Recommended Alternative to TrueCrypt

I'm not at all worried about that.

First of all, I legitimately cannot remember any of my passwords. They're too complex.

Second of all, I've got the Daffy Duck image going for me. The authorities would expect me to be stupid.

Just for the record, I really do like the old Warner Brothers and Hanna-Barbera cartoons. My favorite characters include:

1) Daffy Duck - of course

2) Tweety Bird

3) Deputy Dawg

4) Roadrunner

-------------

That's OK. I used to be naive too.

 

operamail works great with TC Forum.
Just get an account there and sign up

https://mail.opera.com/

I did it myself few weeks ago.

 

Kudos for your kindness and that little tidbit of information.

I'll be sure to check it out.

Thanks again!

 

but that is exactly what happens in my country,No encryption will be any good when I myself provide them my passwords on a plate after seeing the size of 5$ Wrench

one cant play that card for too long,they will make you remember anyway.

 

Not a chance. I'm not smart enough to remember my passwords. My dog is, however. But he is very loyal and will never talk.

 

Does having a hidden volume inside an encrypted outer container really provide any security?

Lets consider the scenario. Someone is examining your data and asking questions. They see a 100GB file/partition that has an obscure name or appears unformatted. They have tools that can probably tell its an encrypted container.

They ask you for the password and you give it to them. It turns out there's only a few MB of data in there (because the real data is in a hidden inner volume). Isn't that obvious to them? They can't 'prove' there's a hidden volume, but they don't have to, and the same tactics apply, and they can force you to divulge the password to the hidden container as well.

 

Also the most likely thing to happen is that if there is any suspicion at all, they aren't going to subject us to any 'interrogations' but simply confiscate the laptop/disks indefinitely, and they are well within their rights to do so.

The end result for us is the same, loss of data.

 

God almighty.
What sort of neighbourhoods do posters here live in.?
Interrogated.
Passwords beaten out of them.!

Instead of encrypting your hard drive i would suggest moving to another town or city.

 

LOL! Yeah, move to a different country!

Defcon: In due process societies, it's "prove", not guess/assume. All their questions can go to a lawyer, not the owner of the data.

Also, you should have a backup, offsite, of the entire encrypted drive/volume.

PD

 

hence why your supposed to actually use the decoy not just have it for shows, goes for non OS volumes as well , having nothing but a excel spreadsheet on it might be a bit suspicious indeed , TC does require some common sense afterall as does anything else you do

 

Sad but true, especially in countries such as US, land of the free and the home of the brave. Mind you, but you really gotta be brave to keep your mouth shot when they use that $5 wrench to crack open your skull.

 

Actually, as much as I agree that the US is heading down a dangerous path...it still doesn't happen there that I have found. They actually are up 2 to 1 on the federal courts agreeing that passwords can't be compelled. And that "1" wasn't tested, as the owner's ex husband gave up the key before she could be ruled on.

PD

 

False. As long as you can read and understand the source code, you could have not the slightest clue who the programmer is and still be able to preclude beyond even a shadow of a doubt that a piece of software has a backdoor.

#1 is useless if you choose passwords you honestly don't remember, or if you utilize hidden volumes.

#2 is useless if you use a source-available software that you know doesn't have a backdoor.

#3 is useless if you follow proper security protocol and use a known, thoroughly-tested, unbroken algorithm and a strong passphrase, all in a properly implemented fashion.

I seriously doubt we have to worry about anyone bruteforcing an AES-256 ciphertext encrypted with an 80-bit entropy passphrase that has been implemented in a, e.g., TrueCrypt fashion.

Yes.

To register, true...to post, false. It says it straight on the registration form [go here and click "agree"]:

Important: Due to excessive forum spam and other kinds of abuse, a new member cannot post if his or her forum account is associated with an email address provided by a free email provider, such as Gmail, Yahoo, Hotmail, etc. (Remark: Ever since this restriction was imposed, there has been practically no spam and practically no abuse on our forums, so most users benefit from it.) If you wish to post, you will need to enter an email address provided, for example, by your ISP (internet service provider), employer or school. Note: If you enter a non-existent or free email address, a forum account will be created for you and you will be able to log in, but you will not be able to post (other activities will not be restricted).​

And believe me, it's true.

 

I'm not sure what you mean by "they don't have to". That really depends on the context. A 1st world government would essentially have to. And even if they or any other attacker didn't have to...if you want to play that game, they don't even have to get any files from you either. They could just torture you for fun. Anyone can make up hypotheticals.

The point is a TrueCrypt container gets its size at the point of creation. A 100GB container with only a few MB of files doesn't mean there's 100GB of data hidden within it. What it sounds like you're saying is the equivalent of someone buying a house, and on the first day of the move in, after he's only unloaded one room's worth of stuff, someone breaks in and demands to know where all his valuables are. And when the homeowner explains he doesn't have any more stuff in the house, (according to you) the robber can logically reply "NONSENSE! This house is huge! You obviously have more stuff in it."

"well within their rights" to take possession of private property without the owner's permission. Lovely.

a) I'm pretty sure the result of someone gaining possession of your secret files in plaintext is quite different from someone gaining possession of your secret files in ciphertext.

b) no real "loss" of data takes place in either situation, provided you simply keep a backup.