Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)

2009-05-01 Thread Joe
Yeah, that's why TrueCrypt's ability to hide the volume on a device is
so awesome. The idea is, people don't realize anything is even there to
BE encrypted.

One thing I was reading about with regard to plausible deniability is to
hide your volumes inside of other files. For example, I have a jump
drive that just happens to have a redist copy of DirectX on it. In
there, I tossed a new file that is named similarly to the other files
and is similar in size. If someone were to check the drive, it would
appear to just be a binary file in the DirectX software. It is, in fact,
and encrypted volume that I use to store my passwords (as encrypted with
Password Gorilla).

The only trick, then, is to change the date of the volume back to the
date of all the other files whenever it is changed.

The idea being that I can deny that there's anything of interest I know
about on the drive, and it's plausible because it looks like it's just a
copy of DirectX. along with a bunch of other drivers and freeware
tools for fixing windoze boxes. It's there, hiding in plain sight.

Just my 2 cents.

-Joe

Jim March wrote:
 On Fri, May 1, 2009 at 1:52 PM, Mike Schwartz mike.l.schwa...@gmail.com 
 wrote:
 Oh, so *** that's *** what the phrase rubber hose decryption means;
 in some previous post (probably recently - in the parent thread?) that
 phrase was used but I thought maybe it was some FOSS tool that I was not
 familiar with.
 
 Heh.
 
 Yeah, as ghastly as the topic may be, the plain fact is that passwords
 stored in your personal wetware are vulnerable to that particular
 security hole.
 
 Security and encryption discussions have to encompass the full threat,
 and that's definitely one of 'em.
 
 It's even been discussed on XKCD:
 
 http://xkcd.com/538/
 
 Jim
 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)

2009-05-01 Thread Jim March
On Fri, May 1, 2009 at 1:52 PM, Mike Schwartz mike.l.schwa...@gmail.com wrote:
 Oh, so *** that's *** what the phrase rubber hose decryption means;
 in some previous post (probably recently - in the parent thread?) that
 phrase was used but I thought maybe it was some FOSS tool that I was not
 familiar with.

Heh.

Yeah, as ghastly as the topic may be, the plain fact is that passwords
stored in your personal wetware are vulnerable to that particular
security hole.

Security and encryption discussions have to encompass the full threat,
and that's definitely one of 'em.

It's even been discussed on XKCD:

http://xkcd.com/538/

Jim
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)

2009-05-01 Thread Joe
I made the file, I didn't overwrite an existing one. Yes, it's possible
to find the file, but it's hard to figure out what it is (since
TrueCrypt leaves no headers although the topic the thread WAS
detection).

The idea, more than anything, is that I can say I have no idea what the
extra file is. Plausible deniability.

-Joe

Judd Pickell wrote:
 Wouldn't one problem with your plan be is that the file size would be
 different? Of course that would only matter if the person looking knew the
 typical size, or the software checking the drive wasn't doing file size
 checks on known files. Gotta wonder what Anti-virus software would make of
 the file? Particularly software that did sig checks with known application
 binaries.
 
 Sincerely,
 Judd
 
 
 
 
 
 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Re: OT: enhanced interrogation (was: Re: HackFest Series: TrueCrypt is Now Detectable)

2009-05-01 Thread Robert Holtzman
On Fri, 1 May 2009, Joe wrote:

 I made the file, I didn't overwrite an existing one. Yes, it's possible
 to find the file, but it's hard to figure out what it is (since
 TrueCrypt leaves no headers although the topic the thread WAS
 detection).

 The idea, more than anything, is that I can say I have no idea what the
 extra file is. Plausible deniability.

Except when they don't believe you and break out the hose.

-- 
Bob Holtzman
Bother, said Pooh, as he chambered another round...
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss