gb setup @ less than $0.55/Gb, which ain't half bad. For content other than large media files, rotating a couple separate external devices like this would make for a pretty effective and secure backup strategy. If the data is sensitive, just TrueCrypt ( http://www.truecrypt.org/ ) the drives first thing.

Just make sure you encrypt the contents!

I've found Truecrypt to fit the bill nicely. :)
http://www.truecrypt.org/

I dont know about data destruction, but government strength data encryption is easy with TrueCrypt. Free, easy, and open source.

No, that's incorrect. Truecrypt claims that the space is still free, and all Truecrypt volumes are a fixed size and filled with random data. More info: http://www.truecrypt.org/hiddenvolume.php Basically, the police could overwrite that hidden data by accident, but they couldn't find it.

I use TrueCrypt. http://www.truecrypt.org/ I also removed U3. U3 took 3 seconds to load. Way too long to wait for Sneakernet.

Seriously, try TrueCrypt.

Setup was a breeze, and I now use it everywhere. I've only tried it in windows so far, but I have no reason to expect that the linux versions won't work perfectly well too.

I really like the level of security it appears to provide, and I no longer worry about identity or information theft by any casual or semi-serious adversary.

I have it installed on my 2002/2003 vintage Lexar JumpDrive 128, and on my newer PNY 2gb drive, and on my Sony Micro Vault 512mb. You can install just the encrypted file system, or install the necessary software on the drive too, or if you want you can encrypt the whole drive.

Jim

Truecrypt provides on the fly encryption and plausible deniability (also open source, and can run under windows and linux). And plus I think it would be good to secure data when the device holding that data can be easily lost/stolen.

I remember a while back someone asking about quality encryption for windows. TrueCrypt of http://www.truecrypt.org was the generally recognized awesome must have util ... I believe in their docs they said they can do encrypted sub-volumes within a larger encrypted volume that is toally undectable... I figured if anyone is really looking for a solution along these lines, there it is... I think it's probably a good idea to encrypt personal files anyways... I don't know how this would perform on a TB(s) of data though...

Quick, learn too much for your own good

Look in to using TrueCrypt + TC Temp, this will setup a truecrypt volume at bootup, set windows to use this drive as the TMP and TEMP directories, make sure your user profile in windows uses it as temporary storage also (think IE cache). Set your windows swap file to use the TCTEMP volume also.

Setup a second truecrypt volume for your file sharing program and songs, do not copy the songs or other files to and unencrypted part of the hard drive. Run MRU blaster and Adaware to keep the recent file lists clear on your programs. Run an eraser program on the free space of your drive weekly as a percaution anyway.

Remember before you delete your filesharing programs and data, uninstall the program first, DO NOT connect to the internet at this time, many programs will register the uninstall on a remote server. After uninstalling the program and zaping the truecrypt volume search the windows registry for left over keys that would show that the program has been installed. Do a full free space wipe on the drive.

Now, hopefully you have a highspeed internet connection, get Wget for windows and set it to recursively download microsoft.com, slashdot.org, ibm.com and any other huge site you can think of till the drive is almost full. Delete these files (but not erase them) then defragment your drive.

Make sure you leave NO TRACE of TrueCrypt or any secure file erasing program on your hard drive.

And make sure your copy of windows is licenced!

And name your political speech and religious freedom mp3s deceptively so they have to listen to 40 hours of essays on freedom of speach and copy right to see if you have one copy of britanny!

Quick, learn too much for your own good

Look in to using TrueCrypt + TC Temp, this will setup a truecrypt volume at bootup, set windows to use this drive as the TMP and TEMP directories, make sure your user profile in windows uses it as temporary storage also (think IE cache). Set your windows swap file to use the TCTEMP volume also.

Setup a second truecrypt volume for your file sharing program and songs, do not copy the songs or other files to and unencrypted part of the hard drive. Run MRU blaster and Adaware to keep the recent file lists clear on your programs. Run an eraser program on the free space of your drive weekly as a percaution anyway.

Remember before you delete your filesharing programs and data, uninstall the program first, DO NOT connect to the internet at this time, many programs will register the uninstall on a remote server. After uninstalling the program and zaping the truecrypt volume search the windows registry for left over keys that would show that the program has been installed. Do a full free space wipe on the drive.

Now, hopefully you have a highspeed internet connection, get Wget for windows and set it to recursively download microsoft.com, slashdot.org, ibm.com and any other huge site you can think of till the drive is almost full. Delete these files (but not erase them) then defragment your drive.

Make sure you leave NO TRACE of TrueCrypt or any secure file erasing program on your hard drive.

And make sure your copy of windows is licenced!

And name your political speech and religious freedom mp3s deceptively so they have to listen to 40 hours of essays on freedom of speach and copy right to see if you have one copy of britanny!

Like a locked garage, you must surrender the keys once subpoenaed.

The better answer is to use encryption.

Nested TrueCrypt volumes should do the trick. While some of the more paranoid may believe that the NSA can break into TrueCrypt type stuff (I don't), the powers that be surely aren't going to blow their load on a simple RIAA anti-P2P case, now are they?

If you really want to wipe data (without physical destruction of the drive), it's best to use a sector-level wiper, that doesn't care about filenames or filesystem. Once it's wiped, reformat, copy some meaningless crap onto it, delete said crap, and copy some more crap to ensure a bit of normal filesystem fragmentation. Whatever they undelete will just be meaningless crap, and it will be very difficult to prove that there was ever illegal/copyrighted material on the drive. The key is to hand over a plausible piece of evidence, not some squeaky clean, empty drive.

Some countries (such as the UK, I believe) are now making it an offence to withhold encryption keys in a criminal investigation, but if that law doesn't apply to you, consider keeping your grey-market stuff on an encrypted volume (don't rely on Windows EFS, since that has backdoors, and does not encrypt the filenames). Instead, try TrueCrypt (open source) or DriveCrypt (commercial).

Do I trust them to host my files and not go through them?

Absolutely. As long as your files are in a TrueCrypt volume.

http://www.truecrypt.org/

A pity they don't mention TrueCrypt.

Besides encrypting your data, TrueCrypt can also create hidden volumes:
"The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way."

So even if you reveal your password, the hidden volume stays safe. Not a bad feature, considering it is a crime in many countries to refuse to give your encryption key to the authorities...

Now, this might not be a common thing in the US. But here in India, a lot of companies have team laptops which we pass around (on-call duty for server pages, for instances).

And somebody from Delhi, did something up which works for exactly that. qryptix encrypts your home dir and mounts using your passphrase when you login, built as a pam.d module.

Except for the fact that I wanted a truecrypt built into it, so that I can have a hidden volume even after I pass-phrase in to the first volume, this works well enough for most purposes.

I think that truecrypt does a very good job at this.

I haven't used it all that much (ya know, while thumbdrives are easy to lose, I don't really care if someone sees how bad my assignments for the Operating Systems class really are), but I think it does a pretty decent job even in different environments.

Truecrypt can do exactly what you want. From here

After a system administrator installs TrueCrypt on the system, users without administrator privileges will be able to run TrueCrypt, mount/dismount any TrueCrypt volume, and create file-hosted TrueCrypt volumes on the system. However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall TrueCrypt, cannot change passwords/keyfiles for TrueCrypt partitions/devices, cannot backup/restore headers of TrueCrypt partitions/devices, and they cannot run TrueCrypt in 'traveller' mode.

Exactly what you want... when running TrueCrypt in normal user mode, no one will be able to encrypt the hard drive or anything else.

Truecrypt is actually fairly spiffy in this regard, between it's design goal of plausible deniability:

"It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. "

and the hidden volume feature:

"The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way."

Check out http://www.truecrypt.org/docs/?s=plausible-deniabi lity for more info.

In case you do want to crypt your files and when forced by an official of this oppressive regime to decrypt them, you make sure that you use TrueCrypt http://www.truecrypt.org/ From the page: Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume. 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data). So with one password you can open a volume that 'appears' to be what you needed to encrypt, but still hides the files that you intended to crypt in the first place. Good free software, perfect for us working with laptops.

Even better, use TrueCrypt and create a hidden volume within an encrypted volume. You decode the "dummy" volume for the investigators and, for shame, it has merely a racy picture in it. The real data is hidden in the "random" unused data elsewhere on that volume.

I _hate_ crap like that. I use DriveCrypt for encryption (from securstar.de), and it has the most horrific license system I've ever had the displeasure to use.

"...the files of a person's laptop may be searched at U.S. borders [PDF] without probable cause or even reasonable suspicion."

This will make some businises cautious about carying laptops with them while they travel.

[insert TrueCrypt response here]

With open-source tool TrueCrypt you can have hidden partitions with plausible deniability.

http://www.truecrypt.org/

Just a thought.

There already is an open source version: http://www.truecrypt.org/

See this thread: EFS is Microsoft encryption that is also poorly implemented.

I have heard no complaints about TrueCrypt, which is free, open source, developed by people with serious intelligence and dedication, and supports both Windows and Linux.

TrueCrypt is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.

This is exactly my point (maybe I wasn't very clear ;). If you want to break the encryptions, you don't do it using cryptanalysis. The only way is exploiting the human factors. The ciphers themselves are solid. That's why I said "using the correct implementation and a good key" all the time. If you encrypt something with a tool like TrueCrypt which uses a rock solid, completly bulletproof implementation with a good password (and, ofcourse, assuming that no one has hacked your system) you will be completly safe from any potential snoopers.

I really can't say enough good things about TrueCrypt. Every step of the process is done 100% right. What it does is that it it mounts a virtual drive on your system that is encrypted to a file on your harddrive. There is no trace in the files themselves that they are encrypted, they are completly idestinguisable to random noise. You can even hide a hidden drive inside a volume (so if someone forces you to reveal your password, you can still hide a bunch of files inside a volume). It is completly impossible to know whether a hidden drive even exists within a virtual drive if you don't have the password (for the hidden drive that is, which should be different from your standard drive password). It also includes tons of other features, you can choose any cipher you like, from Blowfish to 3-DES (although I have no idea why you wouldn't just go with 256 bit AES), you can backup the fileheaders if someone loses their password, you can use keyfiles in addition to your passwords, you can create "travel disks" so you can take your encrypted stuff on the road an not have to install TrueCrypt on every computer you wish to use, and any other feature you could possibly want if you want to encrypt data. If you don't want to bother with PGP, you could even make a tiny drive, add your files to it, and email it to someone! It's also fast as hell, as I said, you could watch Hi-Def movies from an encrypted drive and it will decrypt it on the fly and you wont notice a thing. All that, and it's open source! I really encourage anyone to use it that has a need to encrypt data.

You could always put them in an encrypted (http://www.truecrypt.org/) volume. Then it's one big file, and you don't have to worry about who stumbles upon your pr0n collection. Two birds with one stone?

I can't say I ever found any PGP product good for any application. It was way too complicated and just not what was needed.

Instead, I found my holy grail of encryption in Truecrypt (http://truecrypt.org )which simply has rocked for the longest time (I'm in no way associated with it). Its free, and as far as I'm concerned as far as free encryption tools go, nothing can touch it, esp if you use one of the double pass encyption methods down the list, and don't label your volumes as truecrypt volumes or keep the encrytion program and the encrypted data on the same harddrive (use a USB key). No way they can identify what it is if you leave no clues.

Unfortunatly, I found out today on Wikipedia that Truecrypt has a rather lest than sparkling history... it seems rather sordid actually from what its homepage would allude to....

http://en.wikipedia.org/wiki/Truecrypt

PGP's probelm was it was never really integrated into an email system, and it had that totally messy key system that really was not worth bothering with or learning unless you were a highly trained memeber of secret police agency (as opposed to John Q public). There definatly is a begging need for good encryption of plain text ascii emails, but PGP just doesn't step up to the job. It needs to be integrated end to end in sendmail or whatever other mail transport servers, and inside the big heavyweight email programs used out there... PINE, Netscape Mail, the webmail services, and perhaps even OUtlook.

Skip Truecrypt, encrypt your data in a small volume and attach it as a file to who you want to send it to... in fact, encrypt whole harddrives or create files that can be mounted as virtual harddrives.

Truecrypt: http://truecrypt.org/

Zimmerman is more of a posterboy against the man than really than anything else in my practical opinion. I don't know any compgeek that uses PGP, or anyone that uses it to encrypt their mail.

Good catch with the AES. Yes, WinRAR can be encrypted, yes it is only (currently) open to brute force attacks, but if you are serious and have anything you REALLY NEED to hide, I recomend Truecrypt. It boggles the mind at the caramel, chewy goodness. If Truecrypt were a president, she'd be Baberham Lincon. Yup. We're talking cascade encryption (Say an AES-Twofish-Serpent combo), auto dismounting, and even (for you poor sods in countrys where you're legally compelled to release your encryption password) hidden drives (you have two passwords for the same drive; one opens up a basicly innocous file, one opens up the rest of your stuff). Perhaps it's a bit overkill, but if there was ANYTHING I cared about (trade secrets, any closed source code, EMPLOYEE RECORDS, CLIENT RECORDS, etc.), I think it's worth the small time (and no cash) investment for powerful, on the fly encryption. Oh, and it's OSS too!

For encrypting single files, gpg is probably the simplest solution. Note that you don't have to bother with key-rings, digital signatures, etc. Just use conventional encryption and a GOOD (can't emphasize this enough) password.

A more user-friendly approach would be to use an encrypting file system, such as TrueCrypt, which presents a single file as a drive on your machine, and backup the encrypted file regularly.

http://www.truecrypt.org/

an informative podcast about TrueCrypt : here ... (Episode #41)

It does add some complexity, though. If you ever add data to the dummy volume you risk destroying your real data and it adds another step to access the real data. So, for those that don't want the hassle or risk, I imagine that shredding your deleted data would be the better option if you are forced to reveal your keys and you have deleted data that you don't want recovered.

As far as shredding files goes, that isn't really connected with the encryption process, but more to your hard disk speed. Writing random bits to a 10-30 GiB file is going to take a while no matter what program you use.

I don't know if this is in the ballpark, but we Truecrypt on hard drive backups we take off site. It is open source which is nice. It allows you to mount a virtual hard drive that is either a file on an existing partition or as a sort of phantom partition that only TrueCrypt will see. It encrypts on the fly, hence it's usefulness to us. We just have a few usb hard drives. When we plug them in, we can mount them using a password or more elaborate means. It may be worth a peek.

http://www.truecrypt.org/

I'd say your best bet'd be TrueCrypt.

You linked to it yourself, so you should be aware of the strengths of the application. It does on-the-fly disk encryption with either whole partitions or disk image files, has absolutely no problem with massive disks (I have a 40GB image on a USB drive), and is pretty fast. My benchmarks come up with 50MB/s average throughput (around 56MB/s encrypting, 47MB/s decrypting) for 256bit AES encryption on my machine. TrueCrypt seems to cope well with files of any size, and while I can't say I've tried 30GB, 4.7GB DVD images work very well indeed.

One thing that really makes it stand out in your scenario is the ability to use keyfiles. This allows you to select one or more files that will be used (hashed?) with your password to secure your data against those hardware keyloggers. (Although, I would question whether encryption is really required if you aren't that bothered about security.)

The best part of TrueCrypt is that it is completely open-source. No closed/proprietary systems and no snake oil. For encryption on Windows, when the built in stuff doesn't cut it, TrueCrypt is the only way to go, IMHO.

I've been using Truecrypt for a while. It's Open Source, and has a multitude of peer reviewed algorithms, including AES amoungst others.
http://www.truecrypt.org/ Highly recommended. It also has advanced features such as steganography and hidden volumes inside other volumes.