"Truecrypt is now detectable"

Discussion in 'privacy technology' started by Fontaine, Apr 30, 2009.

Thread Status:
Not open for further replies.
  1. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Not saying I believe; just reporting the news.



    http://www.forensicinnovations.com/blog/?p=7
     
  2. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Nothing new.....What do you actually think an investigator is going to think a 1 to 250+ GB file is? Random Data? Just think about it, why would anyone have a file over a Gig just sitting on their machine for?
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    It's not just detectable as an encrypted file, but detectable as a TrueCrypt file. Kinda. It's really no big deal as it can't be proven to be a TC file, it is simply a random file with certain characteristics of a TrueCrypt file (the whole TCHunt thing which is no header, files divisible by 512, etc.).

    Why it's there on your drive is of no consequence and no response is even required. Maybe a corrupted ISO? Result could be a file full of random noise. There's all kinds of answers to the question, but again, none is necessary.

    The key to remember is this: Plausible deniability is all about legal deniability. That is still maintained and Truecrypt is still as reliable as ever, and it certainly doesn't give an attacker a leg up on decrypting the volume. TrueCrypt is solid.
     
  4. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    The idea is that these tools make it easier to locate TrueCrypt containers. Sure, they can't explicitly say "This is a TrueCrypt container" but that doesn't mean the tool is useless.

    If an investigative authority already has a list of passwords you use, there's no harm in them trying those passwords to decrypt the files containing random data you have.

    Additionally, a very large number of users wouldn't bother creating files with random data in them to throw off investigators. Most of the time, any file with completely random data in it could be assumed to be possible encrypted data. We shouldn't assume that everyone who uses encrypted containers knows what they're doing :)

    As Warlockz alluded to, the bigger the file, the less likely it is to be "random" data. You could possibly try and pass it off as a file generated for the purposes of entropy as part of a project or soemthing like that but it'd still draw attention.
     
  5. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    I think most people that are hiding their media collection would need a container that large, but what about someone that has one document to encrypt and uses a 1MB container that previously hid well deep in the operating system?
    This group is saying they have a tool that could sniff that file out.
    Again, not saying I believe it to be effective though..at least until I test it this weekend.
     
  6. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    How does this discovery impact entire system encryption under TrueCrypt? I've read a lot of discussion regarding how this discovery relates to TrueCrypt encrypted containers; however, I'm also curious to hear thoughts on entire system and drive encryption. Thanks.
     
  7. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    When you boot your machine it asks for a password/keyfiles, but I guess it might if your using a Hidden Volume!
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    It's made clear by the developers of this tool that, just like TCHunt, it's only effective in finding suspicious containers (files without headers and all that).
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    LOL detecting headerless encrypted data is nothing new. This is just another guy/company that reinvented the wheel.
     
  10. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Re: system encryption, this isn't really applicable because the tool searches for files. With Truecrypt whole disk encryption, one can customize the login screen so it reads "disk error" with a blinking cursor, or whatever misleading statement to throw off a potential intruder. You would just type in your password where the blinking cursor is. However, there are still ways of examining the boot record to tell Truecrypt is installed..it would just serve as an added layer of deterrence.
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Exactly. The mere knowledge that TrueCrypt is on a system doesn't lessen the security of the application. It's like a bank safe, just because you get somebody to take you to the back room and you get to see the actual safe doesn't mean you are now somehow any closer to being able to crack the safe.
     
  12. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    TCHunt can also detect Truecrypt files, or so they claim, and it is freeware.

    TCHunt:
    -http://16systems.com/TCHunt/index.php
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have TrueCrypt installed on my computer. I have no reason to think that anyone would ever look, but if they saw it installed and saw a truecrypt file, I am pretty sure that they would at least consider that it may be a truecrypt file. But what difference would it make?
     
  14. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    You wouldn't need much to find my TrueCrypt file. It's a 4G file in my TrueCrypt folder. LOL.
     
    Last edited: May 31, 2009
  15. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    As long as nobody can decrypt your container, Who cares if can be found? What does it Matter?
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What if you zipped it? Would it still show? Of course if it's large that wouldn't work.
     
  17. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    Yes it does matter in some countries, in the UK you can be sent to prison for refusing to reveal your password to encrypted data to the authorities.
     
  18. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    They aren't there here in the States - YET!!

    I use PGP free and have several files encrypted. Nothing the Oxygen Thieves in Washington would care about.

    Still, if they came and demanded my password, I'd refuse just to annoy them. Let them take the computer and try to get the 25 digit password, small and capital letters, symbols, numbers. How long would it take? Let them earn their pay.
     
  19. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I had a ISP tec rep come to the house to dianoise some trouble in the line, I have Truecrypt and Tor installed. The Tech wouldn't say anything in front of me, but when he got back to the truck he differently could and would call in and say I think he is trying to hide something he's got Tor and Truecrypt on his computer. To prevent that scenario from happening I deleted the programs till he left the house.
     
  20. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Well that is just based on your assumption that your ISP tech is going to judge you.

    There are more important issues re whether this tool can verify a Truecrypt container or not e.g. if evidence can prove that it is an encrypted container, can you be jailed for not revealing its contents?
     
Loading...
Thread Status:
Not open for further replies.