TCHunt Beta

Discussion in 'privacy technology' started by e4m, Feb 25, 2009.

Thread Status:
Not open for further replies.
  1. e4m

    e4m Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    11
    I just tried this software. It found all my TrueCrypt files. Not that I'm worried. I don't have anything to hide, but people using TrueCrypt who do should sit-up and pay attention. I used TCHunt alpha version last month and it wasn't that impressive, but the detection seems to have improved a lot with this beta release. :eek:

    I would post this to the TrueCrypt forum. But they have banned posts related to TCHunt.

    http://16systems.com/TCHunt/download.html
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If TrueCrypt is again employing security through obscurity, that doesn't make me feel good about them, no matter what they are giving away.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Steve, there is no security through obscurity that I am aware of. But it is pretty easy to find a TC container through normal methods used to detect encrypted files. From TCHunt site, about how does it work?
    The idea is nice, but I get the feeling that the author is trying to scare the users of TrueCrypt. The users of encrypted containers, no matter how they are created (and by what program) should be aware that a forensic analysis will reveal the presence of encrypted data and may raise suspicions. So a program as TCHunt should serve to increase awareness, not to scare users into not using TrueCrypt.
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That should not be the case. As I understand it, AES encryption should be indistinguishable from noise data.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It is, but the problem is like this: how much noise data you have on your HDD except encrypted containers? :)
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    most of my freespace is noise. I have it rewritten as noise when i do nightly freespace wipes.
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Freespace, yes. But TCHunt looks for "noise" inside files.
     
  8. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Erased free space is noise, true, as a totally encrypted partition is noise. A file which contains only random data looks suspicious to any forensic analysis, and a tool like tchunt can only speed up the process of finding (some) suspicious files.
    The way TrueCrypt (tries to) offer plausible deniability is through the use of hidden volumes.
     
  9. e4m

    e4m Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    11
    Found all of my TrueCrypt files, but like I said, I'm not worried, I'm not a spy or anything like that.:D
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Truecrypt has always been clear about their definition of Plausible Deniability:

    In case an adversary forces you to reveal your password, TrueCrypt provides and supports two kinds of plausible deniability.

    Hidden volumes (for more information, see the section Hidden Volume).


    It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. However, note that for system encryption, the first drive track contains the (unencrypted) TrueCrypt Boot Loader, which can be easily identified as such (for more information, see the chapter System Encryption). In such cases, plausible deniability can be achieved by creating a hidden operating system (see the section Hidden Operating System).


    With or without TCHunt, TC still meets their definition of plausible deniability. It's about proving.
     
Thread Status:
Not open for further replies.