Slashdot Mirror

Truecrypt volumes have a Hidden Volume feature. Somebody forces you to give the password, just give them the password (after a suitable amount of reluctance) to the non-Hidden Volume. The other password is the one you never give, and they can't prove it even exists.

I never understood why people would upload a copy of a file to the Internet, manually/purposefully delete their only local copy, and proceed to complain that they no longer have a local copy.
Why on earth would you delete it from your computer?!?

There is NO excuse for this problem.

This is FAR from a new issue with "the cloud" either.
People used to do the exact same thing with web-hosting.
They would upload their website to a web server somewhere, delete their only copy, then when the hosting company went under, had the server crash, disk failure, whatever... the user would proceed to blame the ISP for the fact the user themselves deleted their only copy from their own computer. wtf?

The standard rule for backups is, if you can't bother to have two copies (One on your computer, one backed up on another device) then it clearly wasn't important enough to warrant bitching about when you lose it. That rule implied ONE copy was not enough... Why on earth would people think ZERO copies is any better?

Hard drives die. It's a fact of life. The "if" is always a yes, only the "when" is variable.
That fact alone is reason enough to already have more than one copy in your own home on your own equipment.
A provider disappearing like this should be nothing worse than a minor inconvenience in finding somewhere else to host it and upload another copy, then chase down URLs pointing there and update them. Sure, that can be a bit of work and is quite annoying, but it should be nothing on the scale of data loss.

Storage is cheap.
Encryption is easy (Thanks to the efforts of projects like PGP, GPG, and TrueCrypt)
BackupPC is free, runs on Linux which is free, and can be as simple as an old Pentium-2 desktop sitting unused in your basement that you toss a couple extra hard drives in.
You set it up once and it does everything for you! It daily grabs copies of other computers, all automated, all by itself. It can backup Linux, Windows, and even OSX via the network. You can feed it DHCP logs to watch for less frequently connected machines like laptops. It de-duplicates to save disk space, and can email you if and when a problem crops up. I only check mine twice or so a year just to make sure things are running (never had a problem yet) and as it deletes older backups only when needed to make room for new ones, with de-duplication I can go grab a file from any date between now and three years ago, at any stage of editing (Well, in 3 day increments for my servers.. but it's all configurable, and should be set based on the importance of the data!)
On ubuntu and debian based systems, it is a single apt-get install away. Likely just as easy on any other distro with package management.
Any true computer geek can slap together such a system with zero cost and spending less than an afternoon. Anyone else can do so for minimal cost and perhaps a day of work.

Apple has ridiculously easy backup software (Time Machine?), and Windows has the advantage of most of the software out there being written for it, so the odds that there are less than five different software packages to do this exact same thing is next to impossible.

Hell, even for non-geeks, most people have that one guy or gal in the family who supports everyones computers. Just ask them! They will likely be ecstatic to help, possibly will donate spare parts from their collection (Or find you the best prices on parts if not) - and be content in the fact they won't have to tell you things like "Sorry, your hard drive has the click-o-death, I can't recover anything from it." which no one likes to need to say.

This is worth repeating: There is NO excuse for this problem.

Personally, if it's important, I have a bare minimum of four copies.
One for actually using, on my system drive.
One that got a

Indefinite contempt of court:

http://forums.truecrypt.org/viewtopic.php?t=23969

That is exactly how TrueCrypt 6.0 works.

Changing passwords every month seems excessive. I use a different password for every site (banking, eBay, etc.) and keep the master list encrypted with http://www.truecrypt.org/ along with other sensitive info. Every year, I print out the passwords (and fake mother's maiden name, etc.) for most sites on paper and place them in the same envelope as my will, in a strong box / safe in the house.

When I die, whatever is in the TrueCrypt partition and whatever passwords I chose not to print die with me. My family will be able to recover all other account info without problem.

no technological solution exists.

That's simply not true. An implementation of the idea

Surely you jest? Getting amanda to encrypt your backups. Is just a matter of reading some howto files on amanda's website. And, just peeking over at bacula's website, I can see that they have a similar sort of setup. I don't use bacula, but I'm sure it is a matter of following the directions just like with amanda. It is not clear how anyone can consider encrypting backup tapes as a difficult process. For that matter, with TrueCrypt, OpenSSL, GnuPG, FreeBSD's geli, and linux's dm-crypt encryption in general has become easy and accessible. Add to that the hardware acceleration built into most new systems or just pure computational power of modern processors and organizations are remiss for not using encryption at nearly every turn. If you don't, you should lose your job.

Right !

And make sure you have a full hard disk encryption ! -> http://www.truecrypt.org/
And make sure you have your tier1 data some where else and also encrypted (SDHC 32GB or 1,8" SSD sounds good or ?).

I prefer saving my data encrypted on a datasette .. ;)

This is the best solution I have found so far:

1.) Install Vidalia: http://www.torproject.org/

2.) Install NoScript: http://noscript.net/ (Ghostery may be ok - but I'm not too familiar). This blocks Flash, Javascript, etc - but you can selectively enable certain content.

3.) Install the EFF's HTTPS Everywhere plugin: http://www.eff.org/https-everywhere
This will default sites like Google to use the SSL version of their pages if is possible - with Tor Exit Nodes being possibly monitored, SSL is your friend.

4.) Use AdBlock Plus: http://adblockplus.org/
This reduces unnecessary traffic through Tor (banner ads, etc).

Run your browser in Private Browsing mode as well and keep you History clean. Firefox has an option to clear this every time you exit. Tools to keep other things clear (Bleachbit on Linux and C-Cleaner on Windows never hurt)

If you are super-duper paranoid, you can use a Full Disk Encryption suite like Truecrypt: http://www.truecrypt.org/

Just make sure to pick a good passphrase (26+ characters) and keep your computer shutdown when you are not around it.

If you want to help out with Tor like me, I donated a share of my bandwidth to run a Tor Relay: https://www.torproject.org/docs/tor-doc-relay.html.en

PS I also change my IP address randomly every few weeks Simply changing your MAC address, hostname and then resetting your hardware will do this. Most ISPs do not retain data beyond 6mos so this also doesn't hurt.

PPS Fuck the police (with a cactus).

Finally, someone other me is saying that and whilst we're correcting XKCD.... Security
Um, It's called Deniable Encryption, and it's been around in consumer products for ages, so I wish people would stop giving that "obligatory" response to other stuff as well.

Trayless SATA - http://www.newegg.com/Product/Product.aspx?Item=N82E16817998041 - This isn't the exact brand I used, but this is the style. Do some comparison shopping. The case I use for each drive is the ADIDT HS-1 for 3.5" HD. I bought them off ebay for about half of newegg's price. I couldn't find them listed at the moment on ebay, but there are plenty of hits on the web.. hit google and you'll see the pics.. assorted colors. They're stackable too and have spaces for labels. This is a strong case -- it takes two fingers for me to open the snap. I also print numeric tags with a label maker to stick on the drive for identification in the corner. 1 TB hard drives - http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=100007603%20600003269&IsNodeId=1&name=1TB%20and%20higher - my pick is the Western Digital Green drives.. read up on their soft seek technology which made them the quietest drive at the time I researched them. They come in consumer and RAID versions. The consumer version works well for both applications and costs less. For the cost savings using this method, you can double up in drives which is a given for storing any data -- always have at minimum two copies. Because they're just plain drives, you won't need special hardware to read them if your PC is destroyed by natural disaster or stolen. Store one set off-site... safe-deposit box works good. Encryption is a plus http://www.truecrypt.org/.

Truecrypt provides just that kind of plausible deniability (other encryption products probably do, also). You can use a hidden volume so that one password decrypts to the 'dummy' files, but you need the 'real' password to decrypt to the 'actual' files. Just make sure your 'dummy' files are somewhat convincing as something you would bother encrypting, and you've got rather strong deniability.

A 'panic' passphrase wouldn't work since it would rely on the reading/decrypting software honoring the request to scramble the data (which the authorities have probably already made many copies of). But hidden volumes cannot be proved to exist, so there is no way for them to know that you've stored additional data in the encrypted partition.

Truecrypt provides just that kind of plausible deniability (other encryption products probably do, also). You can use a hidden volume so that one password decrypts to the 'dummy' files, but you need the 'real' password to decrypt to the 'actual' files. Just make sure your 'dummy' files are somewhat convincing as something you would bother encrypting, and you've got rather strong deniability.

A 'panic' passphrase wouldn't work since it would rely on the reading/decrypting software honoring the request to scramble the data (which the authorities have probably already made many copies of). But hidden volumes cannot be proved to exist, so there is no way for them to know that you've stored additional data in the encrypted partition.

Or you may use a plausible deniability system. But in doing that you may want to be reasonably sure that no data leaks exist, or you may find yourself in an even worse position.

Or you may use a plausible deniability system. But in doing that you may want to be reasonably sure that no data leaks exist, or you may find yourself in an even worse position.

I am only a middling user, but Truecrypt offers also plausible deniability, in that two different passwords offer access to a whole different set of data ("hidden volume"). It would be very difficult to assess if it has been used.

http://www.truecrypt.org/downloads2 ???

TrueCrypt.
Nuff said.
http://www.truecrypt.org/

Check out TrueCrypt, http://www.truecrypt.org/

Try here, or here, or here, or here.

Every time this topic comes up, people suggest these guys. There used to be PGP, I think it's commercial now, but there's GNU PGP.

I think any manner of Google searches will tell you how to do this. It's something that's been around for quite some time in various incarnations.

You may learn more if you do your own research but:

http://www.truecrypt.org/faq
[quote]The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits)[/quote]

https://www.dropbox.com/help/8
[quote]Before transferring a file, we compare the new file to the previous version and only send the piece of the file that changed. This is called a "binary diff" and works on any file type. Dropbox compresses files before transferring them as well. This way, you also never have to worry about Dropbox re-uploading a file or wasting bandwidth.[/quote]

Except that truecrypt heavily advertises this feature, so if you decrypt your volume and it has pictures of fuzzy kittens, they'll say "ha ha very funny, I said kiddie porn, not kitty porn. Now decrypt the secret volume."

Plausible deniability, in this case, means that there is no confirming evidence that there is data there. In this case, the poster is referring to this.

That said, presence of TrueCrypt drivers or bootloader would probably shatter that, and even without those, the court system isn't even remotely logical. All the prosecution has to do is convince a bunch of (non-technical) people that it's relevant, and you're back to "encrypted blob", see my OP, etc..

Sounds too error prone for me, thanks.
I'll stick with TrueCrypt.
Then I don't have to worry about trying to move the HDD between computers.

http://www.truecrypt.org/

There we go.. I don't understand this is still a question.

Regarding the Hidden OS,

When everything is done, you will actually have 3 passwords:
1) Hidden OS password - used @ the TC bootloader
2) Decoy OS password - used @ the TC bootloader
3) secondary partition truecrypt password - used from the TC application to unencrypt this secondary partition.

All the info is here.

Here. . . let me look up this easily searchable information for you: http://www.truecrypt.org/hiddenvolume

As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).

When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).

Note that TrueCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume). For more details, please see the section Protection of Hidden Volumes Against Damage in the documentation.

Not sure why you've cut the quote of the TrueCrypt docs prematurely.

It continues:

When using system encryption, plausible deniability can be achieved by creating a hidden operating system (see the section Hidden Operating System).

a) It's plausibly deniable due to how a Truecrypt volume masks itself

I just wanted to point out that, while they cannot detect if a Truecrypt hidden partition exists on the system partition, they can tell that the system partition is encrypted with Truecrypt.

http://www.truecrypt.org/docs/?s=plausible-deniability

also note that, for system encryption, the first drive track contains the (unencrypted) TrueCrypt Boot Loader, which can be easily identified as such

TrueCrypt (or BitLocker, PointSec, etc) allow you to encrypt your entire disk. If they get the hardware or hard drive, they'll have nothing but encrypted bits.

They could never decrypt the drive without the password. Of course, this is what'll really happen when they need your drive:
http://xkcd.com/538/

Of course, TrueCrypt does allow for plausible deniability if someone attempts to force you to reveal the encryption password:
http://www.truecrypt.org/docs/?s=plausible-deniability

truecrypt?
like in http://www.truecrypt.org/ ?

in that case I'm not so sure about how smart he is...

encrypt the data before writing.
at no point in its existence will it appear anything but white noise to unauthorized parties.

WRONG

Actually as someone pointed out above, the wear leveling algorithms in SSD's can cause problems for effective encryption.

http://www.truecrypt.org/docs/?s=wear-leveling

So as always, the answer is "Physically completely destroy the drive".
-Taylor

Interestingly (as noted above) TrueCrypt has a warning on creating encrypted volumes on volumes that do wear-leveling, which I assumes includes most SSDs these days?

http://www.truecrypt.org/docs/?s=wear-leveling

Truecrypt supports hardware acceleration.

(may not be helpful to you with a netbook, but others should know)

The lack of security of SSD's is not new! So unoriginal, in fact, that Truecrypt.org doesn't even recommend that you encrypt an SSD drive!

The whole point is not to get lulled into a false sense of security when using a "long" password. The 37 char password "Dp+qnKOU52Lc)|37GPa1\c]YD}A+E;W-v8VCh)" has 244 bits of entropy while the 37 character sentence "The quick fox jumps over the lazy dog" can have as less as 20 bits for an attacker that has a "1 million famous phrases" list - which is sure to contain such a well known sentence.

Lastly, there have been numerous articles, and legal documents, showing the NSA/FBI/etc attempting to crack many different peoples volumes, but being unable to. Don't see them as magic, they can't just crack anything they want.

I would expect such a capability to be reserved for national emergency situations, anti-terrorism threats etc. not for the run-of-the-mill paedophile or fraudster.
Let's analyse TrueCrypt for a second: the build installed on my computer offers by default to create an AES volume using RIPEMD-160 iterated 2000 times under PBKDF2 as the key derivation function. A single ATI Radeon can try about 1 million such keys per second (TFA, assume RIPEMD-160 ~ SHA1, they are close designs), without being optimised for such a task. It's not a stretch then assume the NSA can build a dedicated crack chip that can do 10 million keys per second, while costing between 10$ and 30$ including interconnects, cooling, power supply etc. This means a 10 to 30 million dollar NSA hardware cracker comprising of one million such chips can try 10^13 TrueCrypt passwords per second, or 3 * 10^20 per year.
Thus, the NSA can crack within a year any TrueCrypt password with less than 68bits of entropy, using a 10 to 30 million $ cracker !

Well then, 68 bits covers a perfectly random 10 character password, perfect 14 character alphanumerics, perfect 20 characters numerics, and most user generated English sentences shorter than 50 characters ! I must admit I'm a bit surprised myself. If you had such a capability and were a secret spy agency, would you advertise ?
It becomes critical why we must develop, review and switch to memory-hard password derivation functions such as scrypt, which have a much wider security margin against hardware attacks. According to scrypt's author, a $10 Million design attacking PBKDF2 would cost $210 Billion to achive the same performance against scrypt.

Truecrypt uses the first 1024 bytes of the key file only, and though not likely at this time, collision attacks could be a potential vector of attack with, and when, quantum processing becomes available.

The FBI seized his Beijing Automotive-issued laptop, and an analysis found 41 stolen Ford specification documents on the hard drive.

Dear "Mike",

When you get out, and if you decide to again play industrial spy, try this

Either way, smuggling data on physical media is kind of retarded.

Yes and no. If the data is 'in the cloud' there's a risk that it could be sniffed by someone else. If you copy your smuggled data onto physical media and keep it on your person then no one can sniff it. It's similar to mailing yourself a packet of confidential papers as opposed to hanging onto the papers yourself.

One word: Truecrypt

encrypt the blob before it is stored in the cloud. Use a keyfile

Either way, smuggling data on physical media is kind of retarded.

Yes and no. If the data is 'in the cloud' there's a risk that it could be sniffed by someone else. If you copy your smuggled data onto physical media and keep it on your person then no one can sniff it. It's similar to mailing yourself a packet of confidential papers as opposed to hanging onto the papers yourself.

One word: Truecrypt

encrypt the blob before it is stored in the cloud. Use a keyfile

TrueCrypt because it works.

FTK, PRTK?
Pffft, The FBI knows about those, and still didn't crack the TrueCrypt volume.

I've found that I only use organization solutions which I can have access to at any time. For example, a todo list is of little use to me if it can only be found on a single desktop computer. Because of this, I've found that solutions which allow access via my smartphone work best for me. That being said, it sucks entering information in via a tiny touchscreen or keypad. The obvious compromise, it seems, is to use web-based services that can sync with smartphone apps; cloud computing in other words. There are a lot of services that offer this, but I've only found a few that fit my last criteria that the apps be functional during times with no or limited internet access. These are as follows:

• For todo lists and reminders, I use Toodledo, an online service which stores and syncs your lists across platforms/devices. To access this on my iPhone I use Appigo Todo ($5.00).
• For scheduling and e-mail, I use Google Calendar and Gmail.
• For file storage and access, I use Syncplicity, Personal Edition, which is free. Although, I have considered changing to Dropbox lately.
• For Notes and personal reference, I've found Notespark (free service; $5.00 app) to be more than enough.
• Because this type of setup is very public, I put any potentially sensitive data in Truecrypt archives on a USB stick attached to my carkeys.

Total cost is $10.00, not including the USB stick. And it seems to cover all the various forms of personal data.

-Grym

finite number of read/writes to flash memory

This myth needs to die.

I would cringe to do secure erases (writing zeroes)

Problem solved.

Woah, that's sad.
So not only do you need several mini-displayport adaptors ($30 each) and an external cd drive ($80), now you need a usb stick ($30) hanging out of the side of the laptop whenever you want to hard-wire it?

Additionally, because they still don't put a Westmere in, it doesn't support hardware AES.
Truecrypt is pretty much a necessity for any laptop (well, any of my laptops anyway).
And having AES-NI makes it that much nicer.

Nice try Steve.

Thank God for plausible deniablity.

http://www.truecrypt.org/docs/?s=plausible-deniability

http://www.truecrypt.org/downloads solves your #1, or get Windows Ultimate.

No, actually it wouldn't. At the very least they now have you on destruction of evidence and obstruction of justice. The "plausible deniability" afforded by TrueCrypt's hidden volume/OS feature is actually ideal because, provided that the appropriate security precautions have been observed (as outlined in the docs in the Security Requirements and Precuations section), it is well nigh impossible to prove that hidden volume(s)/OS exist. Any "evidence" of such is likely to be circumstantial at best, most probably along the lines of: "everyone who uses TrueCrypt uses the hidden volume/OS feature so defendant must be using it too!" or perhaps they analyze the disk and attempt to show that certain portions of the disk have been written to much more frequently than others (which doesn't really prove anything). The "official" judicial proceeding is exactly the situation where "plausible deniability" is designed to help. Now, if you find yourself in less civilized hands, the Iranians for example, then you can probably expect the rubber hose treatment or any number of other inventive and persuasive techniques. However, the British, at least for now, are far too civilized to resort to such crude and brutal methods, particularly when their own citizens are involved and the stakes are a few pictures of his 17 year old girlfriend's boobies.

No, actually it wouldn't. At the very least they now have you on destruction of evidence and obstruction of justice. The "plausible deniability" afforded by TrueCrypt's hidden volume/OS feature is actually ideal because, provided that the appropriate security precautions have been observed (as outlined in the docs in the Security Requirements and Precuations section), it is well nigh impossible to prove that hidden volume(s)/OS exist. Any "evidence" of such is likely to be circumstantial at best, most probably along the lines of: "everyone who uses TrueCrypt uses the hidden volume/OS feature so defendant must be using it too!" or perhaps they analyze the disk and attempt to show that certain portions of the disk have been written to much more frequently than others (which doesn't really prove anything). The "official" judicial proceeding is exactly the situation where "plausible deniability" is designed to help. Now, if you find yourself in less civilized hands, the Iranians for example, then you can probably expect the rubber hose treatment or any number of other inventive and persuasive techniques. However, the British, at least for now, are far too civilized to resort to such crude and brutal methods, particularly when their own citizens are involved and the stakes are a few pictures of his 17 year old girlfriend's boobies.

No, actually it wouldn't. At the very least they now have you on destruction of evidence and obstruction of justice. The "plausible deniability" afforded by TrueCrypt's hidden volume/OS feature is actually ideal because, provided that the appropriate security precautions have been observed (as outlined in the docs in the Security Requirements and Precuations section), it is well nigh impossible to prove that hidden volume(s)/OS exist. Any "evidence" of such is likely to be circumstantial at best, most probably along the lines of: "everyone who uses TrueCrypt uses the hidden volume/OS feature so defendant must be using it too!" or perhaps they analyze the disk and attempt to show that certain portions of the disk have been written to much more frequently than others (which doesn't really prove anything). The "official" judicial proceeding is exactly the situation where "plausible deniability" is designed to help. Now, if you find yourself in less civilized hands, the Iranians for example, then you can probably expect the rubber hose treatment or any number of other inventive and persuasive techniques. However, the British, at least for now, are far too civilized to resort to such crude and brutal methods, particularly when their own citizens are involved and the stakes are a few pictures of his 17 year old girlfriend's boobies.

That only works in the movies.

step 1 is to take an image and the original is never touched again. It ends up locked and tagged in an evidence vault.

Step 2 is to make the image read only. It prevents needing to go back to the original.

Plausable deniability is far more useful.
http://www.truecrypt.org/docs/?s=plausible-deniability

There is nothing to prove the existence of truecrypt volume from random data. "Officer I ran a randomizing software before reinstalling windows". For added security you can create a "fake" volume. The password you provide the police reveals and decrypts the fake volume further creating deniability that other volumes exist.

While prosecution likely won't believe you the burden (at least in the United States and other free countries) would be on the prosecution to prove that the second partition actually exists and isn't random data.