Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)
Yeah, that's why TrueCrypt's ability to hide the volume on a device is so awesome. The idea is, people don't realize anything is even there to BE encrypted. One thing I was reading about with regard to plausible deniability is to hide your volumes inside of other files. For example, I have a jump drive that just happens to have a redist copy of DirectX on it. In there, I tossed a new file that is named similarly to the other files and is similar in size. If someone were to check the drive, it would appear to just be a binary file in the DirectX software. It is, in fact, and encrypted volume that I use to store my passwords (as encrypted with Password Gorilla). The only trick, then, is to change the date of the volume back to the date of all the other files whenever it is changed. The idea being that I can deny that there's anything of interest I know about on the drive, and it's plausible because it looks like it's just a copy of DirectX. along with a bunch of other drivers and freeware tools for fixing windoze boxes. It's there, hiding in plain sight. Just my 2 cents. -Joe Jim March wrote: On Fri, May 1, 2009 at 1:52 PM, Mike Schwartz mike.l.schwa...@gmail.com wrote: Oh, so *** that's *** what the phrase rubber hose decryption means; in some previous post (probably recently - in the parent thread?) that phrase was used but I thought maybe it was some FOSS tool that I was not familiar with. Heh. Yeah, as ghastly as the topic may be, the plain fact is that passwords stored in your personal wetware are vulnerable to that particular security hole. Security and encryption discussions have to encompass the full threat, and that's definitely one of 'em. It's even been discussed on XKCD: http://xkcd.com/538/ Jim --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)
On Fri, May 1, 2009 at 1:52 PM, Mike Schwartz mike.l.schwa...@gmail.com wrote: Oh, so *** that's *** what the phrase rubber hose decryption means; in some previous post (probably recently - in the parent thread?) that phrase was used but I thought maybe it was some FOSS tool that I was not familiar with. Heh. Yeah, as ghastly as the topic may be, the plain fact is that passwords stored in your personal wetware are vulnerable to that particular security hole. Security and encryption discussions have to encompass the full threat, and that's definitely one of 'em. It's even been discussed on XKCD: http://xkcd.com/538/ Jim --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)
I made the file, I didn't overwrite an existing one. Yes, it's possible to find the file, but it's hard to figure out what it is (since TrueCrypt leaves no headers although the topic the thread WAS detection). The idea, more than anything, is that I can say I have no idea what the extra file is. Plausible deniability. -Joe Judd Pickell wrote: Wouldn't one problem with your plan be is that the file size would be different? Of course that would only matter if the person looking knew the typical size, or the software checking the drive wasn't doing file size checks on known files. Gotta wonder what Anti-virus software would make of the file? Particularly software that did sig checks with known application binaries. Sincerely, Judd --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)
On Fri, 1 May 2009, Joe wrote: I made the file, I didn't overwrite an existing one. Yes, it's possible to find the file, but it's hard to figure out what it is (since TrueCrypt leaves no headers although the topic the thread WAS detection). The idea, more than anything, is that I can say I have no idea what the extra file is. Plausible deniability. Except when they don't believe you and break out the hose. -- Bob Holtzman Bother, said Pooh, as he chambered another round... --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
