Discussion in 'privacy technology' started by dallen, Sep 18, 2005.
No problem downloading them here with FF.
I tested this with TrueCrypt, and you are right. Only one hidden volume can be made per volume. In the attempt to create a second hidden volume, the first hidden volume was overwritten in the format process.
Of course you can nest regular volumes without limit, so you could put a second volume (containing a hidden volume) within another volume. Not quite the same thing, but it's a start (and it is in windows).
Thank you for the info and the wise advice.
Wonder why that is ?
Is it possible for you to Upload them both to one of these sites for our benefit, if you wouldn't mind.
Tell me about it. In the not too distant past, I thought all this encryption stuff was just for crooks and spies, not ordinary people. But criminals are actively targetting people regardless of their security knowledge. We need to defend ourselves from these low-lifes because governments are not going to do it for us.
Never read the book, but it sounds like it would be a fun fantasy read.
Do you recommend it?
I am not knowledgeable in the legal area in regards to encryption software. In the US, it is considered a munition and has severe export restrictions. It may be possible that they are blocking your ip address if you are outside the US (or even proxied). Uploading encryption software may be considered the same thing as distributing it and may be illegal here. Sorry, but I'd rather play it safe.
Dan Brown's digital fortress? Well it's a fun read, but there are many glaring errors when it comes to technical matters, so I wouldn't recommend learning the basics of "encryption stuff" from it.
Some of it struck me as wildly impossible or wrong, but what do I know?
What you mentioned sounds a lot like one of the fantasy ideas in the book.
So called "rotating cleartext" algothrim with a time invariant function. The idea is to make it immune even to bruteforce.
I've got a lot to learn about encryption but thankfully there are experts and many others here at Wilder's willing to help increase our encryption knowledge level. Threads like this help a great deal.
Not that it is related to this thread, but for those interested in learning more about encryption, here are some books that may be of interest.
So has anyone here used both PGP Home Desktop 9 (the PGP Disk component) and TrueCrypt 3.1a?
Not counting the Open Source/Closed Source issue, which is better?
Which is easier to use? (creating mountable volumes, working with them, etc.)
Can PGP Home Desktop 9 make hidden volumes?
What do you consider to be the best encryption software on the market?
PGP is pretty good. http://www.philzimmermann.com/EN/findpgp/index.html
That's a great link.
It answers a lot of questions like where to get the free / trial version of PGP, etc.
I couldn't find anywhere if they have an upgrade from version 8.02.
Do you think they have an upgrade policy or do you need to buy the new version again?
Found this link on the PGP site. http://www.pgp.com/products/upgrade/upgrade_faq.html#upgrade_process1
Has anybody here used DriveCrypt and /or DriveCrypt Plus Pack?
I saw that DCPP can even encrypt the OS
If you are intereste you might want to take a look .
Link removed: Use Google please : Pilli
To come back to the original topic - here you can read a "review" from Mr. Schneier about XorIt:
My comments to this: I didn't expect anything else
Well, as I say, his opinion on OTP is well known. If you were surprised that he thinks OTP is snake oil then you would have to live on another planet. Thanks for posting this link.
(Incidently, my program was not the original topic.)
He doesn't think OTP is snake oil, merely the (faulty) attempts of many vendors to mimic it resulting in an insecure product.
Well, it is now...
I stand corrected
Yes, you are right. I worded that wrong. I should have said "If you were surprised that he thinks a OTP program is snake oil then you would have to live on another planet." Here is a quote from his Snake Oil essay;
"....One-time pads don't make sense for mass-market encryption products. They may work in pencil-and-paper spy scenarios, they may work on the U.S.-Russia teletype hotline, but they don't work for you....."
He is entitled to his opinion.
Re: I stand corrected
I realy don't understand how can't you see why he is right? I mean, not just because he is The Bruce AllMighty, but just using pure logic?
What "Pure Logic" are you referring to "Mmike"?
That the files are too big? Not true.
That it is hard to transfer the keys? True, but that is not a reason to dismiss the technique. Many people use this method (not just users of my software either) for regular EMails with someone that they see at least every six months.
That is is hard to generate the keys? Not true. If you are using it to encrypt something huge then it is harder, but there are many ways to generate unpredictable files of around 1 MB. One that I have not mentioned is you open several files and cut and paste small sections (only once from each place I might note) from them at random and make one file. This file is 100% unpredictable as a whole, and still largely unpredictable in parts, while still not completely random. If you then test this file (using CryptIt) to ensure that there are no repeated nulls then it is secure for most purposes. Other options include using sections of a BBS generator output, perhaps even doing the same thing.
While I have not seen "Bruce AllMighty" I think I know where you are coming from. I think you are saying that because he is a respected member of the security community then I should see his opinion as fact. Well, to put it bluntly, I don't. I question everything, and I think you should too.
But I am not trying to convince anyone of anything. I am just trying to give a balanced debate so that anyone reading this can come to their own opinion. I even plan to link to this thread and Mr. Schneier insults from my site. If you think my software (or even OTP) is flawed then that is your right. But I find it very offensive to be accused of being a con man. and that is what people are saying when they label my software as "Snake Oil". As Mr. Schneier himself says;
'The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine. It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine.'
I have never claimed that my software is the be-all-and-end-all of security. I just claim that it has it uses and that it does work. Feel free to use it or not. It is a choice.
Re: Pure Logic
Using phrases like "completely unbreakable" on your website doesn't really give that impression, now does it?
If you don't want to be seen as a con man, you should say something like:
Thanks for the tip random lurker, but I think I will leave it the way it is. Your blurb seems a bit negative.
Besides, I do much the same now already. I have a link at the bottom of the XorIt and CryptIt page labled "Why you should consider using another program...". This then links to my FAQ which explains that Bruce Schneier thinks my program is "Snake Oil" with a link to his blog entry.
Well, the link's a bit subtle, and the "#Snake" part doesn't work, and I still feel that your blurb makes a bit too much of the program's capabilities... but as you can probably tell, I'm no advertiser ;-).
Still, kudos for doing what you have -- and for bonus points, fix the anchors on your FAQ page .
Actually all my links are like that. When I did the last site redesign two years ago I thought it would be "cool" to have grey links with a black roll over. Time for a rethink?
I do agree that the description of the program does boast a bit about what I think is good about the method... but isn't that the point? I do want people to be intrigued and try the program. But I do say that "...It is argued by some though that this will never happen due to the laws of physics!..." It is not like other companies say in their promo blurb "some feel that this method is risky as a new algorithmic weakness could be discovered tomorrow". I give a long description in the ReadMe about the pros and cons of the method so I feel that I am providing my users with the knowledge (and several links) to decide themselves.
Thanks for pointing out the FAQ link error (I think I have fixed it) and for the kudos.
Separate names with a comma.