TrueCrypt hidden volumes, how do you know?

What would you recommend?

 

I don't have any specific application in mind, other than a hypothetical, if I had files I didn't want somebody to find if they seized my computer, how would I do it. Last time I installed TrueCrypt on my laptop I had the program on the computer and the volume on a flash drive. But I was thinking, then if somebody was looking for something they would be looking for a TrueCrypt volume. So I thought is would be better to hide the existence of TrueCrypt.

I like the suggestion that you install TrueCrypt, make a TC volume on the hard disk to show that there is one, and put any "special" data on an external drive. If the "special" data is not too large you could also store it on an FTP server and get it when you need it and wipe it when you're done I guess.

 

I think he means you're screwed if you go up against them, regardless of what you use.

If you're concerned about backdoors, then there's nothing better than TrueCrypt (because of the full source code release).

 

I'm still not 100% sure what your threat model is. Most of what you say makes it seem like you're protecting against a casual observer. In that case you're talking about much lower standards than hiding something from a competent forensic examiner. But then I re-read what you said, and you used the word "seized", which now makes me think your adversary might be someone with greater skill and authority.

If it's just a casual observer you're concerned about, then you probably don't need to hide the existence of TrueCrypt. And if you do, you probably don't need to worry about every last trace. Your standards don't have to be all that high, and a little sloppiness probably won't hurt.

If it's an adversary who has resources, then you might have to up your game. If you really want to hide the existence of TrueCrypt from a skilled adversary, you've got your work cut out for you. It's not easy at all. Sloppiness could definitely be a problem.

So, you should define your threat model. If you have multiple threats, then you should prepare for the one with the greatest skill.

If you're going to install TC and create a volume, why not just use the hidden volume and/or hidden OS feature. You get no advantage by placing the sensitive data "externally" (unless you're planning to follow LockBox's suggestion and disclose both an outer and hidden volume just so no one will have any doubt ). If you plan to install TC (and not hide its presence), then you might as well go with a hidden OS. It takes care of all potential leaks from the operating system.

This statement here also makes me think your adversary has some skill and authority. You might want to try the TC forums if you're serious about these questions.

 

I don't have anything illegal on my computer, I put truecrypt on my computer to put data I don't necessarily want people to see, somewhere where they can't see it. That's easily done. Otherwise, my interest is primarily academic. If at some point I had to provide a solution to somebody who wanted protection against government level authorities uncovering certain data, I would really tighten up my game, as you say.

I haven't dug that deeply into true crypt, so maybe that is why my strategies sound sloppy. I like obfuscation, so Lockbox's solution along with another external volume that has the real "special data" sounds very interesting. I wouldn't put a note in the hidden volume, I would put some (adult) porn or internet dating photos in there. Anything I might have a reason to hide.

 

Just to be clear, I wasn't talking about you being sloppy. I meant that if the drive was being examined by any random person (e.g. spouse, boss, etc.), you could afford to be a little sloppy. If your adversary were a trained forensic examiner, then you would have to up your game (when compared to your level of preparation for the former).

I wasn't implying you were doing anything illegal. Also, illegal doesn't necessarily mean wrong. Different countries have wacky definitions of what's legal and what's not. Illegal only means violating the arbitrary laws of some country. It's not my place to judge.

 

I didn't take it in any bad way!

 

Thank you for finally saying something that I really wish I'd brought up before on here.

The problem is that NO PRNG produces a perfectly random output, and so it follows, that no two algorithms produce cyphertext with exactly the same entropy. With enough bytes of output from any two algorithms, it will always be possible to distinguish them. The question is just how many bytes are "enough", and I have a bad feeling that the answer may end up coming as a shock to people considering how hundred GB - multi-TB volumes have become commonplace over the last few years. Remember that these algorithms were developed in the days when a few tens of gigabytes was considered a very large volume of data.

I was actually banned from Truecrypt's forums back in '07 after making a topic about this and my emails to the developers remain unanswered to this day. My worries were actually for a different situations (hiding a hidden volume in a non-encrypted partition, using DBAN as a cover - the Mersenne Twister in particular bothered me), but the same issue applies here. Theoretically, in a 2 terabyte colume encrypted with Blowfish, containing a 1 terabyte hidden volume encrypted with blowfish, what would an entropy analysis of the first and second halves yield?

 

See my signature

 

My problem with the whole "cryptographically secure" and "statistically random" issue is that there doesn't appear to be any proof. It requires testing to prove it. But my real problem with it is that not many people understand that and simply view it as magic. But, to be honest, if you can prove a hidden volume exists using this method, then you've found a way to detect the ciphertext of one of the ciphers. So, you can detect the ciphertext of that particular cipher no matter where it may be. Thankfully, that doesn't seem to be very likely to happen any time soon.

From my understanding, there are some mitigating factors. The first is that I don't believe any of the well-known ciphers have ever had problems with statistical testing (correct me if I'm wrong), not even old ones like DES. The second is that the plaintext itself is a big factor in the ciphertext you obtain. If detecting one of these ciphers alone is so difficult (if not impossible), then how much more difficult is it if you cascade ciphers. If you take the ciphertext from AES then use that as the plaintext for Twofish, you've likely reached the point where it's not humanly possible to find any statistical anomaly. For all the talk about reasons to use or not to use cascades, this is actually my favorite reason (and one that I've never seen discussed).

The third mitigating factor is that you can always create a hidden volume with the exact same algorithms as the outer volume. Even if you can prove that the ciphertext was created by a certain cipher, you can't prove that there's a hidden volume. The headers themselves would likely be too small to interfere with this.

Of course, even if TrueCrypt's output is perfectly random but you find a problem with the output of wiping programs like DBAN (specifically ISAAC), then it doesn't really matter much if TrueCrypt is perfectly random. If you can't find any other program that can do what TrueCrypt does, then you have a problem. And this problem would clearly be caused not by TrueCrypt but by the lack of other good programs that can produce cryptographically secure data.

It's good to see someone else interested in this. I personally try to choose my words carefully when talking about this because TrueCrypt is still my favorite. I don't want it to seem like I'm criticizing them rather than trying to improve my understanding. I believe I was probably the first person to ever talk about this stuff on the TrueCrypt forums, but I always went out of my way to show that I wasn't criticizing them. They are a little jumpy about comments that might seem like excessive criticism.

 

I have a friend who got his computer seized in a police raid. He used two hard drives, one as a Windows partition (unencrypted), and the other one as TC partition. During the investigation they asked him about the second drive, the Police asked:
-"... the whole drive contains random bytes, is this an encrypted partition?"
My friend replied:
"No, this is a new drive that I recently installed, I have not formatted it yet".

They could not prove that it was an encrypted partition.

However he did use some easy tricks when he installed the Truecrypt software on the Windows partition, he first renamed the truecrypt software & driver files to something completely different, and if I remember correctly; he re-compiled them, and of course he did not installed them to a Program folder called "Truecrypt". This was enough, in this case.

 

It's good to know that worked, but new drives don't look like that, at least none that I've ever seen. I wish they did. New drives are either zeroed or have another repeating character (other than zero).

I've always suspected that you don't have to be absolutely perfect in these situations, but it's always best to strive for it.

 

If you bought the drive from someone else, it is reasonable to think that the seller erased the drive before he sold it. If the HDD was new, that is another story.

 

Here's an interesting article on the topic. It's actually a thesis paper.

http://lantana.tenet.res.in/website_files/thesis/MS/sreenivasuluNR_thesis.pdf

 

Hypothetically speaking...

Why not hide in plain sight? I actually made a thread about this that didnt get answered, but this seems an appropriate discussion.

Setup: 2 (or more, doesnt matter) partitions. One standard Windows with TC installed in plain view. Create a container (call it whatever you want) and put financial stuff, pr0n, whatever into it. Encrypt the second partition fully with no hidden container. Put sensitive data in that.

Now, should the computer be seized, simply unencrypt your container, let them see your checking statements, etc. If asked about the partition, simply say you are thinking of dual booting Linux, and you wiped that partition in anticipation of using it for Linux. Of course in this case you should have a copy of DBAN and a few Linux live CD's laying around for supporting evidence.

Now, the OP brings up an interesting topic here. Should said PC get to the higher level of 3 lettered agency, they could say the random pattern on said partition doesnt match output from, say, DBAN. Therein would lie the problem.

 

I am confused about something concerning decrypting hard drives. I saw Michael Chertoff on TV once talking about seizing laptops at the border. He nonchalantly stated that if the laptop was encrypted and they refused to open it, they would take the laptop and decrypt it. He said this with such a casual, matter of fact tone of voice that I assumed that they can do this with no problem. He sure seemed to think so anyway.

But then someone here posted a story about some guy who was accused of having child porn on his laptop at an airport. He was ordered to decrypt it but refused. The last I heard this they were going back and forth about this in court. So what confuses me is, if they can decrypt a laptop, why didn't they decrypt the child porn guy's laptop? Or do they save that technique for terrorists only?

 

I have been thinking about this discussion a little. Someone mentioned hiding the fact that truecrypt was used. What if you never installed truecrpt on the computer?.....using it from a USB stick only. Then activate Returnil, connect your USB stick, create your folder, move it, restart your computer and then put the truecrypt folder in a photo album with a bunch of pictures for storage. And give it a .jpg or .gif ext. Maybe put it in a folder with a bunch of random animated gifs, and videos, walpapers, audio boooks, and music etc... If you only opened it with Returnil activated, would there be any trace that truecrpt was used? Just a thought.

You could also create a free mediafire acct. and upload it for storage. If you created a Mediafire acct using a good VPN like xerobank, and never login or download from it unless you're connected, wouldn't that be pretty secure. Or even a special email acct. One that will never be used for anything else. If your TrueCrypt file is too large for the email acct., you could split it with winrar or hjsplit. I use both of those programs for movies and they work great!

Oh....another thought. Say you split the files..., you could temporarily rename them. If they are not named properly, they will not join. You could make them appear to be unassociated.

So how did I do? Was that clever? Or are those old ideas that have been tossed aside ages ago?

 

I just had another interesting thought. A keylogger would be a big problem. Maybe you have one on there and you can't detect it. Or maybe you suspect that one might be there. If Returnil is activated, and you disconnect your internet before you use TrueCrypt, then anything that the keylogger records would be lost whenever you reboot....so nothing would be transmitted because you are not connected to the internet.

 

This topic breaks up a good question:

Can you ever be legally forced to un-encrypt your encrypted data? (E.g Search warrant? Subpoena? Probable cause?)

I mean, is it rare or common for the authorities to force someone to un-encrypt their data? I tried to google cases but it seemed like this was more of a rare tactic used by authorities...

And if so, what is the maximum penalty for not un-encrypting your data? (E.g. obstruction of justice?)

 

Five years of prison if you live in the UK. I expect other countries to follow this practice sooner or later.

 

In the United States, all courts (with one exception, but reversal is widely expected) have ruled that LE or any prosecuting agency cannot force anyone to reveal a password that may incriminate them in any way (a violation of the Fifth Amendment to the Constitution). One day, though it may be many years, this will surely end up in the Supreme Court.

For those of you from outside the USA, the Fifth Amendment reads (with relevant portion bolded):

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
http://finduslaw.com/us_constitution_5th_and_14th_amendments#1