The purpose was to give them plausible answers to "What is he hidding?". Something that, while it may have social stigma attached would be far less dangerous than showing your hand that you have actually have some secret sauce recipe ala Snowden.
Fact is it's very, very hard to stay cool under intense interrogation. Take it from me. I was trained to STFU and remain cool under interrogation. Nevertheless, when I was in Ecuador I spent a good deal of time hanging out in the muslim quarters of Guayquil. This was about the same time that the Iranian embassador was being accused of illegally using Ecuadorian banks to move money (oil money) in spite of the embargo. I ate lunch with the guy (and many other folks). Long story short, the US Gov has a bunch of TLA operating in that area. INTERPOL is also there for obvious reasons. On re-entry to the states I was pulled into a room where we had a nice long discussion about my experience in finance, computer programming, cryptography etc and the time i spent doing SIGINT years ago. They were very interested in the fact that I was chillin with diplomats, politicians, and pretty much everyone else who would listen to my business plans. Yeah I was lucky to get back into my own country, with my laptop in hand even. Frankly if I had the sheet in front of me they had, I probably wouldn't have let me back in either :) On Fri, Jan 24, 2014 at 4:43 AM, Dan Egli <ddavide...@gmail.com> wrote: > On January 22, 2014, S. Dale Morrey wrote: > > > That's not exactly how it works. > > > Truecrypt functions by hiding AES encrypted data in the "unwritten" areas > > > of a hard drive, i.e. the free space. > > > There can be multiple volumes and each password simply unlocks a > different > > > volume. But it's not the same blocks being used to store different data. > > > > This is exactly what I figured. Still, it was worth asking. :) Check out > what the computer guy does in the "Left Behind" series. Completely > impossible encryption, but a good story if you don't mind a story that is > not only heavily christian, but was BASED on christian teachings. To those > who are not christian, it may be offensive. Sorry to you folks. :S > > > > > If you were smart you would have 3 or 4 > > > volumes containing various levels of sensitive info (since they will > assume > > > if you have secured tax records, you probably do have other secret > > > volumes). > > > > Interesting idea. Can TrueCrypt support that many volumes? I haven't > actually looked at the program myself, only what was in the Maximum PC > article, and it didn't mention anything but two passwords. > > > > > That's when you break down, admit you have > > > a fetish and give them to password to the volume containing goatse or > > > someother shocking (but legal) porn. > > > > I'll leave the porn out of it, thanks. I've seen too much of what trying to > hide porn does to a person. My main concern was for privileged information > from clients, and possibly things like source code written to custom > programs (non-open source) that my company(s) might use at some time in the > future. Still, very interesting info. Thanks! > --- Dan > > > On Wed, Jan 22, 2014 at 3:30 PM, S. Dale Morrey <sdalemor...@gmail.com > >wrote: > > > That's not exactly how it works. > > > > Truecrypt functions by hiding AES encrypted data in the "unwritten" areas > > of a hard drive. i.e. the free space. > > There can be multiple volumes and each password simply unlocks a > different > > volume. But it's not the same blocks being used to store different data. > > It's different blocks, different data. Truecrypt just doesn't specify to > > anyone that there are multiple hidden volumes or not. This gives you > > plausible deniability. > > > > For instance imagine you had managed to pull a snowden. > > > > You cross customs, they inspect your laptop and notice you have truecrypt > > installed. > > They can make you cough up your password. So you give them the password > for > > the volume that contains data that might feasibly need to be secure (such > > as tax records), and just don't say anything about your other hidden > volume > > full of secret sauce recipes. If you were smart you would have 3 or 4 > > volumes containing various levels of sensitive info (since they will > assume > > if you have secured tax records, you probably do have other secret > > volumes). So you keep the super secret stuff to yourself, and divulge a > > couple of passwords for data that has a reasonable need to be secure. > > Eventually they're going to push you hard and claim you have something > > else hidden and if you don't cough it up then they will keep you and your > > laptop until the sun burns out. Thats when you break down, admit you > have > > a fetish and give them to password to the volume containing goatse or > > someother shocking (but legal) porn. > > > > > > Whatever you do, never, ever admit that you have actual secret sauce > > recipes, let alone a password to them. > > > > > > On Wed, Jan 22, 2014 at 2:49 AM, Dan Egli <ddavide...@gmail.com> wrote: > > > > > On January 20, 2013, Michael Torrie wrote: > > > > > > > Trucrypt is open source, and it's available on Linux. Not sure what > it > > > > > > > has to to with Acronis. But anyway, currently Trucrypt is available > on > > > > > > > Linux, OS X, and Windows from their website, trucrypt.org. > > > > > > > > > > > > I'll have to compare that to the article. I _THINK_, off my head, the > > > article used a program called Trucrpyt (notice the lack of an E in > > Tru[e]), > > > which was written by Acronis, but I could easily be getting things > mixed > > up > > > in my head. I'll go back and dig through my magazines and see if I > can't > > > find that article, then compare the program name. If you know, does > > > TrueCrypt (open source version) support the advanced volumes that > > represent > > > two different sets of encrypted data, based on which password was > > entered? > > > That was the feature that really struck me. I had read about that in > > > fictional books, but figured it was author imagination. I know that > some > > of > > > the other things I've read about are, but I didn't realize you could > have > > > two volumes each with their own password in one > file/partition/whatever. > > > Unless (and this wasn't clear) by doing this you setup a volume that > has > > a > > > tiny fraction of the total size for the first password and the second > > > password gives the remaining space. > > > > > > > > > > > > Now, maybe I'm wrong, but I don't think there's a way to have two > > separate > > > sets of encrypted data using the same space on the disk, decoded > > > differently based on password. What little I know about how encryption > > > works says to me that doing that would not be possible. Anyone know > > enough > > > to say I'm wrong? > > > > > > > > > > > > --- Dan > > > > > > > > > On Mon, Jan 20, 2014 at 9:19 PM, Michael Torrie <torr...@gmail.com> > > wrote: > > > > > > > On 01/20/2014 01:17 AM, Dan Egli wrote: > > > > > I was re-reading an issue of Maximum PC from a couple months ago > and > > I > > > > got > > > > > to an article they gave on how to setup a protected volume using > > > Acronis > > > > > TrueCrypt. That started me thinking of similar utilities on Linux. > I > > > know > > > > > there's eCryptFS. What other packages are you aware of that would > > allow > > > > one > > > > > to create an encrypted file system? And do any of them have that > > > advanced > > > > > feature that TrueCrypt has where you can create a volume with two > > > > > passwords, and one password opens one set of files, while the other > > > opens > > > > > another set of files? The thing I really liked and thought it was > > cool > > > > was > > > > > that if you did use one of the advanced volumes, there was no way > to > > > see > > > > > (short of digging heavily into the program logic as it examines the > > > > volume) > > > > > that it was actually one of those advanced volumes and therefore > > would > > > > have > > > > > a separate password. This seemed like such a cool feature, that I > > just > > > > > can't see it or something similar not being available in some > > > Linux/Open > > > > > Source package. > > > > > > > > > > Does anyone know? I'm dying of curiosity! :) > > > > > > > > Truecrypt is open source, and it's available on Linux. Not sure what > > it > > > > has to do with Acronis. But anyway, currently Truecrypt is available > > on > > > > Linux, OS X, and Windows from their website, truecrypt.org. > > > > > > > > eCryptFS was originally authored by one of our own plug alumni, > Michael > > > > Halcrow. Just FYI. > > > > > > > > In Linux there's a system called dm-crypt which can do whole-disk > > > > encryption using a variety of means, most often (on Android in > > > > particular) using LUKS for the disk format and any number of actual > > > > crytographic algorithms. > > > > > > > > /* > > > > PLUG: http://plug.org, #utah on irc.freenode.net > > > > Unsubscribe: http://plug.org/mailman/options/plug > > > > Don't fear the penguin. > > > > */ > > > > > > > > > > /* > > > PLUG: http://plug.org, #utah on irc.freenode.net > > > Unsubscribe: http://plug.org/mailman/options/plug > > > Don't fear the penguin. > > > */ > > > > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
