Slashdot Mirror

TrueCrypt inside of TrueCrypt.

The inner volume can be hidden, and the creators believe that it is robust enough that it can not be identified if you don't know it is there.

http://www.truecrypt.org/

Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)

Better yet, support non-RIAA artists at sites like Magnitune. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.

My tips for installing TrueCrypt on Fedora Core 6.

having never used bitlocker, i was wondering what it would have to offer that truecrypt didn't?

with regards to 1) and 2) i would regard (once a few patches come out) those to be "practically equivalent" between vista and xp (directly playing hd dvd may be an exception though)

1. 1Gb USB stick - from around $20 (maybe even cheaper)
2. Truecrypt - free

No self-destruct, but hard enough enryption for all but the most sensitive secret data.

Most Slashdotters know you should not trust the built in security on these devices.

The solution for real security on these devices is to use TrueCrypt.

It's not hard to use, though the more technical among us may need to help out the less technically inclined to get things rolling. Once it's setup, though, it's secure and easy to use.

A truecrypt volume allows you to have two layers, each one accessible via different passwords.

So, you give The Man the password to your tax return spreadsheet, letters to friends, etc.

Why not use a program like http://www.truecrypt.org/ to hide your data if your going to download illegally.

Because once you're subpoenaed and served a search warrant you'll have to cough up the keys or you'll be in contempt of court.

Forgot or lost the key? Go to jail. Stay there until you remember it.

Why not use a program like http://www.truecrypt.org/ to hide your data if your going to download illegally. Secondly what ever happened to privacy? Surly thats more important than a few stupid songs is worth.

---Since a good encryption algorithm's cyphertext looks random, you can't tell if it's still the random data from the format or a hidden volume. You need the hidden volume's key so you can decrypt it and only then will you know that it even exists. When you mount a volume and it asks for a password, it first tries it with the outer volume, and if that fails it looks for a hidden one. So the mounting procedure is identical, only the passwords differ.

By definition of a hidden setup, one should NEVER know if any password works. The fact this program does let you know if it works or not works indicates that there is known data inside the container. Known data can be successfully cracked much easier than unknown data.

Truecrypt theoretically reserves a block of final bytes at the end of the file or device to determine if the supplied hidden password was correct. This is no different from the header blocks in the beginning. If it finds a header, then it will "know" the password was correct:

http://www.truecrypt.org/hiddenvolume.php

So long as an attacker supplies a wrong password, Truecrypt will be none the wiser that there is a hidden volume. An attacker's only resort to know if the reserved block is, in fact, a header versus random unused data is to use brute force, which is what we want.

As for the known versus unknown data, any partition-based encryption system will have known data: a partition table. So long as the underlying algoritms have sufficiently large keyspaces and are correctly implemented, then we have minimized the risk. But there is another element: we only "know" the beginning header exists if we can presuppose it's a truecrypt container. We don't *know* that the ending block is a header or not.

Does this make sense, or am I missing something?

oh no! the hordes of expert crackers tailing me will be able to find my FTP password.

If the data you encrypting with gpg is so trivial to you, why are you encrypting it in the first place?

"Furthermore, TrueCrypt cannot prevent the contents of sensitive files that are opened in RAM from being saved unencrypted to a paging file (note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM). "

TCTEMP automates the process of using TrueCrypt to on-the-fly encrypt the Windows paging (swap) file...

oh no! the hordes of expert crackers tailing me will be able to find my FTP password.

also:
"Furthermore, TrueCrypt cannot prevent the contents of sensitive files that are opened in RAM from being saved unencrypted to a paging file (note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM). "
http://www.truecrypt.org/docs/paging-file.php

it appears that there has never been a third-party review of truecrypt's source:

truecrypt code analysis
http://forums.truecrypt.org/viewtopic.php?p=23552

The TrueCrypt 3-rd party tools might help with this.

http://www.truecrypt.org/third-party-projects/

TCGINA encrypts Windows user profiles...I have not looked into if this is C:\Documents and Settings\username\ as you mentioned.

At least not Open Source as defined by the OSI (or Free Software by the FSF). Check out the license:
http://www.truecrypt.org/license.php

Oh well. Ive already taken a mod hit (I dont care). Ill respond to your refutation.

---Incorrect, there is no container file inside the first container, and if you don't enter the password for the second container the same time as the first container you *CAN* overwrite the data in the second container, thus corrupting it.---

I am talking about this link in which displays a large container and 2 containers inside of it. The text accompanying it is also sort of misleading. What does worry me is this statement:

"NTFS file system stores various data throughout the entire volume (as opposed to FAT) leaving little room for the hidden volume."

This indicates that the hidden volume is just a free-space volume. This can be attacked by my method: get the 'sucker volume' and swap bits on the files stored to get an idea on how big the hidden is.

Except that isn't what happens. The *ONLY* time truecrypt has knowledge of the hidden volume is when you provide the correct hidden volume password. If you don't provide that password, it treats the outer volume as though there is no inner volume. Thus, if you make a change to the outer volume while there is no inner volume information entered/read into truecrypt, truecrypt will allow that hidden volume information to be overwritten. So someone who gets your outside volume password and tries to attack the inner volume by writing data to the free space in the outer volume will be allowed to corrupt the inner volume, thus destroying any data you had there.

---From the website (If only people would RTFM (no, I'm not new here)):---

I did read the fucking manual (and website). Free space storage can be 'found out' rather readily. Yes, they do use "advanced encryption techniques" and such, but as they warn, someone who has access to the unmounted volume over many writes can prove there are hidden volumes. This is no good thing in any way. Also there is provided a way to "maintain data security": context levels suggested by Shamir is the way to go, and not the Truecrypt way. Placing multiple sectors along with reed solomon codes would allow rebuilding of partially corrupted hidden files, even if somebody knew the password for a specific context.

In this context, RTFM is "read the fine material". I believe the warning you are pointing out is the following:

If an adversary has access to a (dismounted) TrueCrypt volume at several points over time, he may be able to determine which sectors of the volume are changing. If you change the contents of a hidden volume (e.g., create/copy new files to the hidden volume or modify/delete/rename/move files stored on the hidden volume, etc.), the contents of sectors (ciphertext) in the hidden volume area will change. After being given the password to the outer volume, the adversary might demand an explanation why these sectors changed. Your failure to provide a plausible explanation might cause the adversary to suspect that the volume contains a hidden volume.

The same is true of stegography, if you hide your data in the unused bits of a jpeg file and that jpeg file data changes over the course of time as you update your data you run into the same issue. That said, you can easilly add an extra level of deniability by just mounting the outer volume in protected mode after you update your hidden volume and write/delete some data. That way sectors all over the container change, and you have your plausible deniability.

Also, how does one prevent Windows from cacheing any of this in places it shouldnt? Does Windows even offer a way to encrypt a swap? Or has one hibernated with this program in memory?

Truecypt flags it's memory to not be swapped, and generally (not always) windows will obey that request. That said, there is a long list of security precautions on their website with the solution and/or workaround for each.

At least

Oh well. Ive already taken a mod hit (I dont care). Ill respond to your refutation.

---Incorrect, there is no container file inside the first container, and if you don't enter the password for the second container the same time as the first container you *CAN* overwrite the data in the second container, thus corrupting it.

I am talking about this link in which displays a large container and 2 containers inside of it. The text accompanying it is also sort of misleading. What does worry me is this statement:

"NTFS file system stores various data throughout the entire volume (as opposed to FAT) leaving little room for the hidden volume."

This indicates that the hidden volume is just a free-space volume. This can be attacked by my method: get the 'sucker volume' and swap bits on the files stored to get an idea on how big the hidden is.

---From the website (If only people would RTFM (no, I'm not new here)):

I did read the fucking manual (and website). Free space storage can be 'found out' rather readily. Yes, they do use "advanced encryption techniques" and such, but as they warn, someone who has access to the unmounted volume over many writes can prove there are hidden volumes. This is no good thing in any way. Also there is provided a way to "maintain data security": context levels suggested by Shamir is the way to go, and not the Truecrypt way. Placing multiple sectors along with reed solomon codes would allow rebuilding of partially corrupted hidden files, even if somebody knew the password for a specific context.

Also, how does one prevent Windows from cacheing any of this in places it shouldnt? Does Windows even offer a way to encrypt a swap? Or has one hibernated with this program in memory?

At least with Linux, if Im a user, I know my data is in there, and not leaked through the system (well... /tmp and /var at most). Of course, TCB on Linux wouldnt be a bad thing, nor would FreeBSD's security levels.

---The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume).

I know you didnt say this, but the fact this is a go/nogo is just wrong from a security standpoint.

If the volume is not hidden, it should be easy to verify good/bad password. However, for the application of the hidden volume phrase, it should NEVER acknolodge if you have a good phrase or bad phrase. In addition to that, there shouldnt even be a check for that. The "hidden" phrase should work for all phrases, but only guarantee hidden data security if it is the same phrase.

My ideas are much eviller in terms of data loss, but that is the price of hiding the data in plain sight. Like I said before, check up on StegFS. I use it, and it's very interesting.. It reminds me of a capability system, but filesystem level.

How about TCGINA? It's a supported third party add on for exactly what you're talking about.

"from the windows-only-alas dept."

Not really, you can download ubuntu binaries from their download section.

Fly with your external hdd to transport your piracy overseas.

and encrypt it using TrueCrypt, though you can deny that the disk contains data at all (plausible deniability) and 'they' can not prove otherwise.

... the Chinese, Russians, Americans, etc come looking for me because I use http://www.openpgp.org/, http://www.truecrypt.org/, and http://www.openvpn.net/.

-terrified Canadian

Well, having had my computer taken by the cops as "evidence", I've learned several important lessons:

1) The cops have _no_ sense of humor. Thanks to Fark, I had This, and This in my cache. Apparently, I'm now into terrorism and child trafficing.
 
2) EFS doesn't help. Microsoft's Encrypting File System doesn't encrypt anything that can't be broken in seconds with the password (and usually minutes/hours without).
 
So, especially for farkers, get TrueCrypt. It's free, and open-source. Then, get TCTEMP. It makes it so your temporary files encrypted with a random key. Restart, and they all go "poof". Then get TCGina. You get to encrypt your home directory (and history, documents, etc.) - it automatically mounts it when you login.
 
Use AES/SHA-1 as your encryption scheme, and pick a good password. If you're _really_ paranoid, grab Shred Agent (wipes files you delete automatically), and Distrust (a firefox addon that automatically deletes your history and cache for you). Nobody is _ever_ going to be recovering your data (even you, if you forget your password).

If you are looking for a quick, easy, fool-proof way to wipe your hard drive so _nobody_ will _ever_ recover _anything_ from it, make yourself a DBAN disk. Easy to use, and it gets the job done right.

Well, having had my computer taken by the cops as "evidence", I've learned several important lessons:

1) The cops have _no_ sense of humor. Thanks to Fark, I had This, and This in my cache. Apparently, I'm now into terrorism and child trafficing.
 
2) EFS doesn't help. Microsoft's Encrypting File System doesn't encrypt anything that can't be broken in seconds with the password (and usually minutes/hours without).
 
So, especially for farkers, get TrueCrypt. It's free, and open-source. Then, get TCTEMP. It makes it so your temporary files encrypted with a random key. Restart, and they all go "poof". Then get TCGina. You get to encrypt your home directory (and history, documents, etc.) - it automatically mounts it when you login.
 
Use AES/SHA-1 as your encryption scheme, and pick a good password. If you're _really_ paranoid, grab Shred Agent (wipes files you delete automatically), and Distrust (a firefox addon that automatically deletes your history and cache for you). Nobody is _ever_ going to be recovering your data (even you, if you forget your password).

If you are looking for a quick, easy, fool-proof way to wipe your hard drive so _nobody_ will _ever_ recover _anything_ from it, make yourself a DBAN disk. Easy to use, and it gets the job done right.

Well, having had my computer taken by the cops as "evidence", I've learned several important lessons:

1) The cops have _no_ sense of humor. Thanks to Fark, I had This, and This in my cache. Apparently, I'm now into terrorism and child trafficing.
 
2) EFS doesn't help. Microsoft's Encrypting File System doesn't encrypt anything that can't be broken in seconds with the password (and usually minutes/hours without).
 
So, especially for farkers, get TrueCrypt. It's free, and open-source. Then, get TCTEMP. It makes it so your temporary files encrypted with a random key. Restart, and they all go "poof". Then get TCGina. You get to encrypt your home directory (and history, documents, etc.) - it automatically mounts it when you login.
 
Use AES/SHA-1 as your encryption scheme, and pick a good password. If you're _really_ paranoid, grab Shred Agent (wipes files you delete automatically), and Distrust (a firefox addon that automatically deletes your history and cache for you). Nobody is _ever_ going to be recovering your data (even you, if you forget your password).

If you are looking for a quick, easy, fool-proof way to wipe your hard drive so _nobody_ will _ever_ recover _anything_ from it, make yourself a DBAN disk. Easy to use, and it gets the job done right.

Waterproof Bags: Make sure you have at least one waterproof bag to keep all your electronics inside within your backpack. This way, if your backpack gets soaked, since most of them are not entirely waterproof, your electronics will be safe.

GPS Trackstick: This is a nifty, tiny little device that tracks every single step you take, your altitude, speed, everything at whatever interval you choose. Decent battery life: even on the fastest recording interval setting (5 secs) you get a full days worth. It plugs right into your USB port and then the program converts the waypoints into Google Earth and overlays the paths you took on the satellite data. Works on two AAA batteries. Really fucking cool for checking out your hikes on satellite data. Needs to have line of sight (meaning as long as no metal or thickass shit's in between it and the sky it'll get signal -- so having it inside somewhere near the top of your pack is fine) You can purchase one here or alternatively there's another model here that I haven't tried but sounds more promising since they hint it doesn't have to have direct line of sight with the sky (aka can be mounted under a car).

Extra Camera Batteries: You'll need these if you have a digital camera. In some countries electricity access can be few and far between.

USB Thumb Drive: Great for storing data, documents, etc. I keep a backup scan of my passport and vital information on one in my pack secured using TrueCrypt.

Load it with portable versions of applications like Tor, Firefox, Gaim, Gimp, Open Office, and so forth. Lots of countries censor the internet and you might need a tool that allows you to get around the blocks.

Many of the computers at internet cafe's are riddled with viruses and spyware. This is why you use portable Firefox instead of the spyware riddled IE loaded by default on the machines. It may not protect you much more, but it's better than the alternative.

This bit is very important: Try and get a USB Thumbdrive that has some sort of write protection switch on it (if that exists) so that you can make sure no data can be erased from it. Make sure when you use USB card-readers or plug your digital camera into a computer to offload photos to a website or something that you SWITCH ON WRITE-PROTECT on the memory card first.

I've lost everything on my USB drive and and 2GB worth of irreplacable photos from my memory card due to virus's that erase everything on any inserted media instantly and load a self-replicating virus on in the data's place. I've since made practices like I described here a habit I never forget.

Getting burned like that hurts. Don't make the same mistake yourself.

I agree Travel Light. You will hate your laptop if you need to carry it everywhere.
If you're backpacking for a year you'll probably end up throwing out or sending home
stuff as you travel trust me light is right.

If you're addicted to your own electronics pick up a 1 GB USB key and put
portable apps suite on it.
http://portableapps.com/

Definitely add spybot search and destroy and clamAV so you can give the more dodgy looking computers a quick scan...

I'd also throw on putty.exe, winscp and skype.

checkout this site for other good tips:
http://www.runpcrun.com/usb-flash-key-2006

you can create your own menu with Pstart
http://www.pegtop.net/start/

If you have personal data set up the key with truecrypt (I still have to do this)
http://www.truecrypt.org/

more on encyption:
http://www.madirish.net/?article=156

Most internet cafes run windows so don't expect anything else... most have no clue about
security and I've used my USB key pretty much everywhere, just tell them you're saving a file, or cant speak the language... ;)

Put a long neck loop or lanyard on it, and when you plug it in put the neckloop next to the keyboard so that you're less likely to forget it.

Worst case if you lose it you can buy another one and spend 1hr downloading alls the apps from the web again.

Have fun.

truecrypt?

You could also use truecrypt. I like that one... The corporation I work for shelled out quite some money to get their laptops encrypted.... *sigh*

If you're that concerned, you could keep your files in an encrypted volume using TrueCrypt and then back up the volume. Unfortunately, TrueCrypt volumes don't lend themselves to incremental backups very well, but if you keep the volume size roughly at what the files require and you don't write often, it won't be that bad. You could split them up into multiple volumes if you'd like, too.

This applies not just to pictures but to sensitive e-mail backups, database dumps, etc.

Information on the laptop will be replicated to some centralized storage place so that the student can recover it in the event that the laptop is lost, stolen or destroyed.

Generally, a nice idea - automated backups. However, the overall design (no passwords, etc.) seems to imply that this information will all be stored in the clear. That means the centralized repository can be regularly scanned by any party with access.

Maybe if they added functionality to allow for encrypted directories (or "drives", ala TrueCrypt), and ensured that any virtual-memory/swap-partition was always scrambled with a boot-specific randomized key...

An absolute must on every USB key is Truecrypt

Yes, TrueCrypt would stand up to a disassembly of the drive. You're missing the point. What the TrueCrypt people mean by "plausible deniability" is this. You can create a hidden volume within another TrueCrypt volume. It's pretty obvious the first volume is encrypted (unless you can convince someone that you have several hundred MB of random data lying around in a file "just because"). However, free space on an encrypted volume looks statistically random. TrueCrypt can create a second volume in this free space, which is called the "hidden volume". If you don't know the second password, not only can you not access the hidden volume, it is impossible to prove it exists. Encrypted data and encrypted free space both look perfectly random unless you know the second key.

Now, as for "plausible deniability", consider this scenario: You have an encrypted volume on a USB key with a hidden volume within it. If you give TrueCrypt password1, it shows you the encrypted volume. If you give it password2 instead, it shows you the hidden volume. If someone takes your USB key and threatens to torture (arrest, whatever) you unless you give them the password, you give them password1. There is no way for them to tell whether or not another volume exists. You can deny that a hidden volume exists and there is no way for anyone to prove you wrong.

If you still don't get it, check the explanation at the TrueCrypt website here and here.

Yes, TrueCrypt would stand up to a disassembly of the drive. You're missing the point. What the TrueCrypt people mean by "plausible deniability" is this. You can create a hidden volume within another TrueCrypt volume. It's pretty obvious the first volume is encrypted (unless you can convince someone that you have several hundred MB of random data lying around in a file "just because"). However, free space on an encrypted volume looks statistically random. TrueCrypt can create a second volume in this free space, which is called the "hidden volume". If you don't know the second password, not only can you not access the hidden volume, it is impossible to prove it exists. Encrypted data and encrypted free space both look perfectly random unless you know the second key.

Now, as for "plausible deniability", consider this scenario: You have an encrypted volume on a USB key with a hidden volume within it. If you give TrueCrypt password1, it shows you the encrypted volume. If you give it password2 instead, it shows you the hidden volume. If someone takes your USB key and threatens to torture (arrest, whatever) you unless you give them the password, you give them password1. There is no way for them to tell whether or not another volume exists. You can deny that a hidden volume exists and there is no way for anyone to prove you wrong.

If you still don't get it, check the explanation at the TrueCrypt website here and here.

One major advantage of TrueCrypt: works on both Linux and Windows. Can't remember if there's a Mac version. Nope, there isn't. Here's the TrueCrypt web site.

Having researched TrueCrypt and compared the alternatives, I have started using it routinely. It's not so much that I have something to hide, or that what I want kept private requires as strong an encryption as TrueCrypt. It's more than I simply want a convenient way to encrypt something, forget about it, and not have to worry about it later.

My personal financial data resides in a TrueCrypt volume. To lock up all of those files, I just umount the volume, and that's it.

I also wanted to make an offsite backup of our more valuable personal data in case of disaster, such as a fire that burns down our home, destroying the backups stored at home. For example, we have some digital photos with some irreplaceable priceless memories. So I decided to burn them onto DVD and have my relatives, who live out of town, hang onto copies. But relatives can be nosy, and interspersed in the photos could be things I don't want other people to see, from badly taken photos that "make me look fat" to photos of bank statements and legal documents for which we wanted to store a non-paper copy.

So, I created TrueCrypt volumes of the appropriate size to burn to DVD, and then stashed our photos inside. We've got about 4 years' worth of photos (JPEGs) on two (different) DVDs with our relatives in two locations.

I don't want to encrypt something with cheap encryption, and then worry 4 years down the road when someone discovers a flaw in the scheme. You might ask, "What? Are your non-geek relatives going to go about cracking your encryption?" You never know. What if I become someone --let's not say famous, but prominent? Say some sort of social activist fighting for software freedom? Who knows what could happen to my offsite backup DVDs in 4 years --suppose some hired maid accidentally dumps them in the trash, and are noticed by the neighbourhood trash-diving geek? What if some big company or other enemy happens to get their hands on copies and try to use some embarrassing photos to pressure me? I want to be able to rip off my tinfoil hat and laugh, "Don't be ridiculous! That would never happen!"

TrueCrypt gives me that peace of mind. Among its other features is multiple scheme encryption. Are you worried that AES might get cracked next year? Encrypt with AES, and then encrypt the result with Blowfish.[1] Or Twofish first, then CAST5. TrueCrypt offers multiple options, and it does not store the result anywhere. How does it know that you used AES-then-Blowfish encryption? Because it tries all of the schemes one by one. It tries AES alone with the password you gave. Doesn't work. Tries Blowfish alone. Tries about half a dozen other single-encryption schemes. Then it tries the multiple combinations: Blowfish-Serpent, then AES-Blowfish, etc., going down the list until something works. If nothing works, then it concludes that you entered the wrong password.

It's not a perfect solution, and one drawback with TrueCrypt is that I can't use it on my work computer where I don't have administrator rights. But otherwise it has all the advantages I'm looking for: secure, cross-platform, on-the-fly, open source freedom ... and most of all, it's usable: it exists and is easy to use. Because, much as crypto-security fascinates me, I don't want to tinker all the time.

Just like a screwdriver: when I want to use it, I don't want to have to Google for user manuals. I just want to do what I need with it, and not have to think about it.

---
[1]: Incidentally, the advantage of AES-with-Blowfish is *not* that you can't crack Blowfish even after the AES on your TrueCrypt file is cracked. Once your AES crypto is cracked, the password is known and the same password will be used for the Blowfish decryption. (Remember, TrueCrypt is open source --once the

The first encrypted volume is obvious. If someone can find the drive, it's quite clear that the data is encrypted. The plausible deniability allows you to give up the password for the first encrypted volume. There can also be a second volume that is indistinguishable from the random bits that fill the empty space. If you know it's there and know the password for that volume, you can open it and mount it. If you don't know it's there, you could keep writing data to the first volume and eventually write over the second.

Be careful when using truecrypt on a USB flash drive.

http://www.truecrypt.org/docs/wear-leveling.php

The above link is the official explanation, but the jist of it is on a USB drive with wear leveling the drive will evenly spread data over the entire drive to extend the life of the drive. This means that truecrypt can not ensure that the old header is overwritten if you do something like change the password on the drive.

My understanding is that if you encrypt the entire USB drive and never change the password you should be OK.

Seconded. There's a sort of chain mail floating around on piracy sites regarding truecrypt, the covers some of what has already been mentioned here. I wonder if someones up to a viral marketing campaign or something.

FWIW here it is:

Peace for the paranoid.

If you have files on your computer that are very personal, embarrassing or plain illegal, you probably want to use encryption. There are a number of solutions out there, both free and commercial. My recommendation goes to truecrypt ( http://www.truecrypt.org/ ) which is free, open-source and very easy to use.

Truecrypt can create a file on your computer that has to be "mounted" to a drive letter (like F:) before it can be read. It then shows up under 'my computer' much like a CD player or something, ready for use.

The file itself can be named anything and placed anywhere on your hard drive, or a CD, USB key etc. And if you analyze it without having the pass-phrase it will look like a random sting of numbers.

The default algorithm for truecrypt is AES, which the US department of defense deems strong enough even for 'top secret' documents.

How to use truecrypt is well enough described on the website. Go to http://www.truecrypt.org/docs/ and click 'Beginner's Tutorial'.

I'd like to add some notes though:

Pick a strong password. You have up to 64 characters so use a whole sentence. A quote from a movie or a line of a song works well. If you want something shorter go for something purely random.

You can strengthen it further by using keyfiles. Any file that never changes can work as a key file. Now you adversary not only have to crack your password, but also has to know which files on your HD to give as key files.

It's overkill for most situations, but if you keep some home made MP3-files on a USB drive and use these for keys you have the dual protection of something you must have (USB key) plus something you must know (pass phrase).

If you live in a country where use of encryption is in itself illegal, or considered suspect do the following:

* Use the hidden volume feature of truecrypt. This creates two volumes baked into one, with different passwords. If you are forced to reveal the password you can give out the one to the wrong volume.

(Where you have conveniently stored some embarrassing but perfectly legal Pr0n. What if you were to die suddenly and your mom got your computer! Plausible deniability).

Another similar option, is to simply create another encrypted volume with some non-critical stuff in it. This gives you an easy out if someone asks why you are using an encryption program.

* Hide the volume file itself. Give it a name and location that is similar to a TMP or system file like 'WINDOWS/Temp/~GH7876.tmp'. Given that the file itself doesn't advertise what it is finding it becomes very very hard. Many applications dump random stuff in tmp dirs. Another nice place is hidden folders beginning with $ in the WINDOWS dir. These are uninstallers for windows update, but they are almost never used. Be creative.

I think this is better than keeping it on a separate medium like as CD (why did you burn a block of random numbers to CD, huh?). especially if you need to work on the files.

* You can use TrueCrypt in 'traveler mode' which means you don't have to install the program itself. You can keep it on a CD or something. I find this awkward though.

Most of the above is overkill to me though. How far to take it is a trade-off between convenience and paranoia. But it's not illegal to use encryption in most of the world so there is no particular reason to obfuscate it. Better to be prepare with a good answer if someone asks. Either way, unless you have NSA on your ass, your adversaries will never get into your files without your pass-phrase.

Help out by copying this text and spreading it around. Help people protect their privacy.

Seconded. There's a sort of chain mail floating around on piracy sites regarding truecrypt, the covers some of what has already been mentioned here. I wonder if someones up to a viral marketing campaign or something.

FWIW here it is:

Peace for the paranoid.

If you have files on your computer that are very personal, embarrassing or plain illegal, you probably want to use encryption. There are a number of solutions out there, both free and commercial. My recommendation goes to truecrypt ( http://www.truecrypt.org/ ) which is free, open-source and very easy to use.

Truecrypt can create a file on your computer that has to be "mounted" to a drive letter (like F:) before it can be read. It then shows up under 'my computer' much like a CD player or something, ready for use.

The file itself can be named anything and placed anywhere on your hard drive, or a CD, USB key etc. And if you analyze it without having the pass-phrase it will look like a random sting of numbers.

The default algorithm for truecrypt is AES, which the US department of defense deems strong enough even for 'top secret' documents.

How to use truecrypt is well enough described on the website. Go to http://www.truecrypt.org/docs/ and click 'Beginner's Tutorial'.

I'd like to add some notes though:

Pick a strong password. You have up to 64 characters so use a whole sentence. A quote from a movie or a line of a song works well. If you want something shorter go for something purely random.

You can strengthen it further by using keyfiles. Any file that never changes can work as a key file. Now you adversary not only have to crack your password, but also has to know which files on your HD to give as key files.

It's overkill for most situations, but if you keep some home made MP3-files on a USB drive and use these for keys you have the dual protection of something you must have (USB key) plus something you must know (pass phrase).

If you live in a country where use of encryption is in itself illegal, or considered suspect do the following:

* Use the hidden volume feature of truecrypt. This creates two volumes baked into one, with different passwords. If you are forced to reveal the password you can give out the one to the wrong volume.

(Where you have conveniently stored some embarrassing but perfectly legal Pr0n. What if you were to die suddenly and your mom got your computer! Plausible deniability).

Another similar option, is to simply create another encrypted volume with some non-critical stuff in it. This gives you an easy out if someone asks why you are using an encryption program.

* Hide the volume file itself. Give it a name and location that is similar to a TMP or system file like 'WINDOWS/Temp/~GH7876.tmp'. Given that the file itself doesn't advertise what it is finding it becomes very very hard. Many applications dump random stuff in tmp dirs. Another nice place is hidden folders beginning with $ in the WINDOWS dir. These are uninstallers for windows update, but they are almost never used. Be creative.

I think this is better than keeping it on a separate medium like as CD (why did you burn a block of random numbers to CD, huh?). especially if you need to work on the files.

* You can use TrueCrypt in 'traveler mode' which means you don't have to install the program itself. You can keep it on a CD or something. I find this awkward though.

Most of the above is overkill to me though. How far to take it is a trade-off between convenience and paranoia. But it's not illegal to use encryption in most of the world so there is no particular reason to obfuscate it. Better to be prepare with a good answer if someone asks. Either way, unless you have NSA on your ass, your adversaries will never get into your files without your pass-phrase.

Help out by copying this text and spreading it around. Help people protect their privacy.

I use TrueCrypt

TrueCrypt is pretty cool. In addition to making an encrypted partition/drive, you can create a file that gets mounted as a drive once you've accessed it. This is what I usually do and it's handy for using it on a USB key or if you need to send some files via email/FTP. You can also have it use one or more files for the decryption key for the volume instead of the standard text passphrase.

The GUI is quite good, lots of choices on encryption algorithms, and there's nothing cooler than using sol.exe as your decryption key :)

is not going to be protected by MS... http://www.truecrypt.org/

Always ask yourself why they need it, and do you trust them to secure your information.

In Canada right now their are two separate credit card breaches under investigation. This isn't even a phishing thing, this is just plain old sloppy security.

I suspect that there are many other breaches that haven't been detected and or reported. So I strongly recommend that you refuse to give out personal information to these locations. Don't sign up for rewards cards, don't let them collect your address, and phone, and SSN, when you buy a t-shirt. They don't need it! And I don't trust them.

In that light, here are some handy tools for the justifiably paranoid:

1. TrueCrypt - Excellent free encryption app for most platforms (even Windows)
2. 10 Minute Mail - Free disposable email addresses
3. Private Phone - Free disposable phone numbers
4. MBNA Virtual Cards* - Virtual credit cards for online purchases that won't ruin your credit if stolen

TrueCrypt allows for hidden volumes (i.e. encrypted areas within encrypted areas) and it's a windows program. They claim it's not possible to detect the hidden volumes, but I have to take their word for it.

It's not a thing in western society. You probably will not be surprised that I live in Europe. Sex isn't as demonized as it is is in the United States. We have commercials that are considered "raunchy" by Americans. Softporn is easy to get on TV and I remember my dad allowed us to watch movies with erotic-but-really-not-much-to-see stuff. He also had his own porn collection which was not well hidden. He damn well knew that we knew where it was.

These days porn probably is mostly digital, and I could protect my own children by encrypting all stuff. Most probably, I will not and leave some harmless nudie pics around for them to find. The "harder stuff" (like blowjobs, actual penetration, nothing *really* nasty because I don't have that, etc...) will be encrypted until I find out the search for them on the Internet.

I don't know about a portable vi (perhaps a small cygwin install on your flashdrive ?) but I can really recommend truecrypt as encryption for your pen drive. It's both for windows and linux. It really helped me from a paranoia attack the other day, when I lost my keychain with my USB drive attached to it. (found it a day later, hapilly)

Hmm, if I understand you correctly, then it makes sense for Windows not to have the loopback filesystem. It sounds really handy, but I can see the horrible pirating applications of such a thing (heh, just look at daemon tools or Alcohol). Most major companies don't even want you backing up your CD's onto other CD's, let alone let you back them up onto your hard drive. And a tool like this, although it has little to do with actually making the copies, would still aid in that process. Still, would be nice to have for the honest and the honest-on-the-outside type people, if you know what I mean. Oh yeah, truecrypt operates kind of like what you explained, but it also encrypts data as well.

As for the first part of your post, I can see the benefits of such a system, but I also see the drawbacks. A 'closed' system would promote some kind of standardization amongst different providers of filesystems (if there are such providers) and would prevent a large menagerie of different and incompatible types. This is one element of Linux that seems a bit confusing to most, as there seems to be many many different types of Linux, all because the developers decided to do something just a tiny bit different than other developers. Projects branch off from each other and end up completely different at the end of the day. But of course this has little to do with filesystems. Of course Windows has these same problems on the application level, but at least the OS itself never 'completely' branches off (I'm excluding things like win03 server and the pro/home style it's in right now). But back to my other point, a closed system also promotes stagnation and lacklustre performance goals to support legacy operations. Like the x86 platform, just thinking about it pisses me off, stupid Transmetta couldn't do better in the marketplace so we will never see a much needed update to an ageing and inefficient platform... Anyways, I'm done ranting for a little while...

http://www.truecrypt.org/

On-the fly encryption with mountable volumes. I saw someone else post it a few months back, I picked it up, and it's wonderful.

>Vista Enterprise or Vista Ultimate- the OS of child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.

Sorry, but that's a load of scaremongering bull. Encryption is not a new thing. Anyone who wants to has been able to encrypt files has been able to do so quickly, easily, with minimum effort, and for free for quite a long time now, using something like Truecypt. Having full drive encryption on enterprise versions of Windows is not going to change a thing; the people who are going to pay for more a more expensive version of Windows in order to use full drive encryption are not going to be those who would not have otherwise used encryption.

>Windows Vista will be an enormous disruption in how people use their computers. They will have to learn the new environment and the new software that goes with it, and it will be some time before they get used to it and become comfortable with it. Well. If you're already planning on disrupting your computing experience that much in the vague hope that, "Maybe this time will be better," then you are obliged to try out Linux.

Sorry, but please, please shut up and go away. There are certainly a large number of truly excellent arguments in favour of using Linux instead of Windows. But condescendingly informing people that they are somehow 'obliged' to try Linux instead of Windows, whilst ignoring or dismissing the real and existing - but emphatically not unsurmountable - barriers that exist to switching, is unhelpful, patronising, and arrogant.

Someone I know stores his pr0n in a big TrueCrypt volume on his work laptop.

Does GPG do stenography?

http://www.truecrypt.org/docs/?s=hidden-volume

Sounds like you're referring to Steganography, of which the program Truecrypt is one example:

http://en.wikipedia.org/wiki/TrueCrypt
http://en.wikipedia.org/wiki/Steganography

http://www.truecrypt.org/

Actually the court orders that the RIAA is being granted are for the data on the hard drives and for the physical hard drives as well.
As such if you do not supply them with the password for the hard drive encryption you will be in contempt of court, which is FAR worst than losing to the RIAA, oh AND the RIAA will be granted summary judgement in their favor.

So really this doesn't mean anything unless there is Plausable Deniability that there is any data on the drive at all, or something such as a Hidden Volume (True Crypt Hidden Volume)