Slashdot Mirror
TrueCrypt 6.0 Released
ruphus13 writes "While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend. The new version touts two major upgrades. 'First, TrueCrypt now performs parallel encryption and decryption operations on multi-core systems, giving you a phenomenal speedup if you have more than one processor available. Second, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.' The software has been released under the 'TrueCrypt License,' which is not OSI approved."
svefg cbfg
Well, I hope that it now supports more filesystems, because mucking about with FAT on MacOS X didn't appeal to me last time.
Every experiment which ends in a big bang is a good experiment.
The issue is described in full here:
Full release notes can be found here.
All this crypto stuff only works well if it's part of the default install and config.
Otherwise users get exposed to "rubberhose cryptography".
Basically if all users even Joe Sixpack get an encrypted partition by default, then people using crypto will be safe - they have plausible deniability.
...against this? Or will it just get you in more trouble? What's the community's take on it?
Quis custodiet ipsos custodes?
Project homepage is here: http://www.truecrypt.org/
Release notes here http://www.truecrypt.org/docs/?s=version-history
(Btw, these links should be in the article, instead of an external (sponsored?) one).
even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable
In what case would this be useful? If you have an adversary that can force you to give a password, I'm sure they can force you to boot up the correct operating system as well. And if they are in a position to force you to give up the password, it might not be wise to try to play a switcharoo on them.
In the cases where this would actually be useful (with your boss or the government inspections), they will probably have the ability to detect that you are not being entirely truthful. You can hide an operating system in your encryption, but you can't hide gigabytes of hard disk space that is mysteriously missing on probes.
Great, I can now maintain my geek-cred by hiding the fact that I sometimes have to boot into Windows to run things like a GPS map updater. No more microsoft on the boot menu.
It's sad. I often travel between the US and China on business ( I live on the China side ). I've always been careful with sensitive data, but now I'm absolutely fascist. Why? I have no fear of the Chinese government. Besides, I work for a Chinese company. I fear my own country illegally accessing files to which they have absolutely no rights whatsoever.
Honestly. If someone works for the US government, pulls some CEO's laptop at the boarder for "inspection" and gets free access to all the company financials, would they do the right thing? How many semi-intelligent people wouldn't be tempted to start buying stock options or call their best friend with a really good "tip"? Even if they SEC investigated, they would never find the link.
Over the last several years, I've always been treated very respectfully inside China and going to and from. It is in the US, my own country, where I'm treated as if I'm already guilty.
Back to the topic at hand. TrueCrypt is a wonderful product. Everyone should be using it.
Truecrypt or rubberhose?
Second, it now has the ability to hide an entire operating system, so even if you're forced to reveal your pre-boot password to an adversary, you can give them one that boots into a plausible decoy operating system, with your hidden operating system remaining completely undetectable.
I hate when my adversaries force me to reveal my pre-boot password. I'm glad there are geeks out there putting together solutions for all us Secret Agents.
If they could release a version I could use on my watch, it would be perfect
The summary says it's not OSI approved, for everyone who's not a lawyer and can't be bothered to read all their license page how does it compare to the likes of GPL and others? Is this why it's not on Ubuntu repos?
True crypt is fabulous. But is it good enough to hide a body?
Hans
- depending upon the file system.
For instance, if you used ext3 then mkfs.ext3 is going to put backup super blocks all over your disk. If you then setup a hidden volume later on, some of those backup super blocks are going to get over written. An attacker - to whom you've been forced to reveal your outer volume password - could easily discover that the backup super blocks aren't the same as the real super block and deduce that you're using a hidden volume that you didn't tell them about. You could, when formating, tell mkfs.ext3 not to use any backup super blocks - but that also might look a bit suspicious. Just food for thought.
John installs Truecrypt on Windows XP
Jane installs Truecrypt on Linux
Bad guy obtains both John and Jane's hard drives.
What's the first thing the Bad guy's going to notice if he snoops?
Could it be that he'll find the installation of Truecrypt listed on WinXP or Linux? Or the setup or package installation files somewhere on the drive, whether or not they were deleted or not? And how about the Linux package manager, won't they just see it listed as installed and figure, "Hmm... Truecrypt!"
The rise in popularity of Truecrypt will now motivate, if it hasn't already, ways to determine whether or not Truecrypt has been installed or was ever present on the drive as a possible indication of being installed. Even a bookmark for Truecrypt in the browser's bookmarks file, if not encrypted, could flag a potential bad guy to the possibility of Truecrypt being installed.
So what, you say?
My point is, how about a LiveCD of some sort aimed at installing Truecrypt without leaving any pre-installation or current installation traces? Is this possible? Otherwise, there will always be some traces pointing to Truecrypt for most Truecrypt users.
But... on one machine, the encryption process hangs frequently, and one time I had to restore from a backup. Other than that, it is pretty much flawless. I can get through a few % each time I reboot before it hangs, so eventually I'll have the whole disk encrypted, but it's going to be a pain..
Anyone know if I can update the version in the middle of a disk encryption? Maybe that'll fix it...
A not very powerfull small factor PC (some subnotebook barely good enough to run Linux - no need for the latest über-UMPC able to withstand Vista), with which to decrypt the content on arrival seems to be the only current solution.
At least, as an over-powerful laptop isn't needed, at least this isn't very expensive.
Also, has TrueCrypt been ported to PDAs ?
A PDA running TrueCrypt and dual SD+USB hybrids cards (Sandisk and OCZ produce such beasts) seems another even cheaper solution.
If the data can't be decrypted on the target machine when plugged with the card's USB connector, then plug it into the SD port of the PDA and decrypt data from there.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Heh.
While I guess I can feel some fellowship with other geeks, the Reiser story put a big hunking dent into those ideals. And not because of Reiser's actions, but because of the mindless dolts that defended him in light of all the evidence.
But to the point: I think I'll be installing TrueCrypt on my Eee PC. If I want to just surf the net or play some games with it, or watch a movie, I can alwas boot from an unencrypted USB drive which will run a bit faster. The little laptop has been traveling with me everywhere lately, and I'd hate to have it stolen, but if it is, it's at least a consolation that my files will be safe from indiscrete views.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
See my comment here:
http://it.slashdot.org/comments.pl?sid=606473&threshold=-1&commentsort=0&mode=thread&no_d2=1&pid=24097371#24097539
If you've got a 30gb volume with a "hidden" volume inside of it, but 10mb of files in it, can't you tell it's got something there by just dumping 30710mb in it(and it'll fail if it does?)? http://www.truecrypt.org/docs/hidden-volume.php makes that seem unlikely, it looks like you'd just totally fuck up your hidden partition if you wrote to the volume... which makes you wonder how long it'll be until a tool is developed for law enforcement specifically designed to fuck up these volumes.
www.isoHunt.com
While most of the US was celebrating Independence Day, the true fellow geeks over at TrueCrypt released version 6.0 of TrueCrypt over the long weekend.
That might not be just a coincidence.
.sig: No such file or directory
Does anyone know if the backdoor has been made a little more user friendly? The current one takes like 3 minutes to decrypt without the password.
Winkey shortcut mapping for 64bit windows. WinKeyPlus
I have started using TrueCrypt a few months back after my laptop got stolen. I keep two encrypted files on my laptop, one contains my personal stuff like passport scan, bank information etc. and the other the work related important documents such as internal&confidential documents, client information etc. I have buried those files in the system folder and given them name that could pass for system temp files.
I keep a copy of both on a USB key drive and on an external hard drive which never leave my home. As well as a non-encrypted copy because I'm still wondering what happens to that encrypted file if I happen to have a fucked up cluster on the drive at some point.
The rational for using encryption is not that I am afraid of the local authorities, there is nothing on my computer that would cause me any long lasting trouble, despite the fact that I live and work in a limited freedom area (Middle East), but simply to avoid opportunity theft.
For example I can't recall how many time one of my clients or partner handed me a usb key drive containing all his companies financial statement, bank account number, internal price list with profit margin, internal memo, personal info and the wifey's naked picture so that I could copy them a few documents and then forgot about the keydrive because we kept chatting.
Sometime I too need to get some files from them and I don't want to look like I'm watching them while they dig around my keydrive. I now know that everything a casual observer should not see is encrypted so I don't mind throwing my key drive over the table to someone I don't know.
I don't understand the paranoid people here who believes in plausible deniability, decoy drive and other such thing. I also wonder if the same people only use their computers in safe room with controlled EM environment and bullet proof shade.
I didn't know either that so many people carried state secrets around international airports. To those I will say that if the NSA/FSB/Interpol/MI4/Mossad/Mafia or even the local police wants the content of your drive they will get it. period. It doesn't matter what you do. Unless of course you also work for one of the aforementioned in which case you might have been trained to accept that your life is worth less than the content of said drive.
I have never been subjected to physical or psychological torture (aside from clients and some ex-gf of course) but I am not Jack Bauer and I would "come clean" very quickly. I would give the real password, not the decoy, because I believe consequences would certainly worsen my situation if my interrogators were not convinced.
I am also pretty sure that the simple sentence: "The accused has so far always refused to give his encrypted drive password." would certainly help convincing a jury beyond "reasonable doubt" (In countries where such thing even exists).
Some people here should start to seriously look at themselves and wonder if what they are trying to hide is really worth it or if it's just about mommy not finding their downloadable girlfriend picture collection.
I'm not very geeky, but I can use this program. The instructions, which are 117 pages, are pretty straightforward. With hackers (they type I don't respect) becoming more sophisticated by the day, it's nice to know it will take them many years to break my financial information. If they have that type of time, they're probably behind bars.
Why?
For two reasons:
1) The proper procedure is to make a verified copy, and then work on the copy. Many reasons not the least of which being that if you screw up accidentally you can make another copy. You don't go mucking around on the original drive.
2) Law enforcement isn't welcome to just destroy property because they feel like it. They can't burn down your house and say "Well we thought there might be drugs in it, even though we never found any." Likewise they can't just screw up your data for shits and grins. That'd be a great way to get sued. You claim that the truecrypt volume in fact contained important research documents that were worth millions, not illegal data. They can't prove otherwise since they purposefully deleted it.
Also this same sort of thing applies hidden volume or not, encryption or not. If you have a normal truecrypt file, they can simply overwrite it with random data, even if they lack the password. They can do this to any file, encrypted or unencrypted. The only risk a hidden volume has is if someone has the password to the normal volume, doesn't know there's a hidden volume, and accidentally writes data in there so it gets overwritten.
They'd have no reason at all to do that. It wouldn't be helpful in an investigation, would probably get them in trouble, and would be way more effort than just smashing the harddrive with a hammer if they wanted to prevent you from getting your data back.
So. Have they reintegrated support for terminalwork? As I remember, I still have to use 4.3a to make it work properly in a non-GUI -serverenvironment.
The strange thing is though that you can actually run it in a terminal environment but you can't really create any volumes...
No more secrets Marty.
got cock?
http://www.truecrypt.org/news.php
If you have to worry about it being torture-proof, you're almost certainly dead anyway.
All it needs to be, for most people, is audit-proof.
And for that you need a business case for having it. Porn is probably not a good choice.
What do you think pissed Hans off?
Explain why that free space is never used. It "looks empty", yet if I try to fill up the drive, lo and behold, that "empty" space just won't get used. HHMMMMM, I wonder if something is afoot.
It does seem like it's often taken further than is realistic. If you want true plausible deniability then you'd want a custom app, not an app that is known to have hidden areas.
I see it as more useful for personal secrets - e.g. someone keeps their financial documents "secret" in the outer layer, but then hides blackmailable material (affairs, pornographic preferences etc) and other things they don't want people to see when they reveal the outer layer. Different people will, of course, have different combinations of what they want to put in each layer.
Personally, I just use TrueCrypt because work says I've got to do it to take source code off-site securely.
Normally, unused blocks on a drive have whatever data pattern the formatting software puts there (typically something like "FFFFFFFFFFFFFFFF..." or "55AAAA5555AAAA55..."), or remnants of other files, or parts of free block lists and empty extents and the like. If you have a big chunk of random noise in the middle that's an indication that you've got an encrypted volume in there somewhere.
Because not revealing the password is another crime altogether.
First Use of RIPA to Demand Encryption Keys
http://it.slashdot.org/article.pl?sid=07/11/14/2335202
It was a joke. Just a silly little joke. My bad.
Winkey shortcut mapping for 64bit windows. WinKeyPlus
I think one of the most unmentioned benefits to TrueCrypt is the ease of creating secured backups. Password protected zips just dont cut it anymore and with backup tapes of companies always getting stolen these days, it just makes sense to backup true crypt containers =). just like backing up a file, I love it. Perhaps the biggest issue with this is the unused portion of the partition, but the convinience for security vs. unused partition data is a good tradeoff in my opinion.
Trying to install linux on my microwave, but keep getting a kernel panic...
No one seems to be commenting about the new features of this release but simply on TrueCrypt in general. Am I the only one excited about the multi-core/processor support? Finally a piece of systems level software that scales with the number of cores! Makes getting a multi-core processor all the more worthwhile.
Using the patches in the TrueCrypt 5 port, TrueCrypt 6 builds and appears to run fine on FreeBSD \o/
The context here is for data stored on portable devices, correct (I didn't RTFA)? Presumably there's a copy of the sensitive data in physically more secure place?
So why not have a password which when given makes Truecrypt to write 0s over the hidden encrypted partition? They never knew it was there, and no amount of torturing will produce the information after this point.
Tantamount to biting your own tongue off in a torture session. The sudden HD light activity and the sound of the hard drive grinding away might earn you a few extra bruises though.
Dear paranoid freaks,
if you are so concerned about getting captured and tortured for normal/hidden/hidden(hidden)/hidden(hidden(hidden)))/ad naseum passphrases, then quit having digital copies of your stuff in the first place.
99% of the TrueCrypt userbase is just fine using it on jump drives to keep stuff secure from the guy who finds it when you lose it on the train/plane/whatever.
Quit making up impossible "movie scenarios" (there, I used a Schneierism, you HAVE to respect me now!) about how gov't agents are going to come in black helicopters for your fetish vids and the 200 page backstory you wrote for a character you rolled in middle school. No one cares.
Yours truly,
-Reality.
In Soviet Russia jokes are formulaic and decidedly non-humorous.
One thing I notice about truecrypt is, it seems that the code is hard to find yet it claims to be open source. It's not GNU. And there seems to be no public list of the developers.
It's good software though. In my opinion it's the sorta software which should be built the linux kernel so that it plugs into the filesystem by default.
damned short title field ...
Exactly how is TrueCrypt's license not OSI compliant?
What provisions make it not OSI compliant?
Suppose you use Windows, or just an unsecure Linux? How does Truecrypt protect your laptop if you go online?
Truecrypt is awesome if you install it on a computer which never goes online and therefore stays immune to remote attacks. I suggest that you keep all your financial information and critical data on a computer which never goes online, and if you must, transfer it to a computer which goes online in the most secure way possible, such as through https or ssh.
The rootkits can simply sniff your passwords as you type them.
And when you use closed source software there is usually a keylogger/rootkit built in. There may even be rootkits in your video drivers!
So we have more cores on CPUs, but we're spreading programs more evenly across those cores... aren't we just going to end up where we began, only with a lot of complex overhead? Instead of having just one core that can do all these computations? Or does that mean more of a software scheduling problem and more by-hand optimizations? I'm confused...
I don't mind throwing my key drive over the table to someone I don't know.
Big nerd alert, but I carry two of 'em, they're super small now, after all. I have one for me, and one disposable recyclable that can be a flash bios installer or an xbox memory card or whatever it needs to be. Amusingly enough, I use them often enough for this to be useful, but only just.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
As a security measure, use truecrypt on a machine which NEVER accesses the internet. You can call it a data server or you can call it a computer not connected to the outside world.
You probably don't want to store your sensitive information on a laptop which connects to the internet. It wont take long for some hackers to download the information off your truecrypt encrypted laptop using the rootkit they installed or even the rootkit built into Windows, or that last CD you bought from Sony.
I don't think anyones going to crack AES. I don't think anyones going to true, government or criminal.
It's a lot easier to simply sniff your password as you type it in than to crack AES. That's the problem with passwords, they leave you open to side channel attacks, and if you use a password and an internet connection it leaves you open to rootkits.
Don't use Truecrypt in Windows.
If you access the net, truecrypt wont do you any good.
Can I use the whole disk encryption on a system with multiple OS' yet? If I have windows and linux both installed, I can only encrypt the windows side with truecrypt, and I can't use GRUB.
Shouldn't you be worried more about the foreign intelligence agencies rather than your own?
It's simple, anyone who wants to know all your secrets probably isn't looking out for your best interest. They want a competitive advantage.
When you write your business plan or are doing research, the last thing you want is for your competitor to steal all your ideas and work and take the credit. There is great financial incentive to keep secrets, because being able to keep a secret is the key to success in the business world as well as in war.
Since I didn't understand anything you just said, and I'm a C# Programmer who has Ubuntu installed on a few machines, I highly doubt the $10/hour lunk at the airport is going to notice...
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Would this even be necessary? I can install and run Truecrypt off of a USB Thumb drive or an SD card on a Win or Lin based PC.
Yes it's necessary, because currently in Windows there's no way to run TrueCrypt unless you have admin privilege on the target machine.
The original parent wanted to use TrueCrypt to secure data before transporting them (so the loss of the USB key isn't a critical leak) and then being able to retrieve the data from the USB key once arrived at the destination, EVEN if he doesn't have admin access on the machine on which said key is plugged (and thus can't install TrueCrypt from the key).
If you use a Windows PC to install the Win version of Trucrypt, and then plug the SD card into a Win-based PDA, would it not function normally?
No. Won't work. The only thing that "Windows CE" and "Windows XP" have in common is having the word "Windows" appearing in their names. As other have pointed out both don't even run on the same architecture (x86, AMD64 and Itanium for WinXP ; ARM, MIPS and SuperH for WinCE).
So :
- either you run the usual TrueCrypt on a portable device that runs Windows *XP* (or Linux or BSD or Mac) - this was my first suggestion, anything cheap like an Asus EEE PC or an OLPC is OK.
- or you use a PDA running Windows CE (or Palm OS, or Symbian, or RIM) and use a TrueCrypt version that was adapted for the differences and recompiled for the processor.
That was my second suggestion : if there exist a version of TrueCrypt which works on PDA, then the PDA could be used to do the decryption (but stock WinXP software can't run on WinCE).
Linux is an exception : the Linux running on PDAs (Sharp Zaurus, Nokia Maemo, Trolltech GreenPhone, OpenMoko/FIC NeoRunner, etc...) is much closer to the full Linux running on desktop.
Usually the graphic interface is different (often the PDAs don't have X-Windows but use special purpose GUIs) but the system are POSIX compliant and any console software usually run as-is after being simply recompiled from source (because the processors are still different and the binaries are different - but the source is the same for console applications).
So that's the exception to the rule.
Note: That also true for a lot of different Linux enabled appliace (modem/routers, file servers, etc.) - although lots of them have very limited resource which put a hard top at what you can manage to get run.
Also, Apple is touting that their desktops' Mac OS X and the iPhone and iPodTouch's OS X are similarly very related, and some developers (like Epocrates who are making medial PDA software) have mentioned that porting their application to the portable OS X was a matter of couple of days.
On the other hand, I haven't heard the iPhone / iPodTouch having a POSIX-compatible console environment (still hearing that the current SDK imposes limits on what can be done), so I don't know if getting a console application to work on those platforms is a simple matter of recompile.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
try Locknote http://sourceforge.net/projects/locknote or https://www.steganos.com/us/products/home-office/locknote/overview/
for text only...very good little portable one-file self-encrypting note pad
I would love to use this at work but I can't trust that our users wont forget their passwords. To be able to set a second password to decrypt the content would be very nice. I know that some of the commercial products out there do just this, so I know it is possible. How they do it is a mystery, but they do.
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
Read this and see how truecrypt actually does hidden OS partitions. There won't be 15G of free space floating around in the middle of your decoy OS partition. The hidden OS volume is inside another truecrypt volume that is meant to be on a separate partition from the decoy OS. Just look at the diagram on this page and you'll see how very off you are:
http://www.truecrypt.org/docs/?s=hidden-operating-system
It doesn't matter how much your decoy OS partition gets filled or fragmented, it won't have any effect on the truecrypt partition. All the rest of your points become moot with that simple realization. Your criticisms are all very interesting, but they don't apply to truecrypt as it's actually used.
PROTIP: Read the documentation on a product before criticizing it.
Seriously. Don't you dare reply to this until you've read and understood the whole page I've linked you to.
Since I didn't understand anything you just said, and I'm a C# Programmer who has Ubuntu installed on a few machines
No no. If you want to make yourself sound like you know what you're doing, you can't use an MS programming language on an uber-user-friendly Linux distro. Try this:
"You ignorant clod, I'm an awk and sed programmer who's got a basement cluster with a custom build of slackware...."
By accessing a windows volume via a linux volume on a dual boot system you can transparently read an encrypted volume on the USB. I don't know if this would apply to a true-crypt USB volume as well
If your drive has a label on it that says it's a 250Gb drive.
Let's say you have a dummy Windows install, which takes 150Gb and you reveal your dummy "secret" Linux install, which takes 50Gb, but keep your real uber-secret Linux install hidden. If "they" can do simple math, couldn't they figure out that there's 50Gb missing somewhere?
Just a thought
Fish
Is it me or is there no Debian package? I see an Ubuntu package. I don't want to compile from the source. Also, I also read that it requires sudo? Is there a way around this as a regular user?
Also, is there a port for old Mac OS X 10.2.8?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
As a Perl-Fu artist who has been living in a world of *nix for the past 12yrs. Let me just say that seeing someone use Ubuntu doesn't clue newb to me.
On the contrary, Ubuntu is the only system I have seen that provides functional GUI interfaces that don't cause me to have to jump through hoops to do any sort of advanced manual configuration.
I'm all for power, but someone who chooses Slack or regular Debian over Ubuntu is probably the type who likes hot wax poured on their balls.
This disk usage tracking method of spotting a hidden volume. Am I right in guessing this would only work for largish volumes? I can't see it working for a hidden vol of a few hundred megs in a 100GB encrypted volume. I'm wondering what sort of info a terrorist would be carrying that would be that sensitive and so large. A few names and plans don't run into gigabytes.
Anyway, I'm not a terrorist. I can't think of a circumstance where I'm ever going to get tortured for a password. More likely is a criminal trying to access my data. I guess it's possible the police decide something you think is fine is against the law. All you need at that point is plausible deniability - i.e. the burden of proof cannot be satisfied and therefore you cannot be jailed for withholding.
It was my understanding that FAT was selected because it's inherent properties allow for plausible deniability which was a stated feature and goal of the TrueCrypt project.
TrueCrypt 's home also shows off their 1-16Gig USB Flashdrives ...
and i noticed a spec about them that surprised me ..not being any Flashdrive expert:
It seems that it takes more current (5% more!) to READ a flashdrive than to WRITE to it!
eg:
Power Requirements:
Write: 5 VDC @ 100mA
Read: 5 VDC @ 105mA
Can anyone explain?? specially considering that as far as i know, WRITing requires 'heat', no?
"There are 11 kinds of people: those who know binary, those who don't, and those who could not care less!"
They won't need to look that far, the fact your laptop doesn't run windows or OS X will give them an excuse to detain you for hours.
You say you use Truecrypt but you don't even understand how the plausible deniability works.
Situation 1) You give up your master password to your interrogaters to avoid further torture. Unfortunately, you can't prove that there's not a hidden volume there still. (assuming there's some free space) So they'll just keep torturing you.
Situation 2) You can give investigators all the passwords you want except the one special one, you can appear to be cooperating by divulging all of your porn, tax records, etc, except for the super secret data you're on trial for.
Give me Classic Slashdot or give me death!
What really would be a useful option is to have a third password. When you type this, it should write over all the data on the hidden volume (slowly & silently!) with really random bytes. This in the case you really don't want to take any risk that it falls in the wrong hand, or you are not strong enought to resist the prospective waterboarding..
TCExplorer 1.6 can't view TrueCrypt 6.0 containers. Gives the error "Not an OTF Volume or incorrect password" (I double checked the password) on WinXP SP3. And I had my hopes up for a replacement for PortableVault :(
Anyone know which version of TrueCrypt WILL work with TCexplorer?
"When information is power, privacy is freedom" - Jah-Wren Ryel
There's another security option for the paranoid that I don't hear people mention very often: Virtual Machines. Simply encrypt the Virtual Hard drive when you're not using it. Keep all your sensitive data on the VM. Play StarCraft on the regular machine.
I learned Linux on Slack. I used Gentoo for about a year. My current job has me working with half a dozen UNIXes. After all that...I run Ubuntu at home. It's pretty, it's hassle-free, and it's Linux. All-around awesome.
It is pitch black. You are likely to be eaten by a grue.
Truecrypt rocks harder every release. I think it is now safe to say they have superseded Drivecrypt Plus Pack DCPP which costs hundreds of dollars. It is also probably safe to say they have in essence created the best encryption software available, commercial or free, and in an open source environment to top it off. LMAO @ rot13 "first post"
I'm not really a Windows guru or anything, but I noticed one of the options checked by default when installing Truecrypt 6 is to "Disable Windows paging files". I was under the impression that disabling Windows paging files would alter the system's ability to use virtual memory and thus slow everything down. Is this necessary to maintain the integrity of a hidden volume or will keeping the page file active corrupt it?
I'm all for power, but someone who chooses Slack or regular Debian over Ubuntu is probably the type who likes hot wax poured on their balls.
It is patently obvious that you don't know what you are talking about. Debian Unstable is so robust and configure-everything-for-you that I've forgotten-thru-disuse much of the manual tinkering knowledge I gained back when I used "newbie-friendly" Mandrake.
"I don't know, therefore Aliens" Wafflebox1
Just to let everyone know.
So for anyone else looking for a FOSS alternative to PortableVault:
TCExplorer 1.6: http://sourceforge.net/projects/tcexplorer
TrueCrypt 4.3a: http://www.truecrypt.org/pastversions.php
Eraser Portable: http://portableapps.com/apps/utilities/eraser_portable
"When information is power, privacy is freedom" - Jah-Wren Ryel
Fuckers!
Oh my god how I hate vanity licenses..!
Since I didn't understand anything you just said, and I'm a C# Programmer who has Ubuntu installed on a few machines, I highly doubt the $10/hour lunk at the airport is going to notice...
You're just upset because you can't fetch $10/hr, yourself.
Be that as it may, if said customs agent thinks you're suspicious, he's going to lock you in a cage until an expert can examine your hard disk. An expert whose resume is longer than "C# certified, and can insert a LiveCD into a CD-ROM drive".
If you're not going to use TrueCrypt correctly, why use it at all?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
As a Perl-Fu artist who has been living in a world of *nix for the past 12yrs. Let me just say that seeing someone use Ubuntu doesn't clue newb to me.
It was "I don't know what a superblock is" that clued newb to me. I mean, come the fuck on.
I'm all for power, but someone who chooses Slack or regular Debian over Ubuntu is probably the type who likes hot wax poured on their balls.
How the hell did you know that?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
A quick suggestion, for something a little easier than TrueCrypt (if you're not worried about plausible deniability): Encrypting File System. You need to be using a business/profession Windows edition, and the drive needs to be formatted with NTFS (not the default FAT). You put files onto the drive, then right click them (or the folder they're in) and select Encrypt. The files can now not be opened by anybody other than you (specifically, your user account in Windows). However, to your account, the decryption is completely transparent.
Of course, you can't use this to share data between accounts (even if they have the same name/password) unless you backup the encryption keys (possible but more complicated). Also, the file/folder names and metadata are still visible. Nonetheless, it's one of the easiest approaches to encrypting sensitive data on a potentially shared volume.
Note that Macs can't, last I checked, write to NTFS (though they can read it). Linux has RW support.
There's no place I could be, since I've found Serenity...
I plead the 5th.
You can't make me incriminate myself. I will not explain seeks, and I will not give you passwords.
To say that it would take a cracker "many years" to break TrueCrypt's encryption is a gigantic understatement. He would not have enough lifetime to do it (and there probably aren't enough years left on Earth to do it, anyway).
And if even that's not enough for you, TrueCrypt has built-in support for layering algorithms on top of each other. I've always been amused at the idea of a cracker laboriously using some super-secret method and years of number-crunching to finally break the AES-winning Rijndael encryption on a particular TrueCrypt volume, only to find that the encoded data is another ciphertext encrypted with one of the runners-up!
Way to keep up with it, /.
6.0a was released today...
http://www.truecrypt.org/news.php
The past 3 versions have all had "a" releases within a week of the original.
I'm a semi- geek when it comes to Windows, a non-"Power User". But I had a need for this so I thought I would give TrueCrypt a whirl, and had a real nightmarish day and a half.
This being slashdot, I'm only inviting flames about the various things I'm doing wrong. But it does seem to me that TrueCrypt is missing a very obvious feature--encrypt other partitions in the same manner as the boot partition (that is, online and allow them to be mounted transparently) that would have saved me a lot of grief.
See, I have C: and D: partitions, and all the user profile directories are on D:, because that's how our IT department sets things up. Do you see what's coming? Well, I encrypted the system partition without a problem. But now, the D: partition needs to be encrypted, and there's no way to do that without destroying it.
Okay, fine, "back up" and "restore", right? Except that applications, including TrueCrypt and Windows, are pretty highly dependent on the presence of that profile directory, as I learned to my moaning grief. (Yes! TrueCrypt apparently stores which volumes you want "automatically" mounted in your profile directory!)
One new TrueCrypt-encrypted NTFS filesystem later, and I realized there was no way to get the thing mounted before anyone logs in. Or rather, there probably is a way, but it's nothing like editing AUTOEXEC.BAT or something simple. There are registry keys that can be edited but "startup" in Windows-land always seems to refer to "user logs in" and not "boot time."
Additionally, the TrueCrypt command-line did not seem to work as advertised. I'm not a genius but I do carefully read documentation and double-check command-lines before I issue them, and it should not have been possible for TrueCrypt to attempt to remount and repair the system partition as another drive letter, but it did. So I gave up on my dream of having an encrypted C: and D: mounted at boot time, so the user profile directory can be there waiting for the user to log in.
Did I mention how grumpy Windows and everything else gets when the profile directory goes away? Very grumpy indeed. A forest of "registry may be corrupted" error messages greets any attempt to change anything, and so forth. After struggling with these kinds of issues for some time, I really just wiped D: for good and let the system "rebuild" the profile directories on first login. Now I have a bunch of reconfiguration to do and things still aren't right (for example, start menus aren't correct because lots of programs had shortcuts in D:\Documents and Settings\All Users\Start Menu).
It really seems to me that this is not that unusual a situation (two partitions need to be mounted to boot the system) that should be accommodated by something like TrueCrypt. I'm disappointed in TrueCrypt, red-bloodedly refreshed in my hatred of Windows and harboring evil thoughts toward my company IT department.
demi
couldn't you just mark the any such book-keeping blocks from the first 'decoy' filesystem as bad blocks when creating the second 'super-secret' filesystem?
So how is my post a flamebait?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Update - 6.0a was just released today 7/8/2008. http://www.truecrypt.org/news.php
I am still in shock. A reasonable point of view. Wow.
Which is why you can now hide entire OSes. Just give them the pass for Windows or ReactOS...hey it doesn't need to do much, just give them the same false sense of security that they give us.
--
What's needed to avoid this is *complete* deniability; something which I don't think any software can offer.
That's a fantastic idea.
Truecrypt could certainly offer a feature to scan all blocks on a drive and make a map of which blocks are accounted for by currently exposed volumes, if running from within those volumes.
Wow, I'd consider this essential if your Mallory is capable of torture.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
You have a major flaw in your argument: you assume that it works this way:
torture --> get valid information ; repeat
One of the big problems is that "valid" is by no means established And if you torture you've debased yourself so thoroughly that you may as well kill yourself.
You probably think torture is justified at times. And you probably love hypothetical arguments about situations that'll never happen.
I am going to totally agree with you here. I live in the US and work for a company that has a mobile workforce. All laptops leave with drive encryption, mainly b/c we don't want any of our data getting into the wrong hands. The entire volume is encrypted, no hidden volumes etc. A lot of people seem to be very insane when it comes to "the courts" and "the government" however, the majority of these paranoid individuals most certainly have never come into contact with anything close to what a government would classify "confidential or sensitive". My take on the whole thing is this: Most computer security freaks deal in an alternate reality based on too many movies and not enough real world experience. In all of the years that I have worked with computers in multiple business subject to scrutiny of some sort, I have never once had the NSA men in black bust in through the roof and demand that I decrypt a drive or else. If you are on the up and up, then chances are, you will never have this situation occur. If you do, then it may be a good time to put down the dropper full of LSD that is making these delusions seem so real.
FTA:
Google Desktop is another culprit that exposes hidden files in TrueCrypt versions below 6.0, according to the report. The Google app's lists of recently changed documents and logs of recent file actions can reveal the existence of a hidden file.
Really poor phrasing. It makes Google Desktop look like the offender, when in actuality it ended up being a useful tool in pointing out a vulnerability (and perhaps correcting it).
Beetle B.