New ACTA deal to turn public officials into DRM police

http://www.canada.com/topics/technology/science/story.html?id=ae997868-220b-4dae-bf4f-47f6fc96ce5e

The upshot is that they will be responsible for policing and checking your laptop, ipod, etc to see if you have any mp3's that you didn't pay for. The implication is that this is yet another reason they've created to search your private data storage, and yet another reason to encrypt it.

 

Yeah but if you have a truecrypt folder on your computer, won't they make you open it? Maybe if you put it in with a bunch of random pictures, they won't notice it.

I also wonder if a person can watch them while they check your laptop? A dishonest security person could copy personal files off of a laptop if they wanted. Why should they be trusted any more than anyone else off of the street?

 

If we take TSA as a model, what they do is separate you from your laptop, then go get an image snapshot of your drive, and you get your laptop back in about 30 minutes.

With the truecrypt, there was a problem with the containers. They had a plaintext file index so you could actually see if the person had a hidden partition, and what filenames were inside it.

The simplest solution to explain to TSA is you encrypt your whole disk with a key you do not know and have your employer email it to your arrival destination, encrypted with a password they will give you.

 

I'm very familiar with the ins and outs of TrueCrypt, and you're not correct. TrueCrypt is one of the most well thought out pieces of software I've ever seen. They don't take any chances with security. And, when they say there's no way to prove a hidden volume exists, they mean it. I've spent countless hours evaluating it. They have another form of plausible deniability as well, in that a TrueCrypt volume has a statistically random output. That means it cannot be differentiated from the output of other programs that have a cryptographically secure output. The header of a TrueCrypt volume is also encrypted and cannot be differentiated from the rest of the volume. The header cannot be proven to be a header, unless you have the password.

Nothing is in plaintext unless there is some vulnerability in the operating system that catalogues any file you touch. But that can't be blamed on TrueCrypt. And if this vulnerability did exist in your operating system, you could encrypt your entire system partition. They'll be coming out with plausible deniability for system encryption soon.

 

Yes, i heard about this from two different sources. What happens is, if I understood correctly, the truecrypt hidden container would be revealed by windows file indexing service capturing the filenames and storing them.

 

Then shut it off or encrypt your operating system or use something other than Windows. That's not a vulnerability in TrueCrypt. That's Windows.

The easiest solution is shutting off file indexing. But note that file indexing only proves that those filenames were accessed by the operating system at one time. It doesn't prove a hidden volume exists. It's a subtle difference.

And it's been known ever since Windows XP came out that Microsoft products are akin to a leaking hose. Even with encryption, if you've left your operating system unmodified and unencrypted, you could be in trouble (with any crypto product). But there are numerous ways to fix it. And that's especially true with TrueCrypt. I know of several ways to do it, ranging from very simple to very complex.

 

How do you shut off file indexing? I haven't tried a hidden container in TrueCrypt yet, but I assume that this also keeps a record of everything else.

 

Go to "My Computer". Right click the drive of interest. Uncheck "Allow Indexing Service....". The best way to do it though is to run "services.msc". Find "Indexing Service" and disable it. Once you do that, you shouldn't have to manually uncheck it for each drive.

But be aware that there are many other ways for Windows to store data (temp files, registry, etc.), especially when you open certain programs.

For me, system encryption is the only option. But I have a couple more tricks up my sleeve that gives me plausible deniability with the system encryption. For most people, they should wait until TrueCrypt offers the option of plausible deniability with system encryption.

There are, of course, other options besides system encryption. You can run a virtual operating system. Racoon has something called TCGINA available as well. But system encryption with some form of plausible deniability is the ultimate solution.

 

Thanks for that. By plausible deniability, do you mean like the TC hidden volume?

 

You know, that is the exact kind of broad generalization that makes you look like your incompetent. Windows Indexes drives if the indexing service is enabled, therefor Truecrypt is the problem with a plain text file name list. Also looks a bit like TrueCrypt bashing. You were more than content to say it was a problem with TrueCrypt until someone called you out on it and then you backpedaled and said that it was the file indexing service and a Windows leak that created the issue.

Also, as commented by someone else, even having the indexing enabled doesn't prove there is a hidden container any where. Only that there was a drive hooked up at some point, be it TC, external, etc, that had those file names.

 

Thanks so much for this. I am home now and am disabling the file indexing. I have also disabled thumbs.db. Those are the only two things I know to do, except I do normally have Returnil running which I assume will take care of a lot of that. I think I will probably need to learn a little more before I try to encrypt my entire system. I hope it is not too complicated. Thanks for the info.