New ACTA deal to turn public officials into DRM police

Discussion in 'privacy general' started by SteveTX, Jun 11, 2008.

Thread Status:
Not open for further replies.
  1. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Yeah but if you have a truecrypt folder on your computer, won't they make you open it? Maybe if you put it in with a bunch of random pictures, they won't notice it.

    I also wonder if a person can watch them while they check your laptop? A dishonest security person could copy personal files off of a laptop if they wanted. Why should they be trusted any more than anyone else off of the street?
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If we take TSA as a model, what they do is separate you from your laptop, then go get an image snapshot of your drive, and you get your laptop back in about 30 minutes.

    With the truecrypt, there was a problem with the containers. They had a plaintext file index so you could actually see if the person had a hidden partition, and what filenames were inside it.

    The simplest solution to explain to TSA is you encrypt your whole disk with a key you do not know and have your employer email it to your arrival destination, encrypted with a password they will give you.
     
  4. malwaretesting

    malwaretesting Registered Member

    Joined:
    May 17, 2008
    Posts:
    77

    I'm very familiar with the ins and outs of TrueCrypt, and you're not correct. TrueCrypt is one of the most well thought out pieces of software I've ever seen. They don't take any chances with security. And, when they say there's no way to prove a hidden volume exists, they mean it. I've spent countless hours evaluating it. They have another form of plausible deniability as well, in that a TrueCrypt volume has a statistically random output. That means it cannot be differentiated from the output of other programs that have a cryptographically secure output. The header of a TrueCrypt volume is also encrypted and cannot be differentiated from the rest of the volume. The header cannot be proven to be a header, unless you have the password.

    Nothing is in plaintext unless there is some vulnerability in the operating system that catalogues any file you touch. But that can't be blamed on TrueCrypt. And if this vulnerability did exist in your operating system, you could encrypt your entire system partition. They'll be coming out with plausible deniability for system encryption soon.
     
    Last edited: Jun 14, 2008
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes, i heard about this from two different sources. What happens is, if I understood correctly, the truecrypt hidden container would be revealed by windows file indexing service capturing the filenames and storing them.
     
  6. malwaretesting

    malwaretesting Registered Member

    Joined:
    May 17, 2008
    Posts:
    77
    Then shut it off or encrypt your operating system or use something other than Windows. That's not a vulnerability in TrueCrypt. That's Windows.

    The easiest solution is shutting off file indexing. But note that file indexing only proves that those filenames were accessed by the operating system at one time. It doesn't prove a hidden volume exists. It's a subtle difference.

    And it's been known ever since Windows XP came out that Microsoft products are akin to a leaking hose. Even with encryption, if you've left your operating system unmodified and unencrypted, you could be in trouble (with any crypto product). But there are numerous ways to fix it. And that's especially true with TrueCrypt. I know of several ways to do it, ranging from very simple to very complex.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    How do you shut off file indexing? I haven't tried a hidden container in TrueCrypt yet, but I assume that this also keeps a record of everything else.
     
  8. malwaretesting

    malwaretesting Registered Member

    Joined:
    May 17, 2008
    Posts:
    77
    Go to "My Computer". Right click the drive of interest. Uncheck "Allow Indexing Service....". The best way to do it though is to run "services.msc". Find "Indexing Service" and disable it. Once you do that, you shouldn't have to manually uncheck it for each drive.

    But be aware that there are many other ways for Windows to store data (temp files, registry, etc.), especially when you open certain programs.

    For me, system encryption is the only option. But I have a couple more tricks up my sleeve that gives me plausible deniability with the system encryption. For most people, they should wait until TrueCrypt offers the option of plausible deniability with system encryption.

    There are, of course, other options besides system encryption. You can run a virtual operating system. Racoon has something called TCGINA available as well. But system encryption with some form of plausible deniability is the ultimate solution.
     
    Last edited: Jun 12, 2008
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that. By plausible deniability, do you mean like the TC hidden volume?
     
  10. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    You know, that is the exact kind of broad generalization that makes you look like your incompetent. Windows Indexes drives if the indexing service is enabled, therefor Truecrypt is the problem with a plain text file name list. Also looks a bit like TrueCrypt bashing. You were more than content to say it was a problem with TrueCrypt until someone called you out on it and then you backpedaled and said that it was the file indexing service and a Windows leak that created the issue.

    Also, as commented by someone else, even having the indexing enabled doesn't prove there is a hidden container any where. Only that there was a drive hooked up at some point, be it TC, external, etc, that had those file names.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks so much for this. I am home now and am disabling the file indexing. I have also disabled thumbs.db. Those are the only two things I know to do, except I do normally have Returnil running which I assume will take care of a lot of that. I think I will probably need to learn a little more before I try to encrypt my entire system. I hope it is not too complicated. Thanks for the info.
     
Loading...
Thread Status:
Not open for further replies.