Recommended Alternative to TrueCrypt

What I am looking for:

1) Plausible Deniability, which I would guess would only be possible with Hidden Volumes.

2) On-the-fly Encryption and Decryption.

At present I have TrueCrypt (free) as well Kruptos 2 (paid for). Can anyone advise me as to which I should use - or an alternative to these two? Right now I am most interest in an Encryption program for the Win 7 computers.

Systems:

1) 2 computers on Win 7 64 bit ultimate

2) 1 computer on Ubutu Linxu

Despite my self-depreciating avatar, I am not a complete and utter idiot.

I am, however, relatively new to encryption.

 

http://diskcryptor.net/wiki/Downloads/en

http://diskcryptor.net/wiki/Main_Page

http://diskcryptor.net/wiki/Downloads/de

 

sepihi, Much appreciate your suggestions. After I read up on DiskCryptor, I will hopefully be able to respond more intelligently.

Without reading much, however, I must say that I believe it's worth exploring. For me the principal appeal is that it is not "mainstream".

Thanks again. Gotta go.

 

http://www.jetico.com/encryption-bestcrypt/

You have to pay for it and it's closed source but I trust Jetico. I use their TotalWipeOut & BCwipe products and they are really great.

 

OP,

The flipside of this is that TC is tried and tested to be beyond LE's ability to break in. There are scores of major court cases where the encryption has held up without fail. One reason its mainstream (using your word) is because it is so entirely proven to hold up.

I am not saying you need to withstand a LE attacker. I am saying that even for the "average joe" why not use a product that has proven to hold under the most intense scrutiny.

I personally have seen the code and its solid.

 

Maybe FreeOTFE is worth to considering
http://www.freeotfe.org/index.html

 

So much information and so much direction to explore.

I cannot say Thank You loud enough or long enough. Unfortunately it's almost 1:00 am and it's been a long day.

Please understand I will do my homework tomorrow and then annoy you even more with questions.

Sorry if I am a PITA.

 

The keyword of every encryption program for the user is trust. Unless we work together with the programmer, there's no way (beyond reasonable doubt) to know that software does not have backdoor.

Thus, deploy a Russian doll fortress method. Here's what I mean: You must have at least 3 preferred encryption softwares.

Software A
Software B
Software C

Computer running OS:
1. Fully encrypted hard disk using Software A.
2. Decoy OS.
3. Design your own destructive mechanisms - partition destruction password, haywire keyboard (using keytweak), freezing and crash hot key.
4. Create file container using Software B. Inside it, create another file container using Software C (different encryption eg. cascading AES+Twofish). Save your sensitive stuffs in here.

USB/secondary hard drive:
All the above steps except 2 and 3 (as it's passive storage).

I know these sound like overkill paranoid. Your adversaries can make copies of your hard disk but your self-devised destructive mechanisms will save the day. As long as you do not give in to your adversary's threat/torture, say good luck to anyone trying to crack your hard disk.

 

Interesting. How to make them?

Thanks.

 

hey redcell , why go through the pain of creating another file container within a file container , why not just use a decoy/hidden volume setup for your non os hdds ? and those destructive mechanisms , wouldnt they just arise unwanted suspicion unlike a regularily used decoy os and decoy volume wouldnt, id like to hear more on this

 

Why would you recommend something that hasn't been updated in over 2 years..?!

 

This is based on personal experience: A highly-trained forensics adversary will know for certain if a non-OS HDD is encrypted just by looking at the initial volume/partition layout - without even hexing yet. It doesn't matter if it (non-OS HDD) has decoy/hidden.

The next course of actions your adversary may carry out:
1. Threat or force you into giving in.
2. Identify the source of encryption software. Easy backdoor from maker.
3. Bruteforce or loophole gaining access. (This is where 2nd & 3rd software protect you)

I advise all encryption and privacy lovers:
■ Do not be lazy to backup and encrypt your files properly.
■ Choose password that makes you hard trying to recall its sequence everytime BUT something you can recall when you're on a remote island for months.
■ Always pretend stupid (seriously).

 

Doesn't Truecrypt, for example, allow you to decrypt/access the hidden volume without first requiring you to be able to decrypt/access the non-hidden volume? Such an approach seems geared towards plausible deniability. The same software is being used to access both so both would be at risk if said software had a weakness or backdoor.

If you truly nest one encrypted container within another encrypted container then you absolutely must be able to decrypt the outer one first. Two steps and presumably two password/keys. Two different encryption/decryption programs if you wish as well. On top of that, you can have an unlimited number of inner containers, allowing you to only decrypt/mount that subset of data you need to work with.

 

Still reading and processing all the information you provided. With regard to what I am looking for:

1) I want the most secure encryption - on the fly encrypt and decrypt (I will probably carry the key on a USB thumb drive.)

2) I don't care if I need to pay for it. I want the best.

Please feel free to tell me I am dumber than a box of rocks. Not a problem. I have a substantial ego. I also realize that life is about constantly ascending learning curves - and then you die.

Hence, the Daffy Duck avatar. That is how I see myself.

I don't know what an LE attacker is.

--------------
And this is one reason why I have difficulty with TrueCrypt:

When I tried to join their forum, I was asked to provide a non-public email address. While they want to know everything about me (in this case I really don't care however), they remain hidden somewhere in eastern Europe. Also, I hear reports (true or false, I don't know) that TC can be cracked.

 

Going through everything step-by-step.

Please excuse me for thinking out loud.

--------------

I know for a fact this cannot be done.

--------------

I have always wondered about that. According to the TC manual, which I haven't read in its entirety, the hidden volume would appear as nonsense characters?

 

lols no you dont need an public email thats a lie , just get a regular email like from vmail and register there use that email to sign up , no prob, no tc cant be cracked unless proven otherwise , and yes the hidden volume seems like random nonsense characters , mind you but the outer doesnt , dont matter , theyll know that your using encryption with your hdd , nothing bout the hidden part thou , hence hidden as you correctly stated

@redcell

ok , i think you misunderstood me i meant not that a forensics investigator will not know about me using encryption on my non os drives , of course he will and no he doesnt even require hex for that , and i actually meant that having these so called "destructive" mechanisms arise suspicion not the encryption since any trained forensics expert will realise this in a sec that encryption has been used , so for what the destructive mechanisms for , it only adds to theyre level of suspicion adding you into a even smaller corner there , and possible charges of evidence destruction, again not in your favour , point is to not give them any reason to believe there being any evidence in the first place wich you have successfully not done by this method of self destruction wich can be bypassed fyi , mind you under current law simple encryption by itself is no reason to have suspicion since alot of people that value theyre private data use encryption , anyhow all this doesnt change the fact that he cant crack it unless i give in under torture or such as you mentioned, bruteforce , loophole , backdoor , has been taken into account and none have come into existence with the current TC , unless someone here

knows better , do tell , thou i do understand your approach to create another encrypted container within the encrypted volume and within that another one , seems abit overkill , thats unless you dont trust programs like TC wich seems like a good idea in general if the program wasnt already trusted and tried by alot of privacy and security advocates, im always looking for improvements and am far from lazy just trying to justify the container within an container on an encrypted os or seperate volume thats all , not to mention wich other programs to use since i dont know of any other that has been as rigorously tested as TC ,id like some more feedback, maybe we can get some more ideas on this , im interested in what you have to say, im always up for improving my setup and if its a trusted and tried way ill gladly give it a spin

 

happyyarou666,

I just wanted to take a moment and thank you for the following:

1)

I do have a private account but did not wish to use it. Will check out vmail however.

2)

I may be completely ignorant of some things. Of this I am not. You cannot overwrite your sensitive information with 0's and 1's in any reasonable amount of time (depending on the amount of data of course). Deleting partitions, etc. is utter nonsense. I have done so many times (by accident), reformatted the partitions, etc. - and fully recovered everything that was ever on that partition.

Nuclear weapons or launching your hard drive into outer space are, however, options. Even taking a hammer to it doesn't always work.

3)

So, happyyarou666, unless you have a multitude of persona and aliases all over the net, I will assume what you are saying to be the best advice possible. Why? Because so many other knowledgeable people say the same thing.

As far as private "for sale" programs are concerned, I don't trust them - for the obvious reason that I would expect a back door to be available. My reason for being suspicious about the developers of TC is probably also a good reason to trust them, namely that no one knows who these developers even are.

So, as far as I'm concerned in looking both ways before I cross that proverbial one-way street, TC looks to be the way I will go.

For what it's worth, I was in ShenYang, China on business quite a few years back. I carried files with sensitive information with me of course - and not encrypted. I had hidden them nicely in my hotel room but always wondered if they had been accessed.

Suffice it to say that I no longer wish to be naked and bent over in public again. (sorry for that imagery)

In conclusion, let me just say that all of you have been really kind to assist me and give me the best advice you know to be true. I sincerely do appreciate all of you and feel privileged to be a member of this forum.

Rest assured that I will, however, be the biggest PITA you ever imagined. My apologies accordingly.

 

no problems matter of fact we thank our members here that contribute interesting topics of discussion , we all improve from that , no matter how experienced one may be , theres always room for improvement , as they say life is a never ending learning process

 

Hmmmm, this holds some truth

 

I couldn't join with my Gmail account, even though it's the account I've had since it came out in 2004, but my ISP gives us the ability to make our own email addresses under one of their domains, so I just created a new email address and then before signing up for the TC forum I made sure it forward everything to my Gmail account, and now I've had an account on the TC forum for a while now.

 

Yes, I do know that. But I chose to use a more secure email address that I had already purchased.

Thanks for helping.

 

Well, how my ISP does it is that .com is their main domain, and .net is where they give us email, they even have their own .org site as well, and all 3 are separate web sites.

 

an fyi , vmail.me got kicked from its provider , theyll be up shortly and back in buisness again

 

They could do this to beat the hidden volume's password out of your mouth.

 

The problem with the movie plot threat of beating you, is that it just doesn't happen in my country to citizens. Plenty of encryption court cases prove that to be so. Nico Scarfo Jr. wasn't beaten. Both defendants in the Colorado and Atlanta encryption cases weren't beaten, and heck, even in Brazil, Daniel Dantas wasn't beaten. Fun to talk about if you are an A #1, has a nuke, bad guy that get's 'Renditioned'...but other than that...

PD