Discussion:
truecrypt access claimed?
(too old to reply)
l***@faraway.com
2010-05-15 14:02:58 UTC
Permalink
Raw Message
interesting claim: http://www.net-security.org/secworld.php?id=9077
nemo_outis
2010-05-15 17:38:02 UTC
Permalink
Raw Message
Post by l***@faraway.com
http://www.net-security.org/secworld.php?id=9077
Here's what I posted on the same issue on alt.privacy on
April 20 and to sci.crypt on April 9.


alt.privacy April 20
*************


Old news - and factually wrong to boot (although that's the
reporter's fault not the poster's).

As I posted about this matter in sci.crypt on April 9, this
is just a retread of metlstorm's old firewire attack demo'ed
at Ruxcon 2006.

It's not an attack on Truecrypt (which only protects memory
at rest) it's just an easy bypass of weak keyboard lockout
mechanisms.

Regards,


sci.crypt April 9:
************

Matt Mahoney <***@yahoo.com> wrote in
news:323624e9-3a21-4a5d-
Post by l***@faraway.com
http://www.storagenewsletter.com/news/security/passware-kit-
forensic
Any idea how this works?
Yep, the reference cited above explains how (well, drops a
strong hint) in its third paragraph:

"In response to customer requests, especially from law
enforcement organizations, Passware has enhanced Passware Kit
Forensic to allow for memory acquisition of a seized computer
over FireWire port, even if the computer is locked. When a
target computer is seized and turned on with the encryption
disk accessible, the software scans its memory image and
extracts the encryption keys, so law enforcement personnel
can access the stored data."

IOW it's the straightforward Firewire DMA attack (metlstorm
gets the credit) that I wrote about here years ago (Feb 2008
and earlier) - probably "tarted up" with a better interface.
Moreover, this is NOT a true attack against Truecrypt (or any
similar program) since those programs are designed to protect
data "at rest" (i.e., unmounted) and NOT while the key is in
memory on a running machine. (It's really just an attack on
the rather weak keyboard lockout mechanism, not on
Truecrypt).

Memory is then harvested and the key is found therein (some
programming required but nothing tricky).

Regards,

PS Most current attacks against encryption DO NOT try to
break the algorithm (e.g., AES256) or brute force the key;
instead they attempt to crack the password rather than the
key (Most users use passwords much weaker than the endelying
algorithm/key).

Truecrypt (and several similar programs) use a method to
hamper direct attacks on the password - they make the
relationaship between the password and key computationally
expensive. Which is to say the (potential) relationship
between a password and key is not 1:1 but greater (enormously
greater!). Making password cracking computationally
expensive typically involves salts and iterated hashing. It
effectively makes precomputation (rainbow tables, etc.)
unfeasible and leaves no better method than the
near-brute-force method of trying each guessed password to
see if it yields a workable key. This method is pretty slow
and will only work if the user has chosen a short or weak
password (e.g., a word or some simple variant). However, as
said above, enough users do select such weak passwords that
even this slow dictionary attack is often successful. But if
you pick a strong password (or better, passphrase) you're
immune to it.

PPS To avoid the Firewire DMA attack you should disconnect
all Firewire ports (paranoids will put a blob of epoxy over
them on the motherboard). A hardware disconnect is far more
reliable than a software one (e.g., disabling Firewire in the
OS) but even the software disconnect will thwart all but the
most serious adversaries.

There are also some possible USB attacks that use similar
methods to the Firewire attack. Fortunately the USB attacks
are much less powerful and so I'll leave it to your
discretion whether to disable USB on your system (USB is so
convenient as to be virtually a necessity). A software USB
disabler (there are several such programs) may be a
satisfactory compromise. FWIW I disable Firewire (in
hardware) but not USB.
thang ornithorhynchus
2010-05-16 01:07:39 UTC
Permalink
Raw Message
Post by nemo_outis
Post by l***@faraway.com
http://www.net-security.org/secworld.php?id=9077
Here's what I posted on the same issue on alt.privacy on
April 20 and to sci.crypt on April 9.
alt.privacy April 20
*************
Old news - and factually wrong to boot (although that's the
reporter's fault not the poster's).
As I posted about this matter in sci.crypt on April 9, this
is just a retread of metlstorm's old firewire attack demo'ed
at Ruxcon 2006.
It's not an attack on Truecrypt (which only protects memory
at rest) it's just an easy bypass of weak keyboard lockout
mechanisms.
Regards,
************
news:323624e9-3a21-4a5d-
Post by l***@faraway.com
http://www.storagenewsletter.com/news/security/passware-kit-
forensic
Any idea how this works?
Yep, the reference cited above explains how (well, drops a
"In response to customer requests, especially from law
enforcement organizations, Passware has enhanced Passware Kit
Forensic to allow for memory acquisition of a seized computer
over FireWire port, even if the computer is locked. When a
target computer is seized and turned on with the encryption
disk accessible, the software scans its memory image and
extracts the encryption keys, so law enforcement personnel
can access the stored data."
IOW it's the straightforward Firewire DMA attack (metlstorm
gets the credit) that I wrote about here years ago (Feb 2008
and earlier) - probably "tarted up" with a better interface.
Moreover, this is NOT a true attack against Truecrypt (or any
similar program) since those programs are designed to protect
data "at rest" (i.e., unmounted) and NOT while the key is in
memory on a running machine. (It's really just an attack on
the rather weak keyboard lockout mechanism, not on
Truecrypt).
Memory is then harvested and the key is found therein (some
programming required but nothing tricky).
Regards,
PS Most current attacks against encryption DO NOT try to
break the algorithm (e.g., AES256) or brute force the key;
instead they attempt to crack the password rather than the
key (Most users use passwords much weaker than the endelying
algorithm/key).
Truecrypt (and several similar programs) use a method to
hamper direct attacks on the password - they make the
relationaship between the password and key computationally
expensive. Which is to say the (potential) relationship
between a password and key is not 1:1 but greater (enormously
greater!). Making password cracking computationally
expensive typically involves salts and iterated hashing. It
effectively makes precomputation (rainbow tables, etc.)
unfeasible and leaves no better method than the
near-brute-force method of trying each guessed password to
see if it yields a workable key. This method is pretty slow
and will only work if the user has chosen a short or weak
password (e.g., a word or some simple variant). However, as
said above, enough users do select such weak passwords that
even this slow dictionary attack is often successful. But if
you pick a strong password (or better, passphrase) you're
immune to it.
PPS To avoid the Firewire DMA attack you should disconnect
all Firewire ports (paranoids will put a blob of epoxy over
them on the motherboard). A hardware disconnect is far more
reliable than a software one (e.g., disabling Firewire in the
OS) but even the software disconnect will thwart all but the
most serious adversaries.
There are also some possible USB attacks that use similar
methods to the Firewire attack. Fortunately the USB attacks
are much less powerful and so I'll leave it to your
discretion whether to disable USB on your system (USB is so
convenient as to be virtually a necessity). A software USB
disabler (there are several such programs) may be a
satisfactory compromise. FWIW I disable Firewire (in
hardware) but not USB.
This is true, the "attack" is simply picking the password out of
memory. The best method to avoid this is to disable firewire
(IEEE-1394) in BIOS rather than in the OS, which is equivalent to but
preferable to disconnecting the port on the mainboard. This is
because to reset BIOS the adversary needs to reboot the OS thereby
wiping memory.

So far, at least until the advent of practical quantum computing, TC
is unassailable on an unbooted PC.

thang
nemo_outis
2010-05-16 06:07:36 UTC
Permalink
Raw Message
thang ornithorhynchus <***@spitzola.com.org.net> wrote in news:***@4ax.com:

...
Post by thang ornithorhynchus
So far, at least until the advent of practical quantum
computing, TC is unassailable on an unbooted PC.
Yes - **IF** there are no flaws, backdoors, etc. in Truecrypt.

I, for one, am very suspicious of Truecrypt, its two
"anonymous" authors, the "open source" that isn't really open,
the manipulated forum, the closed bug lists, the systematic
purging of early versions from the net, and on and on... While
none of this is proof, it does not inspire trust - certainly it
doesn't in me.

In the words of my dear old Dad, "I wouldn't trust them in a
shithouse with a knife and fork."

YMMV

Regards,
Frank Merlott
2010-05-16 11:11:06 UTC
Permalink
Raw Message
Post by nemo_outis
...
Post by thang ornithorhynchus
So far, at least until the advent of practical quantum
computing, TC is unassailable on an unbooted PC.
Yes - **IF** there are no flaws, backdoors, etc. in Truecrypt.
I, for one, am very suspicious of Truecrypt, its two
"anonymous" authors, the "open source" that isn't really open,
the manipulated forum, the closed bug lists, the systematic
purging of early versions from the net, and on and on... While
none of this is proof, it does not inspire trust - certainly it
doesn't in me.
In the words of my dear old Dad, "I wouldn't trust them in a
shithouse with a knife and fork."
So what full disk encryption product to use then?
nemo_outis
2010-05-16 16:18:24 UTC
Permalink
Raw Message
"Frank Merlott" <***@nomail.com> wrote in news:***@aopenxpc:

...
Post by Frank Merlott
So what full disk encryption product to use then?
The most important thing is NOT to have a single point of
failure, to not have all your eggs in one basket.

Everyone goes on and on about the strength of, say, AES 256: 2
^256! Duh!

But what is the probability/possibility that your disk
encryption software is compromised (backdoor, weak key, fatal
bug, etc.)? Even if that chance is only 1 in a million that's
enormously higher! (1)

So what to do?

I recommend the following main principle: use two different
encryption programs from two different vendors, ideally from
two different jurisdictions, and arguably use a different
crypto algorithm for each. Supplement this with some
housekeeping (which I'll briefly describe in a moment).

In my case the two I've chosen are Bestcrypt and FreeOTFE. I
use Bestcrypt to encrypt the boot/system drive and I use both
for other partitions (Bestcrypt for the partition, FreeOTFE
for a full-size container file inside it).

From a housekeeping POV I move "My Documents," all Temp files,
"Program Files," DLLCache, Pagefile and a whack of other odds
and ends OFF the (singly-encrypted) boot/system partition to
one of the other doubly-encrypted partitions.

I chose Bestcrypt for the outer "whole disk" encrypter partly
because of its excellent features and partly because its
vendor (Jetico) is based in Finland. Finland beats hell out
of the US, for instance, in resisting NSA (or other TLA)
pressure to install backdoors, weaken keys, etc. (although I
do worry that so much of Jetico's sales are to the the US and
similar rogue jurisdictions.)

I chose FreeOTFE for partition/container encryption because
it's very well done, and the practices of Sarah Dean, its
author, inspire confidence. FreeOTFE, besides being an open-
source gem, is relatively obscure and uncommon - this makes me
hope it might be passed over by strongarming TLAs. (In fact,
if FreeOTFE supported boot/system whole-disk encryption I
would use it as the "outer" level.)

Is this inconvenient? Yes, a bit, but not as much as you
might think. As for which two programs to use there are a
large number of choices. For instance, if you want a free
whole-disk encrypter you can use Compusec. Or, commercially,
you could use Drivecrpt for either the outer or inner level.
Or even Truecrypt (spit!) (Incidentally, on a modern
processor the performance hit for even double encryption is
trivial.)

If you are less paranoid (whoops, security-conscious) than I,
you can make this a bit more convenient by not using the
"inner" additional layer of encryption for everything but only
for particularly sensitive information, or for seldom-accessed
archive files, of only for your illegally downloaded DVDs,
etc.

Regards,

(1) If the chance that either of your encryption programs is
backdoored, etc. is 1 in a million, then the chance they both
are is reduced to 1 in a trillion. That is, if the cause of
failure is uncorrelated! (correlation rapidly "poisons" the
"good math"). Ordinary coding bugs should be uncorrelated,
algorithm flaws (for the same algorithm) would be perfectly
correlated, and backdoors could be fairly strongly correlated
(e.g., if the same or related TLAs coerced them).

My personal guesstimates for fatal flaws, backdoors go
something like this: Truecrypt 5%; Bestcrypt 1%; FreeOTFE
0.1%. Yep, I think the chances really are that high! For
instance, what are the chances that any ordinary software has
a "major bug"? - is it way below 1%? Not bloody likely! (It
sure as hell doesn't get down to 1 in a million!) And
encryption software has the additional problem that there can
be a considerable incentive to deliberately insert "bugs"!
(whether from TLA coercion or otherwise)

PS Incidentally, I give very little weight to open-source
versus closed-source - but that's a different debate for some
other day.
Frank Merlott
2010-05-16 17:56:05 UTC
Permalink
Raw Message
Post by nemo_outis
The most important thing is NOT to have a single point of
failure, to not have all your eggs in one basket.
Everyone goes on and on about the strength of, say, AES 256: 2
^256! Duh!
You are right in that, actually AES 256 can be easily bypassed if
the software where it is being used has not been coded correctly.

I doubt very much TLA will attack the algorithm, they will attack the
software
implementation, most likely.
Post by nemo_outis
But what is the probability/possibility that your disk
encryption software is compromised (backdoor, weak key, fatal
bug, etc.)? Even if that chance is only 1 in a million that's
enormously higher! (1)
There is that possibility, but you know, what is the possibility that
TLA is going to tell to the whole World that they can crack TrueCrypt?

Next to none, and that also means that even if they can crack Truecrypt
they will not be using it in Court against you.

There has already been cases where the cops have come across Truecrypt
containers, and in none of them, that I know of, there has been a magic
bullet.

If TLA can crack it, then only five people in the World will know it and
it is not likely they are going to endanger that secret, no matters what.
Post by nemo_outis
So what to do?
I recommend the following main principle: use two different
encryption programs from two different vendors, ideally from
two different jurisdictions, and arguably use a different
crypto algorithm for each. Supplement this with some
housekeeping (which I'll briefly describe in a moment).
In my case the two I've chosen are Bestcrypt and FreeOTFE. I
use Bestcrypt to encrypt the boot/system drive and I use both
for other partitions (Bestcrypt for the partition, FreeOTFE
for a full-size container file inside it).
As far as I know BestCrypt doesnt do whole disk encryption, by this I
mean encryption of the whole OS including Windows.
Post by nemo_outis
From a housekeeping POV I move "My Documents," all Temp files,
"Program Files," DLLCache, Pagefile and a whack of other odds
and ends OFF the (singly-encrypted) boot/system partition to
one of the other doubly-encrypted partitions.
To do all that requires a great deal of Windows knowledge, and there
will always be something you fail to move, such as the Windows
registry.

There will also be traces of opened and closed documents on Windows.

IMO, without encryption of the whole OS, some data will be recovered
no matters what.
Post by nemo_outis
I chose Bestcrypt for the outer "whole disk" encrypter partly
because of its excellent features and partly because its
vendor (Jetico) is based in Finland. Finland beats hell out
of the US, for instance, in resisting NSA (or other TLA)
pressure to install backdoors, weaken keys, etc. (although I
do worry that so much of Jetico's sales are to the the US and
similar rogue jurisdictions.)
I chose FreeOTFE for partition/container encryption because
it's very well done, and the practices of Sarah Dean, its
author, inspire confidence. FreeOTFE, besides being an open-
source gem, is relatively obscure and uncommon - this makes me
hope it might be passed over by strongarming TLAs. (In fact,
if FreeOTFE supported boot/system whole-disk encryption I
would use it as the "outer" level.)
Security through obscurity is no security. When certain software is widely
used it usually means it also has been tested and tried by many more people
and bugs are more likely to be found.

The more eyes and people using certain encryption software, the more likely
that more bugs will be found.

I do like FreeOTFE though, but the fact that is is little used/Known does
not
make to trust more on it.
Post by nemo_outis
Is this inconvenient? Yes, a bit, but not as much as you
might think. As for which two programs to use there are a
large number of choices. For instance, if you want a free
whole-disk encrypter you can use Compusec. Or, commercially,
you could use Drivecrpt for either the outer or inner level.
Or even Truecrypt (spit!) (Incidentally, on a modern
processor the performance hit for even double encryption is
trivial.)
If you are less paranoid (whoops, security-conscious) than I,
you can make this a bit more convenient by not using the
"inner" additional layer of encryption for everything but only
for particularly sensitive information, or for seldom-accessed
archive files, of only for your illegally downloaded DVDs,
etc.
<snip>...<snip>

I would love to be able to use two different full disk encryption software,
for example, truecrypt and DriveCrypt, but this is not possible right now,
only one can be chosen.
nemo_outis
2010-05-16 19:38:29 UTC
Permalink
Raw Message
Post by Frank Merlott
I doubt very much TLA will attack the algorithm, they will
attack the software
implementation, most likely.
Agreed. Or the password (which for most folks is far, far
weaker than the algorithm). Or will use alternate methods
(video, keyloggers, rubber-hose, side channels such as CPU
draw, power line, tempest, etc.)
Post by Frank Merlott
But what is the probability/possibility that your disk
Post by nemo_outis
encryption software is compromised (backdoor, weak key,
fatal bug, etc.)? Even if that chance is only 1 in a
million that's enormously higher! (1)
There is that possibility, but you know, what is the
possibility that TLA is going to tell to the whole World
that they can crack TrueCrypt?
Next to none, and that also means that even if they can
crack Truecrypt they will not be using it in Court against
you.
There has already been cases where the cops have come
across Truecrypt containers, and in none of them, that I
know of, there has been a magic bullet.
If TLA can crack it, then only five people in the World
will know it and it is not likely they are going to
endanger that secret, no matters what.
This argument has been frequently raised before but I don't
buy it (or rather, I buy it in only partially).

Agreed that a TLA will not likely disclose its powers to mere
LEAs (law enforcement agencies) except (and even then just
possibly) for the most serious crimes. Or at least - and
here's the rub! - will not *admit or appear* to do so.

But a crafty TLA does have alternatives to disclosing its
capabilities. And similar strategies are currently widely
used in analogous LEA situations: for example, to not burn
informers or plants. One example of the alternatives is this:

If, say, a TLA does have "extraordinary capabilities" (e.g.,
crack the algo, backdoor, etc.) then the TLA decrypts the
info. Subsequently the TLA could do any of a number of
things:

1) It uses the decrypted info to look for *alternative
sources* to corroborate the data it has found. This process
is widely used today in analogous LEA situations (e.g.,
following an illegal search, since the search itself cannot be
used as evidence)

2) It claims to have "broken the password" of the suspect, or
to have used video cams (even though they weren't present),
etc, etc. (The strenuous assertions of the "suspect" to the
contrary are likely to carry little weight with anyone.)

In short, even if a TLA can decrypt a drive and that was done,
it has a significant number of *plausible alternative
explanations* for how it did it - explanations that will not
call, say, AES or Truecrypt into doubt or disclose that the
TLA has "extraordinary capabilities."

There is a further, more distant, problem as well. It is
conceivable that, say, as a result of a *very high profile
case* (e.g., Osama is caught and his computer seized -
assuming he has one) it may come out, say, that a TLA really
*has backdoored* Truecrypt. Subsequently that restricted
capability would be widely distributed to LEAs etc.

Anyone whose drive and been previously seized/imaged (but
which could not previously be cracked) is now dead meat!

Unless he has used my two-level scheme!
Post by Frank Merlott
As far as I know BestCrypt doesnt do whole disk encryption,
by this I mean encryption of the whole OS including
Windows.
Yes, Bestcrypt's "Volume Encryption" product *does* have this
capability. In fact, it is the best in the industry
(extending to Raid, spanned volumes, mount points, etc.).
You're thinking of the other, older Bestcrypt program (still
available) which, like FreeOTFE, can only do
partitions/containers.
Post by Frank Merlott
Post by nemo_outis
From a housekeeping POV I move "My Documents," all Temp
files, "Program Files," DLLCache, Pagefile and a whack of
other odds and ends OFF the (singly-encrypted) boot/system
partition to one of the other doubly-encrypted partitions.
To do all that requires a great deal of Windows knowledge,
and there will always be something you fail to move, such
as the Windows registry.
Yes. Although, remember, you must "penetrate" through one full
level of whole-disk encryption program to get there, and when
you do get there all you have is meta-data, not data (which
files were opened when, etc.)
Post by Frank Merlott
There will also be traces of opened and closed documents on
Windows.
IMO, without encryption of the whole OS, some data will be
recovered no matters what.
Which is why I posted my alternative two-level scheme with
virtual machine running a second OS!
The first OS can only leak, at worst, when the second OS was
run (and it's a very manageable degree of scrubbing to
eliminate this small ammount of leakage, as opposed to the
unmanageable very-large-scale scrubbing that is needed for
more broad-based use).

...
Post by Frank Merlott
Post by nemo_outis
I chose FreeOTFE for partition/container encryption
because it's very well done, and the practices of Sarah
Dean, its author, inspire confidence. FreeOTFE, besides
being an open- source gem, is relatively obscure and
uncommon - this makes me hope it might be passed over by
strongarming TLAs. (In fact, if FreeOTFE supported
boot/system whole-disk encryption I would use it as the
"outer" level.)
Security through obscurity is no security. When certain
software is widely used it usually means it also has been
tested and tried by many more people and bugs are more
likely to be found.
First: Fuck Kerchoffs' principle! :-) Or, to be less
inflammatory, I have posted my views previously on limitations
of both the principle and its applicability. But let's pass
on this for the moment.

You have misused the slogan (for that's all it is) "No
security through obscurity" in applying it to FreeOTFE. Ms
Dean's program is amply documented and freely available.

With FreeOTFE we are not talking about obscurity in the sense
of obfuscation or secrecy (i.e., Kerchoffs' meaning), but
obscurity in the sense of not being famous or widely used.

Nor are we relying on that FreeOTFE's so-called "obscurity"
(really: lack of fame) for the inherent strength of the
program. Instead we are talking about its ubiquitous use (or
lack thereof) as an *incentive* for a TLA to compromise it.
And there can be little doubt that FreeOTFE would be a less
attractive target for a TLA to try to compromise than, say,
Truecrypt (not to mention that Truecrypt's practices more
readily lend themselves to such manipulation).
Post by Frank Merlott
The more eyes and people using certain encryption software,
the more likely that more bugs will be found.
Ah yes, the "many eyes" argument.

It's utter cark. (Or, to apply the emendation applying to the
second edition of "Hitchhiker's Guide to the Galaxy," it's
MOSTLY utter cark :-)

Many users *could* have some value in disclosing a "high-
profile" but ordinary bug (in short, an implementation flaw).
But ordinary users, no matter how numerous, have exactly zero
value in discovering a well-crafted *deliberate* flaw.

So let's turn from "ordinary users" to "code reviewers." Ross
Anderson (and others) have written why open-source is no
panacea in terms of disclosing ordinary bugs (he didn't even
discuss well-camouflaged deliberate bugs). But, for brevity, I
won't belabor this.

If skilled programmers review source code they will find (some
of) the ordinary bugs. However - and here's yet another rub!
- even very-highly-skilled programmers have *next-to-no
chance* of finding a well-camouflaged crypto bug (such as a
TLA might insert).

Finding crypto bugs, especially ones deliberately crafted by a
skilled adversary (and the NSA is a very skilled adversary)
requires expert mathematical and crypto skills as well as
expert programming skills. Not one person in a million has
these skills! It would take a highly-skilled well-financed
team a lot of effort and resources. I've written at length
about this point elsewhere so I'll leave it here for the
moment.

Instead, I'll cut to the chase. There are NO published code
reviews for Truecrypt (or FreeOTFE). Certainly none by crypto
experts. Zip! Zilch! Nada!

(Oh sure, there have been some papers on the *architecture* of
Truecrypt, etc but nothing systematic on the code. In fact,
Truecrypt's restrictive licence is one factor discouraging
such reviews by, say, skilled academics.)

In short, the "many eyes" argument can be derided as
equivalent to Blanche Dubois' "I have always depended on the
kindness of strangers." With programs such as Truecrypt and
FreeOTFE this can be extended to, "I have always depended on
the kindness of strangers - who are also happen to be crypto
experts."
Post by Frank Merlott
I do like FreeOTFE though, but the fact that is is little
used/Known does not
make to trust more on it.
The fact that FreeOTFE is little known inclines me to believe
that a TLA would not squander its resources on compromising
it. Moreover, a TLA that attempted to compromise all crypto
programs down to this level of celebrity would be severely
risking exposure just by the scale of its operations!

...
Post by Frank Merlott
I would love to be able to use two different full disk
encryption software, for example, truecrypt and DriveCrypt,
but this is not possible right now, only one can be chosen.
Why? It seems like an artificial constraint.

Regards,
nemo_outis
2010-05-16 18:06:44 UTC
Permalink
Raw Message
"nemo_outis" <***@xyz.com> wrote in news:***@69.16.185.250:


Hell, I may as well come clean and divulge more of my tricks :-)

An alternative method of using "two layers of encryption"
employs a virtual machine:

1) Some whole-disk program (Bestcrypt, Truecrypt, etc.) is used
to encrypt the boot/system drive/partition for the first
"native" operating system (OS1) which resides on the hard drive.
It is also used (optional but recommended) to encrypt all other
native partitions/drives.

2) OS1 has one and only one application - a "virtual-machine
runner" such as Vmware, virtualbox, etc.

3) The virtual-machine runner runs a second operating system,
OS2 (which may or may not be the same type as OS1). All real
operations are performed and all data storage is accessed from
this second virtual OS (OS2).

4) OS2 (and the data drives it accesses) may be protected by
the "native encryption" offered by, say, Vmware, or better, by
using a different whole-disk encryption program (Bestcrypt,
Truecrypt, Compusec, etc.) to encrypt OS2 (and its programs,
data, etc.)

The advantage of this method is that registry entries, etc. for
OS1 contain no leakage of useful information (except such minor
aspects as when OS2 was last run). OS2 (including the
boot/system drive is protected by two layers of encryption).

My previous method has the weakness that the boot/system
drive/partition is protected by only one layer of encryption
and, if this is penetrated, leakage in such places as its
registry may disclose significant meta-information about one's
activities.

Regards,

PS While I recommend that data drives/partitions/containers be
protected by *two* levels of encryption you can settle for just
one (e.g., that of used for either the virtual OS or the native
OS)
Frank Merlott
2010-05-17 11:30:59 UTC
Permalink
Raw Message
Post by nemo_outis
Hell, I may as well come clean and divulge more of my tricks :-)
An alternative method of using "two layers of encryption"
I tried the system you are talking about in the past, I had full disk
encryption
of my Windows OS with Truecrypt and a virtual machine of a Linux OS stored
inside
an encrypted container, with PGP.

But I gave up on it because this set up made me lose too much time, such
as entering
two passwords at boot time and waiting for the virtual machine to start, I
also
wanted to save/open documents with Windows applications on my OS1, having
to save them
then reopen, was another time waster.

I decided that it wasn't worth it, it was hampering my pace of work. You
also need a fairly
decent amount of RAM to use a VM and even with that the Virtual OS is
slightly slower.

Now for high security operations I just use a live CD with tor and
Truecrypt, Incognito live
CD is the one I use and my hats off to them.

They would not be able to use BestCrypt or DriveCrypt because those are
closed source commercial products.

I have my own paranoias on TC, there are two things I do not like from
them, the
developers are "anonymous", and they are not making any profit out of it.
This strikes me as odd, but
I think that if we look into all encryption products out there they all
will have something odd.

Open source gives me more peace of mind, I do not have the capability to
look into it, but
the risk of finding a back door (camouflaged as a software vulnerability)
is higher.

I also think that the more people uses Truecrypt, the more possibilities
there are that some
qualified mind will review the source code rather sooner than later, and
TLA knows this.

In fact given to put conspiracy theories at test, if I was a TLA myself I
would be paying off some qualified
mind to go out on the press and say he/she's reviewed Truecrypt and the
software is perfect.

BestCrypt is based in Finland but how do you know those programmers are
good at their job? For all
I know about them they could making up stuff as they go along.They are
also a commercial entity, that
makes them easier to give in to Government bribes and pressures.

There is the possibility of a backdoor in Truecrypt as much as there is
the possibility of
a botched job in BestCrypt.

Another full disk encryption software that I think it is pretty good and
does not have the success
it deserves is DiskCryptor, GPL licensed and with their developers taking
part in the forums.

http://diskcryptor.net/wiki/Main_Page
nemo_outis
2010-05-17 16:52:48 UTC
Permalink
Raw Message
"Frank Merlott" <***@nomail.com> wrote in news:***@aopenxpc:

...
Post by Frank Merlott
Post by nemo_outis
An alternative method of using "two layers of encryption"
I tried the system you are talking about in the past, I had
full disk encryption
of my Windows OS with Truecrypt and a virtual machine of a
Linux OS stored inside
an encrypted container, with PGP.
But I gave up on it because this set up made me lose too
much time, such as entering
two passwords at boot time and waiting for the virtual
machine to start, I also
wanted to save/open documents with Windows applications on
my OS1, having to save them
then reopen, was another time waster.
I decided that it wasn't worth it, it was hampering my pace
of work. You also need a fairly
decent amount of RAM to use a VM and even with that the
Virtual OS is slightly slower.
There is almost always a tradeoff between security and
usability. As with performance and resources, including cost.

However, I suggest that for a properly done setup, the
penalties and costs are very low and quite manageable.

For instance, the cost of installing an additional 4GB of RAM
is only $100 or so. Or, assuming the performance penalty for
each of the three layers (encryption-1, vmware, encryption-2)
is about 5% each (and it's likely less) this can be overcome
by going up one or two steps in processor speed (or mildly
overclocking) - again, a matter of $0 to $100-200. Not much
of a premium for superb security with unimpaired performance.

As for boot time, I think this is largely a false problem.
Whether it takes 1 or 2 minutes to boot for a typical multi-
hour session is irrelevant. But even this can be pared down
significantly (e.g., if the outer OS, the OS1, is a very
lightweight linux distro - it can even live on a CD since it
will be static after initial setup).

The main place that virtual machines fall short is in terms of
graphics performance, as the virtual cards are much lamer than
modern high-end hardware ones. This mostly only matters for
games and some specialized graphics-intensive applications.
Post by Frank Merlott
Now for high security operations I just use a live CD with
tor and Truecrypt, Incognito live
CD is the one I use and my hats off to them.
While conceptually Incognito Live is a good idea, it has two
problems:

1) It is abandonware
2) Even its author admits it has (had!) "multiple serious
vulnerabilities"

http://www.anonymityanywhere.com/incognito/
Post by Frank Merlott
They would not be able to use BestCrypt or DriveCrypt
because those are closed source commercial products.
There are a several ways of implementing whole-disk encryption
for Linux. For instance dm-crypt/cryptsetup/LUKS springs to
mind. Or throw in LVM variants. Some distros, such as
Ubuntu, have special features for plausible deniability, boot
to alternate OS, etc. Or use PGP Whole Disk. Or CheckPoint.
Or...
Post by Frank Merlott
I have my own paranoias on TC, there are two things I do
not like from them, the
developers are "anonymous", and they are not making any
profit out of it. This strikes me as odd, but
I think that if we look into all encryption products out
there they all will have something odd.
I would not be surprised to discover, not just that Truecrypt
had been compromised by the NSA, but that it had been written
by them!
Post by Frank Merlott
Open source gives me more peace of mind, I do not have the
capability to look into it, but
the risk of finding a back door (camouflaged as a software
vulnerability) is higher.
"I do not have the capability to look into it"
(The words of an honest man.)

But yet you trust!
(The words of a gullible man)

You have raised the broad question of trust - whom to trust
and why (or why not). This is a gigantic subject and there
are few clear answers. But this much is certain: open-source
contributes very slightly, if at all.

For instance, I can already buy encryption software that has
been carefully examined by highly-skilled independent third
parties - a crypto product with a FIPS-2 or EAL certification.
And there are quite a few of these.

(You may not trust these independent labs either, but, since
you don't have the skills to vet the software yourself, you're
eventually going to have to trust somebody - maybe a Bruce
Schneier or maybe the "many eyes" crowd. But why should you
trust Bruce?)
Post by Frank Merlott
I also think that the more people uses Truecrypt, the more
possibilities there are that some
qualified mind will review the source code rather sooner
than later, and TLA knows this.
As Samuel Johnson remarked on the a man's second marriage,
"Ah, The triumph of hope over experience."

Wishful thinking strikes me as a poor foundation for security.
Post by Frank Merlott
In fact given to put conspiracy theories at test, if I was
a TLA myself I would be paying off some qualified
mind to go out on the press and say he/she's reviewed
Truecrypt and the software is perfect.
Don't join the NSA - you're not very good at conspiracies :-)

The problem is bigger than that. Open-source, for instance,
can *help* the NSA! - arguably far more than closed-source.

As one example, rather than inserting a backdoor, the NSA
could have dozens of its highly-skilled minions combing
through Truecrypt's code looking for a bug - a fatal bug, an
exploitable flaw! Given the complication of Truecrypt there's
a good likelihood that such fatal bugs exist (they exist in
almost all software of comparable size and complexity).

The NSA can bring more (and better!) resources to bear on
Truecrypt's code than its entire public user base.
Post by Frank Merlott
BestCrypt is based in Finland but how do you know those
programmers are good at their job? For all
I know about them they could making up stuff as they go
along.They are also a commercial entity, that
makes them easier to give in to Government bribes and
pressures.
For all you know, Bruce Schneier is an NSA stooge.

We all know very little and we must all trust very far. How
do you know the next oncoming driver on the road isn't a
homicidal maniac who will deliberately swerve into you?

Trust is a very broad and deep subject.
Post by Frank Merlott
There is the possibility of a backdoor in Truecrypt as much
as there is the possibility of
a botched job in BestCrypt.
So what method do you propose to vet/select security software?
Post by Frank Merlott
Another full disk encryption software that I think it is
pretty good and does not have the success
it deserves is DiskCryptor, GPL licensed and with their
developers taking part in the forums.
http://diskcryptor.net/wiki/Main_Page
Yep, essentially an early fork off Truecrypt (spit!) done by a
lad disgruntled with Truecrypt's "development style."

Regards,


PS But here's the kicker:

Let's say arguendo that Truecrypt is squeaky clean and
flawless. I can still leak the Truecrypt key to the hard disk
WITHOUT COMPROMISING TRUECRYPT IN ANY WAY AND WHILE WRITING
EVERY SINGLE BIT IN FULL COMPLIANCE WITH TRUECRYPT'S CODE.

That's right, no overwriting, no messing with Truecrypt's
scheme, no use of the internet or any lan, no "hidden" areas
on the hard drive, nothing like that. And yet I can still
leak Truecrypt's key to the hard disk!

And the method is simple, not exotic. It would be
extraordinarily easy for, say, the NSA to do. I would be
surprised if they haven't implemented it.
Frank Merlott
2010-05-18 11:39:16 UTC
Permalink
Raw Message
Post by nemo_outis
We all know very little and we must all trust very far. How
do you know the next oncoming driver on the road isn't a
homicidal maniac who will deliberately swerve into you?
Trust is a very broad and deep subject.
Post by Frank Merlott
There is the possibility of a backdoor in Truecrypt as much
as there is the possibility of a botched job in BestCrypt.
So what method do you propose to vet/select security software?
My method is to trust the experts, people whom I believe to be independent
from the NSA and commercial interests and spend their lives studying the
subject.

Deciding who "the experts" are, is very much a subjective opinion open to
debate.

I do trust Mr Bruce Schenier, after reading some of his books I am
convinced this
guy knows the stuff and my gut instinct (reading his interviews,speeches
etc) tells
me he is not working for higher powers, other than British Telecom.

I trust other people around at sci.crypt and wildersecurityforums, I
developed that
trust after reading their posts and their knowledge in the subject. I also
trust some
websites, depending on who writes the articles, I like linux-magazine.com
they have
Unix related security articles sometimes.

I then take everyone I trust, the posts they have written, other data on
websites, I research
the subject, Google it, read more about it, DOUBLE CHECK all the facts of
people I trust, and
form my own opinion, in fact, experts never agree with themselves there
isn't an absolute
point of view.

I also take into account what people who cares about security is using,
the Ministry of Defence
in the UK uses PGP full disk encryption for their laptops I believe, I
read it somewhere quite
a while ago.

With all I know and researched, I decided this:

1) Encryption source must be open to review (I got the impression that
most cryptographers
I trust agree with this)

2) Encryption must use a standard algorithm properly reviewed (AES)
(reason is the same as above)

3) Encryption software must be in active development (vulnerabilities can
come up at any time, I want a patch)

4) Encryption software has been already tested at the hands of LEA (they
have arrested someone using
it and could not crack the encryption ie guy walked away)

5) Usability & price.

There are two products I know of that fulfil the requirements set by me:

1- Truecrypt

2- PGP

I find PGP out of my budget, so I go for Truecrypt, I like DiskCryptor but
I do not think it has been tested
yet at the hands of LEA, it needs more users for this, but I have already
read about cases of people caught using
Truecrypt to store data that LEA wanted access to, and they never succeed
in breaking in. Same goes for PGP.

I just don't want to be the test case, I rather someone else is.
nemo_outis
2010-05-18 19:40:44 UTC
Permalink
Raw Message
"Frank Merlott" <***@nomail.com> wrote in news:***@aopenxpc:

...
Post by Frank Merlott
Post by nemo_outis
So what method do you propose to vet/select security
software?
My method is to trust the experts, people whom I believe to
be independent
from the NSA and commercial interests and spend their
lives studying the
subject.
Deciding who "the experts" are, is very much a subjective
opinion open to debate.
Just so. Your method is pretty reasonable given the
constraints we all face, but as you obviously recognize (and
such phrases of yours as "gut feel" amply confirm) your method
is pretty subjective. And just as obviously, others could
well favor a different but arguably equally defensible
process.

Nothing wrong with that - in many areas of life decisions come
down to a matter of judgment especially when the "hard
evidence" is more sparse and vague than we would like.

But, given your method, what is your confidence level in it?
Or more specifically, what is your level of *doubt* regarding
it? What is your assessment of the chance that your selection
(s) are wrong and do, in fact, contain a fatal bug, backdoor,
weak key, etc.? 1 in 10? 1 in 100? 1 in 1000? 1 in a million?

And how do you propose minimizing your exposure to those
residual risks?

My answer to that question is to use two (or even more) levels
of encryption from sources which, in my judgment, are likely
not to share common sources of failure (such as susceptibility
to pressure from the same TLA).

If each of my choices has a 1:1000 chance of failure then
their (uncorrelated) joint use only has a 1:1000000 chance of
failure.

In short, I don't just make my "best choice" and rely
exclusively on it. Instead **I explicitly recognize my
ignorance and the weaknesses of the assessment methods I must
use.**

So I propose a method to at least partially compensate for the
fact that deciding which crypto software to trust is a
difficult problem with weak hard evidence. So I try to
compensate for risk and uncertainty rather than pick just one
"prime candidate" and then rely entirely on it. Using two
*independent* nested crypto programs is my answer to the
problem of the unavoidable residual ignorance and doubt of
assessing crypto software.


... snip other interesting points, some of which I agree with
and others which I don't ...

Regards,


PS My main reason for preferring open-source crypto software
(where possible) has very little to do with the availability
of the source code (e.g., I think such code is very seldom
scrutinized by sufficiently skilled reviewers).

Instead it has much more to do with the *process* of producing
such crypto code. And here I would favor an "open process"
whereby many folks can join the team and participate in the
code's development. Not necessarily because this results in
higher quality code (there is the "too many cooks..." problem)
but because an open process makes it much harder for, say, a
TLA to corrupt the group without exposure.

So I'm a big fan of "open process" but much less enthusiastic
about "open source" for crypto code (non-crypto code is a
different matter). Sadly however, few crypto programs use an
open process.

The other thing I favor besides open source is "open review."
rather than just relying on the "user community" or interested
academics to review the source code (typically on an ad hoc
unstructured basis). I would like to see the "review team" be
formally structured and just as prominent a group as the "code
development team" working in parallel with it through every
release. But there's a lot of "glory" in development and not
much in reviewing, so nobody does this - sigh :-(

PPS

One other point about Truecrypt before we move on. 99.9% of
people use the binaries and do not compile the source. Even
if Truecrypt's source code is squeaky clean, 99.9% of folks
could still get fucked if the binaries are corrupt (which is
what I would do if I were the NSA).

In fact, it's a bastard to compile the source for all but the
most determined (e.g., you must hunt down the old 16-bit C
compiler from the mid-90s to compile drivers, etc - which I
have done!)

And even if you do compile the source yourself you *WON'T* get
the same binaries as Truecrypt distributes! Not just because
of the endless permutations of compiler switches, etc. but
because Truecrypt signs some of its binary modules and you
therfore CAN'T duplicate those binaries without having the
developers' private key!
Mark F
2010-05-17 17:17:56 UTC
Permalink
Raw Message
Post by nemo_outis
Hell, I may as well come clean and divulge more of my tricks :-)
An alternative method of using "two layers of encryption"
A couple of issues:
. still need a good way to erase "deleted" files and metadata
in OS2
. How do you do backups?
If the backups from OS2 then the
person doing the backup needs to have access to all of the
OS2 data.
. If you backup from OS1 the person doing the backups needs
access to OS1 and the "granularity" of the backups is
the container size of files as seen by OS1.
. If you backup stand-alone then you have to backup the entire
disks, so your procedures have to handle loss of data
on the backup media. (WinRAR with fast "check sum" computation?)
Post by nemo_outis
1) Some whole-disk program (Bestcrypt, Truecrypt, etc.) is used
to encrypt the boot/system drive/partition for the first
"native" operating system (OS1) which resides on the hard drive.
It is also used (optional but recommended) to encrypt all other
native partitions/drives.
2) OS1 has one and only one application - a "virtual-machine
runner" such as Vmware, virtualbox, etc.
3) The virtual-machine runner runs a second operating system,
OS2 (which may or may not be the same type as OS1). All real
operations are performed and all data storage is accessed from
this second virtual OS (OS2).
4) OS2 (and the data drives it accesses) may be protected by
the "native encryption" offered by, say, Vmware, or better, by
using a different whole-disk encryption program (Bestcrypt,
Truecrypt, Compusec, etc.) to encrypt OS2 (and its programs,
data, etc.)
The advantage of this method is that registry entries, etc. for
OS1 contain no leakage of useful information (except such minor
aspects as when OS2 was last run). OS2 (including the
boot/system drive is protected by two layers of encryption).
My previous method has the weakness that the boot/system
drive/partition is protected by only one layer of encryption
and, if this is penetrated, leakage in such places as its
registry may disclose significant meta-information about one's
activities.
Regards,
PS While I recommend that data drives/partitions/containers be
protected by *two* levels of encryption you can settle for just
one (e.g., that of used for either the virtual OS or the native
OS)
nemo_outis
2010-05-17 18:35:30 UTC
Permalink
Raw Message
Mark F <***@gmail.com> wrote in news:***@4ax.com:

...
Post by Mark F
Post by nemo_outis
An alternative method of using "two layers of encryption"
. still need a good way to erase "deleted" files and
metadata
in OS2
One of the greatest benefits of whole-disk encryption (even a
single level) is that it obviates any need for scrubbing!

There's absolutely NO need whatsoever to erase deleted files
and metadata in OS2 (i.e., the virtual machine OS).
*Anything* within OS2 can only be reached through *two* layers
of encryption - scrubbing is entirely superfluous.

Nor is there much purpose in scrubbing in OS1 (the hardware
machine OS). While OS1 is "only" protected by one layer of
encryption, there is next to no metadata generated within OS1.
It's mostly a waste of time to scrub OS1.

In fact, scrubbing OS2 or OS1 can be far *worse* than not
scrubbing them. The problem is this: scrubbing takes time.
Because of this there is a serious risk that you may be
tempted to leave the computer unattended - possibly for an
hour or more! - while it goes about the tedious business of
scrubbing. Needless to say, this is a major window of
vulnerability.

If passwords have been entered and keys are in memory you must
be *continuously* in front of the computer with a "big red
instant-shutdown switch" within easy reach (I use the one on
my powerbar). Ideally you should be in a locked room. If you
leave the computer (even just to go to the can or get a cup of
coffee and *absolutely* if you go to answer the door) you must
purge the keys from memory and lock the machine down. Purists
will do a hard shutdown even for a 10-second absence.

The greatest risk to your security is **YOU** - that you will
get lazy, bored, tired, careless, etc. and fail to religiously
follow your own security protocols.
Post by Mark F
. How do you do backups?
If the backups from OS2 then the
person doing the backup needs to have access to all of
the OS2 data.
. If you backup from OS1 the person doing the backups
needs
access to OS1 and the "granularity" of the backups is
the container size of files as seen by OS1.
. If you backup stand-alone then you have to backup the
entire
disks, so your procedures have to handle loss of data
on the backup media. (WinRAR with fast "check sum"
computation?)
Backups of encrypted drives are not much harder than for
unencrypted drives. They're just as boring and likely to be
put off though :-)

Backup of an encrypted drive(s) can be done by the main user
(the fellow who knows the passwords) or instead just by a
flunky/assistant who doesn't (and obviously the user can do
any flunky method). It depends on exactly how you want to do
the backups:

1) The user can back up the unencrypted data (either to an
unencrypted or encrypted backup). He can use any of a number
of methods for this, ranging from simple file copy to using a
dedicated program such as Acronis or GFbackup. However, the
only advantage of backing up unencrypted rather than encrypted
data is that the backups are smaller (both because the amount
of data is usually less than a full disk/partition and because
it can be compressed.) However, unless the backup is
encrypted, it is a major point of vulnerability. Why use
*two* layers of encryption on the computer if you're only
going to use *one* or *no* layers of encryption on the backup?

2) The user or a flunky can back up the encrypted data using
any number of methods (including Acronis, etc.). The
difference here is that one is backing up, not files, but raw
encrypted sectors. This means that a backup will be the same
size as the originating partition/disk - no compression is
possible. There is no need to know the passwords to do this -
even a flunky can boot from a Linux CD (USB, etc.) and just
"dd" (clone) the (doubly) encrypted partition/disk sector by
sector.

____

With ANY kind of backup (encrypted or unencrypted, including
"ordinary" backups of "ordinary" computers) there is the
question of the "robustness" of the backup. Programs like
Acronis, Ghost etc. use proprietary formats to store a backup
(and at least at first inspection it seems these don't have
any redundancy, etc. for error recovery). Similarly for
backups to zip (e.g., by GFbackup) or even for straight file
copies.

1) After (during) a backup, verify it. Yeah, this can double
the time with some programs but it's still a must. This can
involve the backup programs internal routines (not my favorite
but better than nothing) or CRC/MD5/SHA methods if you do file
copy or sector by sector (which is why a straight clone of an
encrypted drive is an excellent backup strategy).

2) For either method I striongly recommend you add a
"recovery record" after verifying the backup. (You could do
this with winrar but remember that winrar can't compress
encrypted files or even handle raw sectors). No, the method I
use for "file-based" backup is "par" files using Quickpar.
Decide how much redundancy you need (1%?, 5%?).

As for the "medium" for backing up data there is really only
one good option once the data gets in the hundreds of
gigabytes (as it will if you use encrypted partitions/drives)
- another hard drive.

This makes backing up encrypted drives real easy - clone the
encrypted drive to another HD.

Regards,
Mark F
2010-05-22 18:47:30 UTC
Permalink
Raw Message
Post by nemo_outis
...
Post by Mark F
Post by nemo_outis
An alternative method of using "two layers of encryption"
. still need a good way to erase "deleted" files and
metadata
in OS2
One of the greatest benefits of whole-disk encryption (even a
single level) is that it obviates any need for scrubbing!
There's absolutely NO need whatsoever to erase deleted files
and metadata in OS2 (i.e., the virtual machine OS).
*Anything* within OS2 can only be reached through *two* layers
of encryption - scrubbing is entirely superfluous.
I want data that I want erased, erased, safe even from myself
seeing it again.
Post by nemo_outis
Nor is there much purpose in scrubbing in OS1 (the hardware
machine OS). While OS1 is "only" protected by one layer of
encryption, there is next to no metadata generated within OS1.
It's mostly a waste of time to scrub OS1.
Agreed
Post by nemo_outis
In fact, scrubbing OS2 or OS1 can be far *worse* than not
scrubbing them. The problem is this: scrubbing takes time.
That is why I want the "scrubbing" to happen incrementally.
(In a similar way, I use a backup program that monitors all
file access and immediately starts doing the backup asynchronously,
so I'm not held back while the backup happens, just slowed down
if the disks are the bottleneck.)
Post by nemo_outis
Because of this there is a serious risk that you may be
tempted to leave the computer unattended - possibly for an
hour or more! - while it goes about the tedious business of
scrubbing. Needless to say, this is a major window of
vulnerability.
Committing an erase (either immediately or when the Recycle
Bin is emptied) should start the scrubbing of the file data and
remaining metadata - some of the metadata would have been
scrubbing immediately.
Post by nemo_outis
If passwords have been entered and keys are in memory you must
be *continuously* in front of the computer with a "big red
instant-shutdown switch" within easy reach (I use the one on
my powerbar). Ideally you should be in a locked room. If you
leave the computer (even just to go to the can or get a cup of
coffee and *absolutely* if you go to answer the door) you must
purge the keys from memory and lock the machine down. Purists
will do a hard shutdown even for a 10-second absence.
The greatest risk to your security is **YOU** - that you will
get lazy, bored, tired, careless, etc. and fail to religiously
follow your own security protocols.
That is why as much as possible should be automatic.
Post by nemo_outis
Post by Mark F
. How do you do backups?
If the backups from OS2 then the
person doing the backup needs to have access to all of
the OS2 data.
. If you backup from OS1 the person doing the backups
needs
access to OS1 and the "granularity" of the backups is
the container size of files as seen by OS1.
. If you backup stand-alone then you have to backup the
entire
disks, so your procedures have to handle loss of data
on the backup media. (WinRAR with fast "check sum"
computation?)
Backups of encrypted drives are not much harder than for
unencrypted drives. They're just as boring and likely to be
put off though :-)
The big difference happens when there are data errors
during the restore. Must programs have loose too much
data when a huge encrypted file encountered an error that
ultimately should have only affected one or no actual
data files.
Post by nemo_outis
Backup of an encrypted drive(s) can be done by the main user
(the fellow who knows the passwords) or instead just by a
flunky/assistant who doesn't (and obviously the user can do
any flunky method). It depends on exactly how you want to do
1) The user can back up the unencrypted data (either to an
unencrypted or encrypted backup). He can use any of a number
of methods for this, ranging from simple file copy to using a
dedicated program such as Acronis or GFbackup. However, the
only advantage of backing up unencrypted rather than encrypted
data is that the backups are smaller (both because the amount
of data is usually less than a full disk/partition and because
it can be compressed.) However, unless the backup is
encrypted, it is a major point of vulnerability. Why use
*two* layers of encryption on the computer if you're only
going to use *one* or *no* layers of encryption on the backup?
Exactly, the flunky only sees container files so the software has
to be able to recover from errors in the container files
in a reasonable way when recovery is done, even if the recovery
is done by the user with passwords.

The extra data backed up turns out to be a non-issue with
me since it only takes about 2 times as long as backing up
the actually used data at full sequential access disk speed.
Post by nemo_outis
2) The user or a flunky can back up the encrypted data using
any number of methods (including Acronis, etc.). The
difference here is that one is backing up, not files, but raw
encrypted sectors. This means that a backup will be the same
size as the originating partition/disk - no compression is
possible. There is no need to know the passwords to do this -
even a flunky can boot from a Linux CD (USB, etc.) and just
"dd" (clone) the (doubly) encrypted partition/disk sector by
sector.
Exactly, the problems arise when doing restores and finding the
restore program looses and entire disk or multi-gigabyte
container file, even though only 1 sector had an error.
Post by nemo_outis
____
With ANY kind of backup (encrypted or unencrypted, including
"ordinary" backups of "ordinary" computers) there is the
question of the "robustness" of the backup. Programs like
Acronis, Ghost etc. use proprietary formats to store a backup
(and at least at first inspection it seems these don't have
any redundancy, etc. for error recovery). Similarly for
backups to zip (e.g., by GFbackup) or even for straight file
copies.
1) After (during) a backup, verify it. Yeah, this can double
the time with some programs but it's still a must. This can
involve the backup programs internal routines (not my favorite
but better than nothing) or CRC/MD5/SHA methods if you do file
copy or sector by sector (which is why a straight clone of an
encrypted drive is an excellent backup strategy).
I used to have a program to compare two backup and a
backup program to compare a backup with what it would put
in the backup on a second run.

As time went by things degenerated to not being able to
compare two backups or compare the backup with the original,
but only to confirm that the backup was readable.

Now I backup to disk and do an operating system file-by-file
compare. The file-by-file compare takes about 10 times as
long as the backup with I don't use encryption. When I
backup container files the recovery options are bad, and
loose an entire container file on errors.

Do you have a better recommendation than Acronis? Does
GFbackup do a good job?
Post by nemo_outis
2) For either method I striongly recommend you add a
"recovery record" after verifying the backup. (You could do
this with winrar but remember that winrar can't compress
encrypted files or even handle raw sectors). No, the method I
use for "file-based" backup is "par" files using Quickpar.
Decide how much redundancy you need (1%?, 5%?).
I have thought about doing this, I find that the redundancy
calculations take a long time (multiples of the original
backup time, even longer than the file-by-file compare
times for unencrypted files.) Maybe I haven't tried the right
blocksize for the backups.

I don't mind 25% redundancy and want at least 5%.
Post by nemo_outis
As for the "medium" for backing up data there is really only
one good option once the data gets in the hundreds of
gigabytes (as it will if you use encrypted partitions/drives)
- another hard drive.
This is what I do, about 20 in rotation for each original
disk, about 2 disks per machine for 5 machines.
Post by nemo_outis
This makes backing up encrypted drives real easy - clone the
encrypted drive to another HD.
Need redundancy; doing 2 backups is fine, but need for
the restore procedure to be able to merge to make one good
copy.
Post by nemo_outis
Regards,
nemo_outis
2010-05-23 05:06:34 UTC
Permalink
Raw Message
I'm going to talk about two issues: scrubbing and backups.

In this post I'll talk about scrubbing.

Scrubbing is a losing game, for two reasons:

1) It's very slow if done right.
2) It's extremely difficult to do right
(No, make that EXTREMELY difficult - i.e., to ensure that you
have been sufficiently thorough and haven't missed anything.)

The fact that scrubbing is slow means:

1) There will be a temptation to do it too infrequently
2) There is a gigantic window of vulnerability while the
scrubbing is going on and isn't complete.

As I said, scrubbing is slow. Several hours to do properly
for a large drive. This means that it can't be done instantly
(well, duh!). For example, if there's a no-knock raid on your
house to seize the computer you're using, there won't be a
hope of instantly getting the necessary scrubbing done.
You're nicked, mate!

Some folks think scrubbing just means overwriting erased files
(1, 5, 35 or whatever number of times). Bzzzt! Wrong!
Overwriting an erased file is a necessary part of scrubbing,
true, but it's the easy part, the small part.

The far bigger problems are:

1) Files that are created by the OS or various programs that
get written hither and yon (log files, ini files, config
files, recently used files, temporary files, event logs,
automatic backups, restore points, print spools, journal
files, and on and on. And on and on and on...)

2) Files that get written as in 1 above and then erased
without knowledge of the user. Files that exist only briefly,
that twinkle on and then twinkle off unobserved.

3) Leakage, especially metadata

Regarding number 3, leakage, that should be LEAKAGE! using a
72-point font. We'll get to that leakage but first let's deal
with the first two categories.

For the first category it is next to impossible to have a
complete list of files that should be erased. Some "eraser"
programs try to keep a database of all such things, but it's
impossible for the list to ever be complete or for the user to
be sure that all such files will be deleted by the eraser
program. The user may have installed an "unusual" program
not on the eraser program's list, or, say, version 7.2 of some
program may have introduced new files different from those
used in version 7.1. It's a game of whack-a-mole the user is
sure to lose.

Files that get written and erased without the user's knowledge
and other sources (old detritus, partial uninstalls, etc.,
etc.) cause the sorts of problem in the second category.
(Some of the "shadow" files used for live backups also fall
into this category.) Thoroughly protecting against this one
takes a lot of time. It means that all unused (free) space on
a drive (partition) and all files "tips" must be regularly
overwritten (multiple times for paranoids). This takes a LOT
of time.

While the meaning of free space should be fairly obvious, not
everyone realizes the danger in "file tips". The problem
arises because the OS allocates space for a file in blocks
(typically 4096 bytes for NTFS) rounding up the space
allocated for a file from its actual size to the nearest whole
block. The remaining space left between the end of the actual
file and the end of its last allocated block (the file "tip")
may contain leftover data from previous files. That "tip"
must be erased! (Incidentally, overstating the real size of a
file and hiding other data in the large file tip was an old
data-hiding ploy before encryption.)

The last category, leakage, is a real bastard. (Incidentally,
it is the rock on which many plausible deniability schemes
founder.) I'm only going to touch on it, but hopefully enough
to convince most folks NOT to rely on scrubbing.

There are of course, the many "file-ish" places where the OS
(and programs) can leak data - places like the page file, or
dll caches, or inf file stashes, etc. But beyond these are
the two real killers for leakage: the registry and the MFT
structure on drives/partitions. (You can try to avoid the MFT
problems by using FAT but this has its own problems which I'll
pass over)

I'll talk about just a few aspects of the registry, including
one or two things very few people know. For instance, did you
know that all keys in the registry have date/time stamps? (the
"LASTWRITE" value). Well, they do, even though very few
registry editors ever show them (but forensic ones do!). The
lastwrite value gets changed whenever a key is created,
modified, or deleted! Yes, deleted too (and we'll come to
that). (Incidentally, you can see the lastwrite time for a
key if you export it to a text file)

The OS and programs squirrel away all kinds of metadata in the
registry, some of which can rat you out bigtime! For example,
there're the "userassist" entries which are protected by
encryption (lousy rot13 but still encryption). Some programs
tuck away encrypted or coded data that means God-only-knows-
what but which could come back to bite you on the ass. Also,
even though you delete a particular key, earlier versions of
it may still exist in the "internal backup" structure of the
registry (controlset00n). Trying to make sure you have
thoroughly purged the registry of all evidence that could be
incriminatory is a gigantic task that is virtually guaranteed
to NOT be fully done! The registry is the place where
scrubbing is guaranteed to come up short!

Oh, and about that "deleted" timestamp. The registry is a
database spread over several files (and they have backup
versions too!). Deleted entries in the registry aren't really
deleted - they're just "flagged" that way (and totally
available for a forensic investigator!). The only way you can
be (fairly?) sure to get rid of them is to compact the
registry. Do you trust your tools to do this right? How
would you know if they messed up and missed something?

On to the MFT. This too can getcha! It stashes all kinds of
info you probably didn't know about. For instance, did you
know that files have **4** timestamps, not just the standard 3
(created, modified, accessed) and that the MFT keeps *two*
separate copies of them (only the first version gets changed
by most date-tweaking programs). In fact, the MFT can contain
whole files within itself (if they're small).

And the MFT is a database. Metadata for deleted files isn't
really deleted from the MFT, it's just flagged as deleted. So
even if your eraser file properly overwrote the actual file a
dozen times, the name, attributes , size, etc. of that deleted
file could live on in the MFT (Incidentally, an MFT can grow
but never shrink).

Several years ago I looked for an eraser program that did a
good job of erasing MFT traces (besides, of course,
overwriting the file itself). I found only one at that time
that worked - Bcwipe - all others left traces I could find
with Encase. (It's possible other programs have caught up by
now but it's a danger area - don't trust your eraser program
unless you check it out with a forensic recovery tool!)

And then there are the odds and ends that can get you, things
like alternate data streams.

Moreover, because scrubbing can only be thoroughly done when
the computer is "quiescent", (most) scrubbing can only be done
at the end of a session. And few have the discipline to
remain in their seat in front of the computer (continuous
control and custody) while the tedious scrubbing happens
(although this aspect generally only arises if encryption is
also used).

But enough! I've made my point. Scrubbing is slow and it's
likely to be imperfectly done.

So what to do?

The answer is: Don't scrub, encrypt!

(which I'll explain below. However, for recalcitrant scrubbers
I will give one or two tips in a postscript)

Encrypt the entire system - use whole disk encryption. By
doing so you no longer have any need to scrub - there's no
place for data to leak to, nothing an adversary can look at.
Or, as Gertrude Stein said, "There's no there there."

Use Truecrypt, or Diskcryptor, or DCPP, or Compusec, or...
But to use them properly you have to understand them. And by
understand them, I don't mean just the technical bits about
options and features, I mean the philosophy of their use.

You see, hard disk encryption is a paradox: it only protects
you when you're not using it :-) It only protects data "at
rest." If you're using the data, if you've entered the
password and the key is in memory and the disks are mounted,
you're vulnerable.

(Aside: What would be ideal is if we could magically work on
data while it was still encrypted. Somewhat surprisingly, it
was recently proved that it is theoretically possible to do
this. However, the abstract proof involves an unbelievably
complicated and slow process that is completely impractical
even on the fastest supercomputer. But still, perhaps one
day.)

So with the aside aside we're back to "So what to do?"

One must realize that whole disk encryption is only half the
answer. The other half is this...(drum roll)... Instant
shutdown on tamper!

That is, if we're actually using the encrypted data, we must
be able to instantly shut the computer down (either
automatically by sensors, or more commonly, by manually
flipping a big red switch). The computer must shutdown on
tamper (or interference, etc. such as LEAs trying to seize the
computer - any attempt at unauthorized access). By being able
to instantly shut the computer down, ***to instantly put the
data back "at rest" again,*** we ensure its (and our)
security.


**True data security requires BOTH whole-disk encryption and
instant shutdown on tamper.**


This is why (unless you live in a fortress, or have a sensor
network, etc.) you must always be right in front of the
computer when the keys are in memory and drives are mounted.
And it's why scrubbing should *not* be done to an encrypted
computer since you will not have the self-discipline to stay
there while this long tedious process is performed.

Regards,


PS For those who perversely insist on scrubbing, here're a
few things you can do:

1) Use FAT for your partition type (strongly deprecated) or,
much better, use BCWipe to ensure the MFT is scrubbed clean.

2) Consider using a smaller block size than 4096 for NTFS
partitions. This has a number of downsides (including slower
performance) but it does reduce the time needed to scrub file
"tips" (I don't like this one much but I thought I'd throw it
in.)

3) Because scrubbing free file space on a large hard drive
is so slow, consider filling most of it with "dummy" files
leaving only a small working free space for new files. You
can erase one or more dummy files whenever you need more free
space.

For instance, if there's 300 GB of free space consider filling
most of it with 29 10GB dummy files. Scrubbing free space
will be much quicker. (Incidentally, if you tweak the file
dates on these dummy files to be very old your defragger will
always push them to the end of the partition.)

You could use plain old fsutil to create the dummy files
(after you'd already scrubbed the free space of course) but I
find the following program more useful (and not just for this
purpose): Random File Generator v1.1
http://www.chmaas.handshake.de/delphi/freeware/freeware.htm


-- 30 --
nemo_outis
2010-05-23 05:27:45 UTC
Permalink
Raw Message
"nemo_outis" <***@xyz.com> wrote in news:***@69.16.185.250:

...
Post by nemo_outis
You could use plain old fsutil to create the dummy files
(after you'd already scrubbed the free space of course) but
I find the following program more useful (and not just for
this purpose): Random File Generator v1.1
http://www.chmaas.handshake.de/delphi/freeware/freeware.htm
Whoops! I have about a dozen of these things and I gave you the
wrong one. You'd probably be happier with this one:

Random Data File Creator
http://www.bertel.de/software/rdfc/index-en.html

What I'm really looking for is yet another one but I've mislaid
it. It allows creating a file of arbitrary size, filled either
with nothing (i.e., whatever was on the disk) like fsutil, with
a repeating user-specified pattern, or with random numbers. If
I stumble across it I'll post it - it's been quite a few years
since I did any scrubbing. I took my own advice and switched to
encryption.

Regards,
Frank Merlott
2010-05-23 09:37:51 UTC
Permalink
Raw Message
Post by nemo_outis
I'll talk about just a few aspects of the registry, including
one or two things very few people know. For instance, did you
know that all keys in the registry have date/time stamps? (the
"LASTWRITE" value). Well, they do, even though very few
registry editors ever show them (but forensic ones do!).
Something else few people is aware of is that Windows registry
will introduce a reg key with a unique serial number when you
plugin a USB stick. This unique number can later on be linked
to your USB memory stick.
Post by nemo_outis
**True data security requires BOTH whole-disk encryption and
instant shutdown on tamper.**
I use decaf for instant shutdown, Decaf is an antiforensics
tool that in addition to a one button shutdown, has many other
features, such as disabling USB ports, the Network and CD-Rom
computer drives.

http://www.decafme.org/
Post by nemo_outis
PS For those who perversely insist on scrubbing, here're a
My favourite scrubber software is CyberScrub, not cheap but IMO
the best.
Post by nemo_outis
You could use plain old fsutil to create the dummy files
(after you'd already scrubbed the free space of course) but I
find the following program more useful (and not just for this
purpose): Random File Generator v1.1
http://www.chmaas.handshake.de/delphi/freeware/freeware.htm
Just create a useless 500GB Truecrypt container in order to fill
space on your hard disk, you dont need a random data generator.
nemo_outis
2010-05-23 17:56:55 UTC
Permalink
Raw Message
Post by Frank Merlott
Post by nemo_outis
I'll talk about just a few aspects of the registry,
including one or two things very few people know. For
instance, did you know that all keys in the registry have
date/time stamps? (the "LASTWRITE" value). Well, they
do, even though very few registry editors ever show them
(but forensic ones do!).
Something else few people is aware of is that Windows
registry will introduce a reg key with a unique serial
number when you plugin a USB stick. This unique number can
later on be linked to your USB memory stick.
Yep. In fact, most USB sticks have a unique serial number
which can be used to trace its use (the USB standard requires
this). In fact, some software manufacturers use this USB
serial number as a "poor man's etoken or dongle" to prevent
multiple use of their software (Limewire, a software RAID
vendor, is one example).

Note that some cheapie generic USB sticks do not have unique
serial numbers - it's either all zeros or a number that is
repeatedly used for every stick from a particular
manufacturing run.

There are some other problems with USB sticks that I discuss
further below.
Post by Frank Merlott
Post by nemo_outis
**True data security requires BOTH whole-disk encryption
and instant shutdown on tamper.**
I use decaf for instant shutdown, Decaf is an antiforensics
tool that in addition to a one button shutdown, has many
other features, such as disabling USB ports, the Network
and CD-Rom computer drives.
http://www.decafme.org/
I have it (v2.01 - I haven't checked if there's a more recent
version) but I haven't ever fired it up and given it a fair
try. I'll take your advice and try it for a bit.

FWIW I also have Microsoft's COFEE which, as Decaf's name
suggests, it was designed to thwart. I can post COFEE
somewhere if you wish (although it's mostly just a hodge-podge
of rather weak forensic programs. And you don't have to look
very hard to find it online yourself :-)
Post by Frank Merlott
Post by nemo_outis
PS For those who perversely insist on scrubbing, here're
My favourite scrubber software is CyberScrub, not cheap but
IMO the best.
I have it (v5.1.1.104 although that may not be the very
latest) but haven't ever put it through its paces (As I said,
I encrypt rather than scrub).

However, there're some problems with any such programs: their
mere existence on your drive and their name!

As Shakespeare says, "What's in a name?" Well, the answer is,
"A lot!" For example, I have studied and taught martial arts
for over 40 years. I specialize in the knife (inter alia).
And one of the things that bugs me most is knives with names
(really, marketing slogans) like "Rambo Gut-Ripper III" and
such. No, no, no! I want my combat carry knife to have a
name like "Fisherman's Friend" or "Kitchen Helper."

And so with scrubbers. They shouldn't have names like
"Evidence Eliminator" (the worst example) or some such thing.
Since even the presence of such a scrubbing program can be
evidence of guilty intent, a determination to obstruct
justice, the least it could do is have a benign name like
"Privacy protector" or "Clutter remover." "Cyberscrub" falls
somewhere in between (and BCWipe is no better).

On a slightly different note, one can never be sure that
scrubbers do as many overwrites as they claim. Unless the
software is carefully crafted to avoid the problem (and how
would you check?) there is a good chance that the multiple
writes will be buffered by the OS or on the HD electronics
itself with only the final one written to the actual disk.
Post by Frank Merlott
Post by nemo_outis
You could use plain old fsutil to create the dummy files
(after you'd already scrubbed the free space of course)
but I find the following program more useful (and not just
for this purpose): Random File Generator v1.1
http://www.chmaas.handshake.de/delphi/freeware/freeware.htm
Just create a useless 500GB Truecrypt container in order to
fill space on your hard disk, you dont need a random data
generator.
Sure, you could use Truecrypt, but even here I suggest you
create a number of them (say 25 x 10GB) rather than one big
one (1 x 250GB) and delete one or two as you need more space.
(You could create a single 250GB Truecrypt dummy file and then
delete it and create, say, a 240GB one when you need more
space, but this takes rather longer and often requires some
messing about regarding placement/fragmentation of the free
space.)

Since posting last night I haven't found the original dummy-
file-creator I was looking for, but I did find one online with
the requisite features (e.g., it can create a number of files
of arbitrary size at once, filled with a predetermined string
or random junk). It's here:

http://www.soft.tahionic.com/download-file-
generator/index.html

Returning again to USB drives, they are a bitch to scrub
effectively, because the wear-levelling mechanism means you're
never quite sure where you're writing. And being too
aggressive about multiple overwrites can drastically shorten
their already very finite lives.

But there is one very promising USB stick: the Ironkey. When
properly done, hardware encryption trumps software encryption
any day of the week. And the Ironkey has FIPS-2 140 Level 3
certification!

But even better its onboard cryptoprocessor means there's no
need to have admin privileges on any computer on which it is
used (as with almost any software like Truecrypt which
requires installation of kernel-level drivers.)

And the Ironkey is now moving to the next level: a full
virtual machine implementation on the USB stick. This will
give a lot of protection in a number of situations.

Regards,

PS There have been a number of supposed "crypto" USB sticks
with very poor implementations of cryptography that were
easily cracked. Caveat emptor.

I don't think anyone is going to crack an Ironkey without
quite a few days spent at a focussed-ion-beam workstation :-)
Frank Merlott
2010-05-24 08:32:33 UTC
Permalink
Raw Message
Post by nemo_outis
Note that some cheapie generic USB sticks do not have unique
serial numbers - it's either all zeros or a number that is
repeatedly used for every stick from a particular
manufacturing run.
That's news to me I wasn't aware of this.
Post by nemo_outis
I have it (v2.01 - I haven't checked if there's a more recent
version)
That is the latest version
Post by nemo_outis
FWIW I also have Microsoft's COFEE which, as Decaf's name
suggests, it was designed to thwart. I can post COFEE
somewhere if you wish (although it's mostly just a hodge-podge
of rather weak forensic programs. And you don't have to look
very hard to find it online yourself :-)
No thank you, I have read about COFEE, and there is nothing special
about it, self respecting computer forensic experts do not use COFEE
that is for knobs who have no clue about how computer works and still
believe in magic tools who will do their work for them. Dream on.
Post by nemo_outis
I have it (v5.1.1.104 although that may not be the very
latest) but haven't ever put it through its paces (As I said,
I encrypt rather than scrub).
CyberScrub also allows for encryption, I do not how good it is. What
I like from CyberScrub is the plugin system to erase traces from
applications not included with Windows by default.

But yes, full disk encryption is the way to go.
Post by nemo_outis
However, there're some problems with any such programs: their
mere existence on your drive and their name!
Evidence eliminator will make a suspect look guilty in Court, but
CyberScrub is not that bad, one can always try and use the identity
protection justification.

But I still haven't found any wiping software named "family protection".
Post by nemo_outis
On a slightly different note, one can never be sure that
scrubbers do as many overwrites as they claim. Unless the
software is carefully crafted to avoid the problem (and how
would you check?) there is a good chance that the multiple
writes will be buffered by the OS or on the HD electronics
itself with only the final one written to the actual disk.
But the number of overwrites is over hyped, overwriting something
three times should be enough to stop Encase and other forensic tools,
except perhaps, a forensic electron microscope, too expensive for the
average cops department, only used for important cases, AFAK.

I usually go for the standard DoD 7 passes if I have to overwrite
something,
better be on the safe side, but there is no way I will use the 35 Guttman
method
wiping in the mean time, overkill.
Post by nemo_outis
Returning again to USB drives, they are a bitch to scrub
effectively, because the wear-levelling mechanism means you're
never quite sure where you're writing. And being too
aggressive about multiple overwrites can drastically shorten
their already very finite lives.
USB memory sticks are better scrubbed with the random data
filling method.

Same goes for solid state disks, which most modern laptops have.

Wear levelling makes overwritting tools useless, but I believe wiping
software works in the most expensive solid state disks that use TRIM
these SSD with TRIM are usually for high performance and until prices
come down I doubt they will be widely used.

http://en.wikipedia.org/wiki/TRIM
Post by nemo_outis
But there is one very promising USB stick: the Ironkey. When
properly done, hardware encryption trumps software encryption
any day of the week. And the Ironkey has FIPS-2 140 Level 3
certification!
But even better its onboard cryptoprocessor means there's no
need to have admin privileges on any computer on which it is
used (as with almost any software like Truecrypt which
requires installation of kernel-level drivers.)
I have a big problem with hardware cryptoprocessors, there is the
Iron Welding method to separate to cryptoprocessor from the memory
stick and then attach the memory stick to another device to read it.

I do not know exactly how it works and how efficient it is, but I have
read at computer forensic forum about this trick and there are instances
in which it is effective.

I always go for software encryption because of this and because hardware
encryption has been defeated far too many times, recently the Kingston
USB memories which used AES, got cracked.

So much for your FIPS certification!

FIPS 140-2 Level 2 Certified USB Memory Stick Cracked
http://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html

Government-Approved Encrypted USB Drives Cracked
http://blogs.pcmag.com/securitywatch/2010/01/government-approved_encrypted.php
Post by nemo_outis
I don't think anyone is going to crack an Ironkey without
quite a few days spent at a focussed-ion-beam workstation :-)
Others have said that before about their products,mmm Kingston USB comes to
my mind.
nemo_outis
2010-05-24 20:50:20 UTC
Permalink
Raw Message
"Frank Merlott" <***@nomail.com> wrote in news:***@aopenxpc:


You touch on quite a few topics in your post. I'll try to
cover most of them, but not in great depth.

...
Post by Frank Merlott
No thank you, I have read about COFEE, and there is nothing
special about it, self respecting computer forensic experts
do not use COFEE that is for knobs who have no clue about
how computer works and still believe in magic tools who
will do their work for them. Dream on.
Yep, it's mostly just a ragbag of ordinary (not forensic)
utilities such as netstat, etc. Odd that Microsoft should
trumpet it so (but, hey, that's marketing for ya :-)
Post by Frank Merlott
Post by nemo_outis
I have it (v5.1.1.104 although that may not be the very
latest) but haven't ever put it through its paces (As I
said, I encrypt rather than scrub).
CyberScrub also allows for encryption, I do not how good it
is. What I like from CyberScrub is the plugin system to
erase traces from applications not included with Windows by
default.
But yes, full disk encryption is the way to go.
Agreed.
Post by Frank Merlott
Post by nemo_outis
their mere existence on your drive and their name!
Evidence eliminator will make a suspect look guilty in
Court, but CyberScrub is not that bad, one can always try
and use the identity protection justification.
But I still haven't found any wiping software named "family
protection".
Good name - race ya for filing the trademark :-)

The problem is not just the name, of course, but such things
as the tenor of its website and advertising. If these are of
the "nudge, nudge, wink, wink" variety a prosecutor will have
a field day.

For instance, Cyberscrub is more professional in this respect
than most, but even for it the first bullet about its Privacy
Suite on its home page says, "Erase online evidence."
http://www.cyberscrub.com/en/
Post by Frank Merlott
Post by nemo_outis
On a slightly different note, one can never be sure that
scrubbers do as many overwrites as they claim. Unless the
software is carefully crafted to avoid the problem (and
how would you check?) there is a good chance that the
multiple writes will be buffered by the OS or on the HD
electronics itself with only the final one written to the
actual disk.
But the number of overwrites is over hyped, overwriting
something three times should be enough to stop Encase and
other forensic tools, except perhaps, a forensic electron
microscope, too expensive for the average cops department,
only used for important cases, AFAK.
Yep. In fact, one overwrite is enough (despite all the tripe
that is written about servo-guided heads and data left at the
track edges due to wandering). No commercial house in the
world offers recovery of overwritten data on modern hard
drives - it's not commercially feasible.

And it's also very likely not technically feasible either even
for the NSA, except perhaps on a very localized hit and miss
basis. And even if the NSA can somehow do such recovery (and
this would contradict all publicly available research) the
cost is likely astronomical for a modern super-high-density
perpendicular-recording drive and would never be deployed
against any but the highest-value targets.

But the scrubbers all continue to vigorously promote
ridiculous numbers of overwrites typically quoting either
Gutmann or old DoD specs. But those DoD specs have been
obsolete and *rescinded* for many, many years. (I can quote
chapter and verse on this if necessary.)
Post by Frank Merlott
I usually go for the standard DoD 7 passes if I have to
overwrite something,
better be on the safe side, but there is no way I will use
the 35 Guttman method
wiping in the mean time, overkill.
That DoD recommendation was for earlier technology and has
been obsolete and rescinded for years! Peter's is even older
and more obsolete (as PG himself acknowledges).

As the Wikipedia states (confirming my own checking):

On the other hand, according to the 2006 NIST Special
Publication 800-88 (p. 7): "Studies have shown that most of
today’s media can be effectively cleared by one overwrite" and
"for ATA disk drives manufactured after 2001 (over 15 GB) the
terms clearing and purging have converged."[1] An analysis by
Wright et al. of recovery techniques, including magnetic force
microscopy, also concludes that a single wipe is all that is
required for modern drives. They point out that the long time
required for multiple wipes "has created a situation where
many organisations ignore the issue all together – resulting
in data leaks and loss. "[5]
________


However, for those who remain unconvinced by my points and
still intend to do multiple (say N) overwrites, let me give
them some advice:

1) Do NOT do a single N-overwrite pass (and not just because
these may be buffered and only the last actually written to
the disk).

2) Because scrubbing is so slow the window of vulnerability
is long. So do a single 1-write overwriting pass, and follow
that with a N-1 overwrite pass. The single pass will provide
99.99% protection *much more quickly* for *ALL* the scrubbed
data, and the remaining passes can then slowly crank the
protection up to 99.999% (or whatever). In fact, N single-
overwrite passes may be the best strategy.

The real best strategy, of course, is whole disk encryption!
Post by Frank Merlott
Post by nemo_outis
Returning again to USB drives, they are a bitch to scrub
effectively, because the wear-levelling mechanism means
you're never quite sure where you're writing. And being
too aggressive about multiple overwrites can drastically
shorten their already very finite lives.
USB memory sticks are better scrubbed with the random data
filling method.
Same goes for solid state disks, which most modern laptops
have.
Wear levelling makes overwritting tools useless, but I
believe wiping software works in the most expensive solid
state disks that use TRIM these SSD with TRIM are usually
for high performance and until prices come down I doubt
they will be widely used.
http://en.wikipedia.org/wiki/TRIM
There are a number of severe problems with flash memory as
used in such things as USB sticks, camera memory, and SSDs.
One of them is that flash memory has BIG problems with data
remanence (as opposed to RAM which has only quite light
remanence problems, despite the ballyhoo of the "Princeton"
attack). One very good paper on this topic is Skorobogatov's
"Data Remanence in Flash Memory Devices" (Crypto 2005
Proceedings). If you can't find a copy online I can post it.

But the takeaway point is that scrubbing flash-memory devices
has a high risk of failure. Accordingly, only encrypted data
should ever be stored on such a medium (never plaintext).
Post by Frank Merlott
Post by nemo_outis
But there is one very promising USB stick: the Ironkey.
When properly done, hardware encryption trumps software
encryption any day of the week. And the Ironkey has
FIPS-2 140 Level 3 certification!
But even better its onboard cryptoprocessor means there's
no need to have admin privileges on any computer on which
it is used (as with almost any software like Truecrypt
which requires installation of kernel-level drivers.)
I have a big problem with hardware cryptoprocessors, there
is the Iron Welding method to separate to cryptoprocessor
from the memory stick and then attach the memory stick to
another device to read it.
I do not know exactly how it works and how efficient it is,
but I have read at computer forensic forum about this trick
and there are instances in which it is effective.
The thing to realize is that hardware does not promise
absolute protection. Various levels of hardening provide
various degrees of protection, usually expressible in terms of
time and effort to defeat them given specific resources and
constraints. Analogously to hardware encryption, even the
finest safe made, the Super Diamond TXTL60x6, gives only one
hour protection against skilled adversaries, and that only
against specified tools. With other tools it can be
penetrated in under a minute!

The thing about hardware is that one must be AWARE of its
strengths and limitations and use it *judiciously* (including
with other devices and appropriate strategies) as a valuable
COMPONENT of your security (and not the end-all and be-all)

In security, much more than other areas of life, ignorance is
not bliss. What you don't know WILL hurt you - bad!
Post by Frank Merlott
I always go for software encryption because of this and
because hardware encryption has been defeated far too many
times, recently the Kingston USB memories which used AES,
got cracked.
So much for your FIPS certification!
FIPS 140-2 Level 2 Certified USB Memory Stick Cracked
http://www.schneier.com/blog/archives/2010/01/fips_140-2_lev
e.html
Government-Approved Encrypted USB Drives Cracked
http://blogs.pcmag.com/securitywatch/2010/01/government-appr
oved_encrypted.php
I referred to such lame crypto sticks in an earlier post in
this thread, including a prominent Caveat Emptor.

But your reference to this deserves a bit more comment. The
first teaser I'll give you is that the failure of the Kingston
(and the Sandisk and the Verbatim) sticks did NOT involve
their FIPS-2 validation!

Ordinary consumers do not realize what FIPS validation means
(understandable but their ignorance leaves their security wide
open). Most consumers treat it like a UL stamp on a toaster,
a supposed guarantee of safety. Or worse, like an amulet to
ward off bad juju. (As Arthur C. Clarke observed, "Any
sufficiently advanced technology is indistinguishable from
magic.")

Folks should (but don't) understand the difference between
FIPS certification and validation, the meaning of the 4
levels, and the distinctions even there between software and
hardware. Many vendors compound this confusion by treating
FIPS validation as purely about marketing (or even dissembling
about "certified" algorithms and similar bullshit).

However, the fact that there are multiple *levels* of FIPS
validation should at least be a clue that the security is not
absolute and that checking of what each level provides would
be prudent. For instance, there is a large step between level
2 (what the Kingston stick had) and level 3 (what the Ironkey
has). But there is also a level 4 which should be a warning
to the wise that more can be done.

In fact, the original proposals for FIPS validation had 6
levels, not 4, and as a result there can be considerable
variation within level 3 and especially 4 as to the degree of
protection provided. In short, the steps are too coarse with
insufficient granularity. But since consumers are oblivious
to the current meanings why become more subtle?

With regard to the Kingston failures, FIPS level 2 *didn't*
fail. You see, FIPS-2 140 level 2 doesn't really provide very
much. One gaping hole is that (unlike level 3) it says
*nothing* about authentication. And authentication is where
the Kingston failed.

The Kingston (and similar) sticks used an unbelievably bad
scheme for authentication, with software running on the PC
(where it could be easily compromised). But even worse, the
software used a single unchanging unlock code to communicate
the entering of a correct password from that software to the
USB stick. Astounding! Not that it failed - that was
inevitable - but that the vendor should be so stupid and
irresponsible! All the AES encryption in the world won't
help you if this sort of gross blunder gets implemented. (But
you have to know that FIPS level 2 doesn't protect you from
such stuff - if you just make assumptions about what you think
you've been promised you're asking to become roadkill.)

Moving on to the Ironkey, its level 3 does give a lot better
protection. But that protection has limits and you'd better
be aware of them and adjust your reliance on the device
accordingly.

For instance, one positive aspect of the Ironkey is that its
small size lends itself to continuous control and custody. It
can be continuously worn around the neck even while sleeping.
This prevents some "flavours" of attack analogous to
Rutkowska's Evil Maid or the - absolutely fatal to plausible
deniability - double imaging attack. (If you do wear the
Ironkey around you neck use a breakable string rather than,
say, a strong nylon cord - lest you be garrotted. Same advice
as I give for neck knives. But, then again, perhaps
garrotting does not figure prominently on your list of
probable threats :-)

Use your Ironkey so that its compromise would not be a
catastrophic single point of failure. For instance, if you
require a (unmemorably long) 43-character password to access a
Truecrypt container, do not store all of it on the Ironkey.
Instead store (say) 30 characters there and memorize the last
13 characters.
Post by Frank Merlott
Post by nemo_outis
I don't think anyone is going to crack an Ironkey without
quite a few days spent at a focussed-ion-beam workstation
:-)
...
It's not whether the Ironkey can be cracked (it can!) but what
it would take to do so. My off-the-cuff estimation is that
the threshold cost is somewhere above $100,000 and that
possession of the necessary skills and access to the necessary
tools is limited (not to mention drive and motivation).
Examine you threat, risk, and consequence analysis to see if
your potential adversaries fall within this spectrum. (1)

Regards,

(1) Much as I like the Ironkey there is/was a cheapie
solution I liked even more - The Dallas Java iButton. I got a
number of them dirt cheap a while back as part of their
promotional Developers' Kit for the thing. Unfortunately, I
never have gotten my ass in gear to do anything with them.

(And Dallas was sold and taken over - I haven't checked what
changes were made to the device lineup.)
Frank Merlott
2010-05-24 08:36:50 UTC
Permalink
Raw Message
Post by nemo_outis
But there is one very promising USB stick: the Ironkey. When
properly done, hardware encryption trumps software encryption
any day of the week. And the Ironkey has FIPS-2 140 Level 3
certification!
I take from your other posts that you seem to trust a lot FIPS
certification,
I would like to quote Mr Schneier blog on that.


"The problem is that no one really understands what a FIPS 140-2
certification means.
Instead, they think something like: "This crypto thingy is certified, so
it must be secure."

In fact, FIPS 104-2 Level 2 certification only means that certain good
algorithms are used,
and that there is some level of tamper resistance and tamper evidence.
Marketing departments
of security take advantage of this confusion -- it's not only FIPS 140,
it's all
the security standards -- and encourage their customers to equate
conformance to the
standard with security.

So when that equivalence is demonstrated to be false, people are
surprised."

http://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html
nemo_outis
2010-05-24 21:23:45 UTC
Permalink
Raw Message
Post by Frank Merlott
Post by nemo_outis
But there is one very promising USB stick: the Ironkey.
When properly done, hardware encryption trumps software
encryption any day of the week. And the Ironkey has
FIPS-2 140 Level 3 certification!
I take from your other posts that you seem to trust a lot
FIPS certification,
I would like to quote Mr Schneier blog on that.
...


The thing is not falling in love with ANY particular technology
(e,g,, Truecrypt or Ironkey) or any particular strategy (e.g.,
plausible deniability) or placing undue reliance on any
particular assurances (open-source code, a review by Schneier,
or a FIPS validation).

None of these are magic, and none are a substitute for careful
analysis and prudent conduct. And, given the limitations of any
or all of these, the best approach is (like Kursk) defence-in-
depth, with no single point of failure, no over-reliance on one
strategem or tool.

That means work - hard work. And even then there is no absolute
assurance.

For you see, life is a risky business - even with the best
precautions no one gets out alive :-)

Regards,
nemo_outis
2010-05-28 03:36:50 UTC
Permalink
Raw Message
"nemo_outis" <***@xyz.com> wrote in news:***@69.16.185.250:



As I said in the "truecrypt access claimed?" thread on
alt.security.scramdisk on May 22:


...
Post by nemo_outis
(Aside: What would be ideal is if we could magically work
on data while it was still encrypted. Somewhat
surprisingly, it was recently proved that it is
theoretically possible to do this. However, the abstract
proof involves an unbelievably complicated and slow process
that is completely impractical even on the fastest
supercomputer. But still, perhaps one day.)
...


Well, there's been another signficant step towards this. Here's
Smart's paper adding on to Gentry's original work:

Fully Homomorphic Encryption with Relatively
Small Key and Ciphertext Sizes
http://www.info.unicaen.fr/M2-AMI/articles-2009-2010/smart.pdf

For those who find the paper tough sledding, here's an
assessment in layman's terms:

Major step ahead for cryptography
http://www.eurekalert.org/pub_releases/2010-05/uob-msa052510.php

Regards,
thang ornithorhynchus
2010-05-18 13:58:51 UTC
Permalink
Raw Message
Post by nemo_outis
...
Post by thang ornithorhynchus
So far, at least until the advent of practical quantum
computing, TC is unassailable on an unbooted PC.
Yes - **IF** there are no flaws, backdoors, etc. in Truecrypt.
I, for one, am very suspicious of Truecrypt, its two
"anonymous" authors, the "open source" that isn't really open,
the manipulated forum, the closed bug lists, the systematic
purging of early versions from the net, and on and on... While
none of this is proof, it does not inspire trust - certainly it
doesn't in me.
That's all been done to death here and all over the various security
fora. Just google and you will see what I mean, or go back here to
the discussions between myself and Shaun of Securstar. There is much
room for suspicion of TC's devs and their motives, but who knows. The
walls of the Museum of Natural History are plaqued with donations by
anonymous benefactors, why not the realm of security software?

The fact of the matter is, for the sophisticated security consumer, no
less than a hidden OS is requisite. There is, in this context, only
TC and DCPP. If one is using the latest flavor of MSOS, then only TC
6.2 will suffice to establish a perfectly hidden OS (Win7 clone) which
satisfies the plausible deniability test, esp. for those denizens of
the UK, Australia and other regimes where one will be jailed if keys
for encrypted volumes or containers are not handed over. DCPP may do
the trick in the future, but at the moment because it requires a boot
partition in FAT, which Win7 does not permit, there is no such beast.
Shaun Hollingworth assures me that this is being worked on. Therefore,
there is no substitute for TC where plausible deniability is a
prerequisite (presently).
Post by nemo_outis
In the words of my dear old Dad, "I wouldn't trust them in a
shithouse with a knife and fork."
Well, your dear old dad probably has no experience with computers let
alone security software, so his opinion probably does not count.

regards

thang
Post by nemo_outis
YMMV
Regards,
nemo_outis
2010-05-18 18:57:03 UTC
Permalink
Raw Message
On Sun, 16 May 2010 06:07:36 GMT, "nemo_outis"
...
Post by nemo_outis
I, for one, am very suspicious of Truecrypt, its two
"anonymous" authors, the "open source" that isn't really
open, the manipulated forum, the closed bug lists, the
systematic purging of early versions from the net, and on
and on... While none of this is proof, it does not
inspire trust - certainly it doesn't in me.
That's all been done to death here and all over the various
security fora. Just google and you will see what I mean,
or go back here to the discussions between myself and Shaun
of Securstar. There is much room for suspicion of TC's
devs and their motives, but who knows. The walls of the
Museum of Natural History are plaqued with donations by
anonymous benefactors, why not the realm of security
software?
It may have been "done to death" as you say, but there are
many who have not heard about it. Just as with my reply to
the OP of this thread that a Firewire attack on keys in memory
is "old news." It's worthwhile spreading the word even about
old news.

And, yes, I have researched all this thoroughly before. For
instance, I have acquired *every* release of Truecrypt -
despite the authors' sedulous attempts to purge all early
versions from existence!
The fact of the matter is, for the sophisticated security
consumer, no less than a hidden OS is requisite. There is,
in this context, only TC and DCPP. If one is using the
latest flavor of MSOS, then only TC 6.2 will suffice to
establish a perfectly hidden OS (Win7 clone) which
satisfies the plausible deniability test, esp. for those
denizens of the UK, Australia and other regimes where one
will be jailed if keys for encrypted volumes or containers
are not handed over. DCPP may do the trick in the future,
but at the moment because it requires a boot partition in
FAT, which Win7 does not permit, there is no such beast.
Shaun Hollingworth assures me that this is being worked on.
Therefore, there is no substitute for TC where plausible
deniability is a prerequisite (presently).
To again borrow a phrase from my Dear Old Dad, "Plausible
deniability isn't worth a fart in a strong wind."

Or, as I prefer to phrase it, "Plausible deniability isn't!"

And I say this as one who has followed such things as "nested
encryption" for a decade or more (since the days of
"Rubberhose" with its 16-deep layers of encryption!)

Oh yes, such things are *deniable* - anything is deniable.
But those denials aren't plausible.

There's a giant chasm between "You can't apodeictally *prove*
I have an inner layer of encryption" and "It's plausible that
I don't even though the encryption program I use boasts loudly
about having this feature."

Nor will I walk you through the differences between
reasonable suspicion, probable cause, balance of probabilites,
and beyond reasonable doubt. Let's just say that "plausible
deniability" fails the first three outright and is pretty weak
even on the fourth level. And that's only for the judicial
system (*one* judicial system), Other threats (customs,
thieves, rogue cops, less "generous" legal and political
systems, etc.) will use a much rougher standard for assessing
the "plausibility" of your denials!

Oh yes, you can convince *yourself* that it's plausible, but
that's worth SFA - convincing a suspicious, experienced, even
hostile third-party is very unlikely to fly.

But plausible deniability is a "hot feature" in crypto
software these days, and I doubt I'll be able to dissuade any
"true believer" from foolishly relying on it.
Post by nemo_outis
In the words of my dear old Dad, "I wouldn't trust them in
a shithouse with a knife and fork."
Well, your dear old dad probably has no experience with
computers let alone security software, so his opinion
probably does not count.
My dear old Dad may not have been a crypto expert, but he had
a pretty good handle on where and where not to place trust -
and the ability to transmit such thoughts with a very punchy
and memorable turn of phrase.

Regards,
thang ornithorhynchus
2010-05-19 06:16:23 UTC
Permalink
Raw Message
Post by nemo_outis
On Sun, 16 May 2010 06:07:36 GMT, "nemo_outis"
...
Post by nemo_outis
I, for one, am very suspicious of Truecrypt, its two
"anonymous" authors, the "open source" that isn't really
open, the manipulated forum, the closed bug lists, the
systematic purging of early versions from the net, and on
and on... While none of this is proof, it does not
inspire trust - certainly it doesn't in me.
That's all been done to death here and all over the various
security fora. Just google and you will see what I mean,
or go back here to the discussions between myself and Shaun
of Securstar. There is much room for suspicion of TC's
devs and their motives, but who knows. The walls of the
Museum of Natural History are plaqued with donations by
anonymous benefactors, why not the realm of security
software?
It may have been "done to death" as you say, but there are
many who have not heard about it. Just as with my reply to
the OP of this thread that a Firewire attack on keys in memory
is "old news." It's worthwhile spreading the word even about
old news.
You are probably right, but few novices stumble upon this old NG
because of its obscure provenance. Most of the lurkers here are
fairly advanced in their knowledge.
Post by nemo_outis
And, yes, I have researched all this thoroughly before. For
instance, I have acquired *every* release of Truecrypt -
despite the authors' sedulous attempts to purge all early
versions from existence!
Have you compared them bit by bit to determine when and where the
backdoor has been introduced (kidding of course).
Post by nemo_outis
The fact of the matter is, for the sophisticated security
consumer, no less than a hidden OS is requisite. There is,
in this context, only TC and DCPP. If one is using the
latest flavor of MSOS, then only TC 6.2 will suffice to
establish a perfectly hidden OS (Win7 clone) which
satisfies the plausible deniability test, esp. for those
denizens of the UK, Australia and other regimes where one
will be jailed if keys for encrypted volumes or containers
are not handed over. DCPP may do the trick in the future,
but at the moment because it requires a boot partition in
FAT, which Win7 does not permit, there is no such beast.
Shaun Hollingworth assures me that this is being worked on.
Therefore, there is no substitute for TC where plausible
deniability is a prerequisite (presently).
To again borrow a phrase from my Dear Old Dad, "Plausible
deniability isn't worth a fart in a strong wind."
Or, as I prefer to phrase it, "Plausible deniability isn't!"
Wrong. At the level of global terrorist, maybe, because a combination
of advanced NSA type knowledge and persuasion would be levelled at
one. However, for the majority of users here, such adversaries are
not likely. In TC, the hidden OS residing in the sacrificial (outer)
volume can not be discerned objectively, period! It will appear as
slightly less than random characters, with no real evidence of its
existence beyond sophisticated stochastic techniques. The hidden
volume/hidden OS cannot be discerned from the decoy OS, nor can it be
discerned from a bit by bit analysist of the HD or its clone by an
adversary. It is not there to all extents and purposes. That is the
"plausible deniability" strategem and it works. DCPP is the other
method, but the plausible deniability argument is not nearly as sound
in that case.


Now, quite apart from the plausible deniability is the sheer
uncrackability of the hidden OS (and the outer volume and the decoy,
but they are designed to be given up under pressure). AES256 is not
presently crackable if a multi-character pass*phrase* is used. In a
few decades, maybe, if quantum computing takes off. But no now. So,
while TC is like many others on the market for its use of good
algorithms, it is unlike all others on the market for its plausible
deniability strategem, which works.
Post by nemo_outis
And I say this as one who has followed such things as "nested
encryption" for a decade or more (since the days of
"Rubberhose" with its 16-deep layers of encryption!)
Oh yes, such things are *deniable* - anything is deniable.
But those denials aren't plausible.
There's a giant chasm between "You can't apodeictally *prove*
I have an inner layer of encryption" and "It's plausible that
I don't even though the encryption program I use boasts loudly
about having this feature."
Well yes, both TC and DCPP boast loudly about this feature, but it is
only a minority of TC and DCPP users who actually use the feature
because of its inherent difficulty in setting up, properly. It takes
time and much effort to get the balance of the partition sizes correct
(its a mathematical relationship if you read the notes) so as to
maximise the size of the hidden OS (which is after all the objective).
With DCPP it is much harder as you start with a FAT partition and then
create a hidden NTFS partition within (DCPP is not as deniable as TC -
and TC has no leakage whatsoever from its hidden volume, because it
renders all disks, USB ports, writers etc as read only and the hidden
OS is a total perfect clone of the decoy).

You are wrong because the majority of TC users only use TC to at most
encrypt the OS, and usually only to set up encrypted containers. Same
application though, so all one needs to do is plead that TC was used
to set up the decoy and the outer volume.
Post by nemo_outis
Nor will I walk you through the differences between
reasonable suspicion, probable cause, balance of probabilites,
and beyond reasonable doubt. Let's just say that "plausible
deniability" fails the first three outright and is pretty weak
even on the fourth level. And that's only for the judicial
system (*one* judicial system), Other threats (customs,
thieves, rogue cops, less "generous" legal and political
systems, etc.) will use a much rougher standard for assessing
the "plausibility" of your denials!
You don't need to walk me through these basic legal concepts, I
understand them completely (BTW, the last term is simply "reasonable
doubt", the burden of evidence is "beyond a reasonable doubt"). How
does plausible deniability fail either of the *two* relevant legal
concepts (reasonable suspicion and probable cause don't exist in law
outside of the US, and I'm not sure they are statutory concepts even
there). Balance of probabilities is only used, or applied, in civil
litigation, never in criminal litigation. Reasonable doubt is only
applied in criminal litigation, never civil litigation. The existence
of a hidden volume, and its hidden OS, cannot, I repeat, cannot be
even inferred, let alone proven, from examination of a HD. Not even
at the civil level of proof, on the balance of probabilities. Perhaps
stochastic processes (regression, chi-squared, etc) can be used to
demonstrate that the bits on the outer volume behind any data on that
volume are less than random, but so what? There is no way to prove
its existence from headers, or either of the decoy or the outer
volume. Period.
Post by nemo_outis
Oh yes, you can convince *yourself* that it's plausible, but
that's worth SFA - convincing a suspicious, experienced, even
hostile third-party is very unlikely to fly.
But plausible deniability is a "hot feature" in crypto
software these days, and I doubt I'll be able to dissuade any
"true believer" from foolishly relying on it.
No its not. As far as I know, its only TC and Securstar who tout its
benefits. All the others (see Sarah Dean's comparisons of OTFE apps)
are containers, single volumes, encrypted OS's, etc - only TC and DCPP
use hidden OS's.
Post by nemo_outis
Post by nemo_outis
In the words of my dear old Dad, "I wouldn't trust them in
a shithouse with a knife and fork."
Well, your dear old dad probably has no experience with
computers let alone security software, so his opinion
probably does not count.
My dear old Dad may not have been a crypto expert, but he had
a pretty good handle on where and where not to place trust -
and the ability to transmit such thoughts with a very punchy
and memorable turn of phrase.
fair enough

thang
Post by nemo_outis
Regards,
nemo_outis
2010-05-19 18:35:05 UTC
Permalink
Raw Message
On Tue, 18 May 2010 18:57:03 GMT, "nemo_outis"
…
Post by nemo_outis
It may have been "done to death" as you say, but there are
many who have not heard about it. Just as with my reply to
the OP of this thread that a Firewire attack on keys in
memory is "old news." It's worthwhile spreading the word
even about old news.
You are probably right, but few novices stumble upon this
old NG because of its obscure provenance. Most of the
lurkers here are fairly advanced in their knowledge.
Speculative and conjectural on your part, but let that pass.

As my response to the OP showed, I usually discuss these
matters in alt.privacy, alt.computer.security, or sci.crypt.
But since the matter arose here I pursued it here. And I have
continued to pursue it here even as it wandered far from the
original topic.

...
Post by nemo_outis
To again borrow a phrase from my Dear Old Dad, "Plausible
deniability isn't worth a fart in a strong wind."
Or, as I prefer to phrase it, "Plausible deniability
isn't!"
Wrong. At the level of global terrorist, maybe, because a
combination of advanced NSA type knowledge and persuasion
would be levelled at one. However, for the majority of
users here, such adversaries are not likely. In TC, the
hidden OS residing in the sacrificial (outer) volume can
not be discerned objectively, period! It will appear as
slightly less than random characters, with no real evidence
of its existence beyond sophisticated stochastic
techniques. The hidden volume/hidden OS cannot be
discerned from the decoy OS, nor can it be discerned from a
bit by bit analysist of the HD or its clone by an
adversary. It is not there to all extents and purposes.
That is the "plausible deniability" strategem and it works.
DCPP is the other method, but the plausible deniability
argument is not nearly as sound in that case.
I don't think you quite get it - you have allowed yourself to
be dazzled by the technical details. The *mere presence* of
large quantities of random data - even without absolute proof
- will be viewed as a near certainty that encryption is being
used. And use of a crypto program that supports hidden
volumes will cause considerable credibility to be attached to
the likely use of that feature. Overwhelmingly so if other
circumstances (e.g., why you are being investigated in the
first place) are consonant with this.

Sure you can deny it, sure you can scream "You can't
absolutely prove it!" but that may cut very little ice.

Many a man has been hanged for murder even though the body of
the victim was never found.

…
You don't need to walk me through these basic legal
concepts, I understand them completely (BTW, the last term
is simply "reasonable doubt", the burden of evidence is
"beyond a reasonable doubt"). How does plausible
deniability fail either of the *two* relevant legal
concepts (reasonable suspicion and probable cause don't
exist in law outside of the US, and I'm not sure they are
statutory concepts even there). Balance of probabilities
is only used, or applied, in civil litigation, never in
criminal litigation. Reasonable doubt is only applied in
criminal litigation, never civil litigation. The existence
of a hidden volume, and its hidden OS, cannot, I repeat,
cannot be even inferred, let alone proven, from examination
of a HD. Not even at the civil level of proof, on the
balance of probabilities. Perhaps stochastic processes
(regression, chi-squared, etc) can be used to demonstrate
that the bits on the outer volume behind any data on that
volume are less than random, but so what? There is no way
to prove its existence from headers, or either of the decoy
or the outer volume. Period.
Here too your knowledge is shallower than you think.

For instance, the term of art for the required standard for
convicting (NOT "evidence" as you incorrectly state) in
criminal matters in most common-law jurisdictions IS INDEED
"beyond reasonable doubt" although there is considerable
jurisdictional variation in how this concept is communicated
to a jury (In England, for instance, NO reference to
reasonable doubt is usually made as a result of a recent
Appeal Court decision).

Second, the standards of "reasonable suspicion" and "probable
cause" are widely used OUTSIDE the US in MANY common-law
jurisdictions. I can, for instance, cite cases from the
Canadian Supreme Court addressing these exact topics.

As for civil matters, yes, the standard in many common-law
jurisdictions is "balance of probabilities" or "preponderance
of evidence." But what you may not fully realize is how often
criminal and civil cases are conjoined. For instance, it is
very common in copyright matters to bring both criminal *and
civil* processes, with the civil case frequently being won
even though the criminal case wasn't. (The most famous example
of the criminal/civil duality is, of course, the O J Simpson
matter.)

But there is a bigger problem with encryption in civil
matters. In civil matters there is generally some form of
disclosure or discovery procedure. If one of the litigants
fails to be *fully forthcoming* or appears (in the estimation
of the judge for which he has very wide discretion) to be
evasive, furtive, or unresponsive (not a question of what the
discloser *must* do but what he *should* do) then the case
will be automatically be decided against him! I've seen this
happen in cases in which I've participated. I'll be happy to
quote the legal principle in Latin if you think that would
help :-)

Now I could point out that I've been speaking broadly of
common-law principles, but in most jurisdictions these have
generally (but not totally) been supplanted by statutory
equivalents. The statutory equivalents usually are more or
less "equivalent" but they do sometimes introduce new
"wrinkles" - in extreme cases they can, for instance, entirely
reverse the burden of proof, as with the UK RIP law.

I can also point out that there are other legal (and quasi-
legal) processes beyond civil and criminal matters, such as
regulatory and administrative ones. The classic example here
is customs where they can, in practice, do whatever the fuck
they want without even meeting the minimum standard of
"reasonable suspicion."

I've been an expert witness 11 times (and I have two more
cases coming up this fall). IANAL but I've been prepared by
the best lawyers and familiarized with most of this lest I
trip over my feet on the stand. My oral testimony and written
reports have been Frye-ed and Daubert-ed to a fare-thee-well
to make sure they comply with the standards of evidence. I'm
very familiar with this stuff.

And let me tell you this from my experience: judges are not
fools! Nor are they gullible! They've seen and heard - many
times - better liars and dissemblers than you or I will ever
be. And they can bend the law like a pretzel when it suits
them to do so - especially if they think you are jerking them
around. They will fuck you over - hard! - if they think you
are being "cute" or trying to "game" them. Try your "Nyah
nyah, you can't prove I have a hidden volume" on them and see
how far you get. You will discover very fast just how
"flexible" the law can be when a judge wants to use it to fuck
you over. Your faith in Civics 101 will never be the same!

It's your ass and your call. But I would advise those less
rash than you that plausible deniability is a feeble reed to
lean on.

Regards,

PS And we've only been talking about common-law
jurisdictions. The scope for getting fucked over in "civil
code" or Islamic jurisdictions is even greater. A European
judge (examining/investigating magistrate) doesn't mess with
such niceties as presumption of innocence.
Frank Merlott
2010-05-20 12:06:10 UTC
Permalink
Raw Message
Post by nemo_outis
And let me tell you this from my experience: judges are not
fools! Nor are they gullible! They've seen and heard - many
times - better liars and dissemblers than you or I will ever
be. And they can bend the law like a pretzel when it suits
them to do so - especially if they think you are jerking them
around. They will fuck you over - hard! - if they think you
are being "cute" or trying to "game" them. Try your "Nyah
nyah, you can't prove I have a hidden volume" on them and see
how far you get. You will discover very fast just how
"flexible" the law can be when a judge wants to use it to fuck
you over. Your faith in Civics 101 will never be the same!
That it something I agree with, laws can bend as far as judges
want, and they do not like people trying to game the system,
you need a solid alibi, do not believe too much the "innocent
until proven guilty", because it usually is "guilty until proven
innocent".

Judges deal with lies and people with short memory every day of the week.
nemo_outis
2010-05-20 16:40:40 UTC
Permalink
Raw Message
Post by Frank Merlott
Post by nemo_outis
And let me tell you this from my experience: judges are
not fools! Nor are they gullible! They've seen and heard
- many times - better liars and dissemblers than you or I
will ever be. And they can bend the law like a pretzel
when it suits them to do so - especially if they think you
are jerking them around. They will fuck you over - hard!
- if they think you are being "cute" or trying to "game"
them. Try your "Nyah nyah, you can't prove I have a
hidden volume" on them and see how far you get. You
will discover very fast just how "flexible" the law can be
when a judge wants to use it to fuck you over. Your faith
in Civics 101 will never be the same!
That it something I agree with, laws can bend as far as
judges want, and they do not like people trying to game the
system, you need a solid alibi, do not believe too much the
"innocent until proven guilty", because it usually is
"guilty until proven innocent".
Judges deal with lies and people with short memory every
day of the week.
The conviction rate for federal criminal cases in the US is
above 95% (in Japan it's 99.97%!). And even if, by some fluke,
you do get off, it's still a sentence of bankruptcy, with your
career and marriage also likely in tatters.

Many years ago the famous murder-trial lawyer, F. Lee Bailey,
was asked how much he charged. He answered, "I charge a rich
man or a poor man exactly the same - everything he owns."

You *cannot* win if charged in the legal system - your only hope
is to minimize the catastrophe.

Regards,
thang ornithorhynchus
2010-05-20 23:39:07 UTC
Permalink
Raw Message
Post by nemo_outis
On Tue, 18 May 2010 18:57:03 GMT, "nemo_outis"
…
Post by nemo_outis
It may have been "done to death" as you say, but there are
many who have not heard about it. Just as with my reply to
the OP of this thread that a Firewire attack on keys in
memory is "old news." It's worthwhile spreading the word
even about old news.
You are probably right, but few novices stumble upon this
old NG because of its obscure provenance. Most of the
lurkers here are fairly advanced in their knowledge.
Speculative and conjectural on your part, but let that pass.
Speculative = conjectural (redundancy) but let that pass too.
Post by nemo_outis
As my response to the OP showed, I usually discuss these
matters in alt.privacy, alt.computer.security, or sci.crypt.
But since the matter arose here I pursued it here. And I have
continued to pursue it here even as it wandered far from the
original topic.
In no wise has it wandered far from the OP's link (TC).
Post by nemo_outis
...
Post by nemo_outis
To again borrow a phrase from my Dear Old Dad, "Plausible
deniability isn't worth a fart in a strong wind."
Or, as I prefer to phrase it, "Plausible deniability
isn't!"
Wrong. At the level of global terrorist, maybe, because a
combination of advanced NSA type knowledge and persuasion
would be levelled at one. However, for the majority of
users here, such adversaries are not likely. In TC, the
hidden OS residing in the sacrificial (outer) volume can
not be discerned objectively, period! It will appear as
slightly less than random characters, with no real evidence
of its existence beyond sophisticated stochastic
techniques. The hidden volume/hidden OS cannot be
discerned from the decoy OS, nor can it be discerned from a
bit by bit analysist of the HD or its clone by an
adversary. It is not there to all extents and purposes.
That is the "plausible deniability" strategem and it works.
DCPP is the other method, but the plausible deniability
argument is not nearly as sound in that case.
I don't think you quite get it - you have allowed yourself to
be dazzled by the technical details. The *mere presence* of
large quantities of random data - even without absolute proof
- will be viewed as a near certainty that encryption is being
used. And use of a crypto program that supports hidden
volumes will cause considerable credibility to be attached to
the likely use of that feature. Overwhelmingly so if other
circumstances (e.g., why you are being investigated in the
first place) are consonant with this.
Good lord. Do you believe in rule of law? Rules of evidence? Here
in Australia, if the encryption cannot be cracked, there is no
evidence, therefore there is no case. For instance:

http://www.tomsguide.com/us/PC-Camera-Encryption-Video-Peephole,news-4910.html

Of particular interest to me, and it should also interest you, are the
comments on Truecrypt, especially the following:

"If you're savvy enough to encrypt your harddrive, then I suspect a
criminal in the UK would simply use Truecrypt's hidden encrypted
volume feature. That way, he could give the police one key, after
putting on a good show of refusing to comply, and they would still
have nothing to charge him with.

In the U.S., they are still debating the legality of trying to force
someone to give up an encryption passphrase. The 5th Amendment of our
Constitution provides, among other things, protection against
self-incrimination. Defense attorneys have taken the position that the
contents of someones own mind, to include encryption passphrases, are
thus protected. While I hate to see criminals get away with things.
From a privacy standpoint, I believe this is a correct interpretation
of the law."

My point *exactly*.
Post by nemo_outis
Sure you can deny it, sure you can scream "You can't
absolutely prove it!" but that may cut very little ice.
Many a man has been hanged for murder even though the body of
the victim was never found.
Rubbish. Perhaps in the 1800's, but this is the third millenium...as
the story above shows, the courts need evidence. TC's hidden OS is
indiscernible even on bit by bit inspection. Only the Evil Maid
attack, freezing the RAM, camera in roof vent etc etc works.
Post by nemo_outis
…
You don't need to walk me through these basic legal
concepts, I understand them completely (BTW, the last term
is simply "reasonable doubt", the burden of evidence is
"beyond a reasonable doubt"). How does plausible
deniability fail either of the *two* relevant legal
concepts (reasonable suspicion and probable cause don't
exist in law outside of the US, and I'm not sure they are
statutory concepts even there). Balance of probabilities
is only used, or applied, in civil litigation, never in
criminal litigation. Reasonable doubt is only applied in
criminal litigation, never civil litigation. The existence
of a hidden volume, and its hidden OS, cannot, I repeat,
cannot be even inferred, let alone proven, from examination
of a HD. Not even at the civil level of proof, on the
balance of probabilities. Perhaps stochastic processes
(regression, chi-squared, etc) can be used to demonstrate
that the bits on the outer volume behind any data on that
volume are less than random, but so what? There is no way
to prove its existence from headers, or either of the decoy
or the outer volume. Period.
Here too your knowledge is shallower than you think.
No its not. I am degreed with practical background in law, briefed
Counsel many times etc etc. Might be rusty, but not shallow.
Post by nemo_outis
For instance, the term of art for the required standard for
convicting (NOT "evidence" as you incorrectly state) in
criminal matters in most common-law jurisdictions IS INDEED
"beyond reasonable doubt" although there is considerable
jurisdictional variation in how this concept is communicated
to a jury (In England, for instance, NO reference to
reasonable doubt is usually made as a result of a recent
Appeal Court decision).
Second, the standards of "reasonable suspicion" and "probable
cause" are widely used OUTSIDE the US in MANY common-law
jurisdictions. I can, for instance, cite cases from the
Canadian Supreme Court addressing these exact topics.
Not here in Australia they ain't, sport. And we are common law to the
marrow of our bones. Again, refer to the link I posted above. No
mention of these mealy mouthed words, just a lack of evidence because
the coppers couldn't crack the encryption. And that was encrypted
containers or just files, let alone invisible, indiscernible hidden TC
volumes!
Post by nemo_outis
As for civil matters, yes, the standard in many common-law
jurisdictions is "balance of probabilities" or "preponderance
of evidence." But what you may not fully realize is how often
criminal and civil cases are conjoined. For instance, it is
very common in copyright matters to bring both criminal *and
civil* processes, with the civil case frequently being won
even though the criminal case wasn't. (The most famous example
of the criminal/civil duality is, of course, the O J Simpson
matter.)
This happens infrequently, when for instance a person is clearly
guilty of an indictable offence which cannot be proven beyond
reasonable doubt due to incompetence, for instance, or tampering with
evidence (per OJ). It is infrequent because in most such cases, there
is no party to undertake the civil action (at the lower burden of
proof) or that party is unwilling to do so. It is an extremely
infrequent occurrence here in Australia.
Post by nemo_outis
But there is a bigger problem with encryption in civil
matters. In civil matters there is generally some form of
disclosure or discovery procedure. If one of the litigants
fails to be *fully forthcoming* or appears (in the estimation
of the judge for which he has very wide discretion) to be
evasive, furtive, or unresponsive (not a question of what the
discloser *must* do but what he *should* do) then the case
will be automatically be decided against him! I've seen this
happen in cases in which I've participated. I'll be happy to
quote the legal principle in Latin if you think that would
help :-)
I just love pompousness in all its forms, because the pompous fool has
so far to fall (and fall they do!). Firstly, if there is a necessity,
perceived or otherwise, for OTFE at the sophisticated level of decoy,
outer and hidden volume, then we are most decidedly not talking about
civil action are we? Why? Because simple encryption of files will
suffice for whatever is potentially litigible at the lower level of
proof (balance of probabilities) because the person bringing the suit
will not have the full force of government on side. Civil action is
generally one private person against another. No NSA, no police and
so on. TC would only be used for instance by persons in fear of
powerful adversaries who still need observe the rule of law, such as
federal police forces, security organisations (such as NSA, CIA, our
ASIO, etc) and so on.

So, as we are not discussing TC and its complexities in the context of
civil litigation, there is no need to quote your principle in a dead
language to me.

The point you made is only relevant on the very low burden of proof so
is not relevant to this discussion of TC (again, because there is no
need to use the hidden volume/hidden OS for simple, run of the mill
civil lawsuits).
Post by nemo_outis
Now I could point out that I've been speaking broadly of
common-law principles, but in most jurisdictions these have
generally (but not totally) been supplanted by statutory
equivalents. The statutory equivalents usually are more or
less "equivalent" but they do sometimes introduce new
"wrinkles" - in extreme cases they can, for instance, entirely
reverse the burden of proof, as with the UK RIP law.
Here is the RIPA in action several months ago:

http://www.theregister.co.uk/2009/11/24/ripa_jfl/page2.html

Notice at the top of the page:

"Police then warned him they would seek a section 49 notice under
RIPA Part III, which gives a suspect a time limit to supply encryption
keys or make target data intelligible. Failure to comply is an offence
under section 53 of the same Part of the Act and carries a sentence of
up to two years imprisonment, and up to five years imprisonment in an
investigation concerning national security."

Some points. Firstly, his encrypted files were just that, files. They
were not hidden, they were obvious. Secondly, where is the reversal
of the burden of proof? They asked for the keys, he didn't provide
them, he was jailed. The law says he must provide key, and he didn't
do it. If he had had a hidden TC volume, and given up the decoy
passphrase, he would have complied with the RIPA requirement and not
have gone to jail. This, by the way, was an indictable offence, not a
civil misdemeanour.
Post by nemo_outis
I can also point out that there are other legal (and quasi-
legal) processes beyond civil and criminal matters, such as
regulatory and administrative ones. The classic example here
is customs where they can, in practice, do whatever the fuck
they want without even meeting the minimum standard of
"reasonable suspicion."
Bullshit. Here in Australia Customs has started peering into laptops,
phones etc on the basis of stopping the importation of illegal porn.
There is the usual outcry by people who don't understand that such
stuff has always been illegal and specifically, a banned import.
Customs could always have peered into laptops, but is doing so now by
adding an extra box on the on-board questionnaire. Thus, this is
quite the opposite of what you assert.

http://www.abc.net.au/news/stories/2010/05/21/2905424.htm
Post by nemo_outis
I've been an expert witness 11 times (and I have two more
cases coming up this fall). IANAL but I've been prepared by
the best lawyers and familiarized with most of this lest I
trip over my feet on the stand. My oral testimony and written
reports have been Frye-ed and Daubert-ed to a fare-thee-well
to make sure they comply with the standards of evidence. I'm
very familiar with this stuff.
I assume you mean an expert witness regarding computer encryption? If
so, I can't understand why you cannot grasp the fundamentals of a
legal system as it integrates with strong, deniable encryption such as
what TC offers. Why do you go down the path of virtual machines and
the like, when TC offers all that and more? As an encryption expert,
can you point to one case involving TC where the hidden volume has
been discovered? I am aware of those cases where PGP was used and so
on, where the Court has ordered passwords to be disclosed, but never,
not once, where forensics has discovered evidence of a heretofore
unknown and undisclosed hidden volume. Just give me one instance, and
I will come over to your side of the argument (unlike some people, I
am here for information and to learn, so I remain open minded and open
to evidence).
Post by nemo_outis
And let me tell you this from my experience: judges are not
fools! Nor are they gullible! They've seen and heard - many
times - better liars and dissemblers than you or I will ever
be. And they can bend the law like a pretzel when it suits
them to do so - especially if they think you are jerking them
around. They will fuck you over - hard! - if they think you
are being "cute" or trying to "game" them. Try your "Nyah
nyah, you can't prove I have a hidden volume" on them and see
how far you get. You will discover very fast just how
"flexible" the law can be when a judge wants to use it to fuck
you over. Your faith in Civics 101 will never be the same!
So Judges can bend the law as they like, where there is a hidden
volume? Like this?

http://www.goldcoast.com.au/article/2009/10/20/149835_gold-coast-news.html

Note the comment "He said no images were found because the defendant's
computer was so encrypted the police were unable to get in."

In this case, there was clear evidence of OTFE, perhaps even a hidden
volume (but they didn't get that far) - and other circumstancial
evidence. Also, the Judge and the police have this at their disposal:

CYBERCRIME ACT 2001
(http://www.austlii.edu.au/au/legis/cth/consol_act/ca2001112/sch1.html)


In respect of forcing a person to give up passwords, the statute
states in part: "The magistrate may grant the order if the magistrate
is satisfied that: (a) there are reasonable grounds for suspecting
that evidential material is held in, or is accessible from, the
computer"

Now, this requires "reasonable grounds" to suspect the presence of a
hidden volume, containing evidential material, after the password for
the decoy, and the password for the outer volume on the second
partition, have been surrendered. How, pray tell, would such evidence
constituting "reasonable grounds" be obtained, even with a full
forensic search of the entire HD? Answer: the hidden volume is
totally undetectable, period. Therefore the magistrate or judge
cannot bend the rules because there is no reasonable suspicion and his
judgement would be reversed on appeal. A reversal on appeal is not a
good look for a judge or magistrate.
Post by nemo_outis
It's your ass and your call. But I would advise those less
rash than you that plausible deniability is a feeble reed to
lean on.
Don't call me rash fella. I'm not the one showing my total lack of
knowledge of sophisticated encryption systems in a dedicated, esoteric
newsgroup. Why don't you take your "feeble reed to lean on" over the
Truecrypt Forums and see what sort of treatment you get there.
Post by nemo_outis
Regards,
PS And we've only been talking about common-law
jurisdictions. The scope for getting fucked over in "civil
code" or Islamic jurisdictions is even greater. A European
judge (examining/investigating magistrate) doesn't mess with
such niceties as presumption of innocence.
More crap.

regards

thang
nemo_outis
2010-05-21 01:21:08 UTC
Permalink
Raw Message
thang ornithorhynchus <***@spitzola.com.org.net> wrote in news:***@4ax.com:

As I said earlier, I know that I have no prospect of
convincing a true believer like you that plausible deniability
is next to worthless. I can only hope my cautions will be
taken to heart by those less rash and more prudent than you.

If it were just you, I would simply drop the matter and merely
repeat my earlier point of, "Your ass, your call." After all:
"Never try to teach a pig to sing; it wastes your time and it
annoys the pig.”

But you may mislead others with your zealotry and so I post to
warn them.

But that does not mean that I will continue to answer endless
objections which are mere repetitions and elaboration of
points you made earlier. As a judge will say to a lawyer who
adopts such a lame approach, "Asked and answered, counsellor -
move on."

"Plausible deniability" is a marketing ploy by encryption
vendors, not a realistic strategy for personal security.

…
Post by thang ornithorhynchus
Post by nemo_outis
Speculative and conjectural on your part, but let that
pass.
Speculative = conjectural (redundancy) but let that pass
too.
A silly and stupid objection on your part.

And, no, silly and stupid are no more synonymous than
speculative and conjectural are. English has more subtlety
and range than you appreciate.
Post by thang ornithorhynchus
Post by nemo_outis
As my response to the OP showed, I usually discuss these
matters in alt.privacy, alt.computer.security, or
sci.crypt. But since the matter arose here I pursued it
here. And I have continued to pursue it here even as it
wandered far from the original topic.
In no wise has it wandered far from the OP's link (TC).
Whether plausible deniability will fly has sweet fuck all to
do with firewire attacks on RAM.

Truecrypt is also susceptible to video observation of password
entry but that wouldn't mean discussion of "Avatar" was on the
same topic.

…
Post by thang ornithorhynchus
Post by nemo_outis
I don't think you quite get it - you have allowed yourself
to be dazzled by the technical details. The *mere
presence* of large quantities of random data - even without
absolute proof - will be viewed as a near certainty that
encryption is being used. And use of a crypto program that
supports hidden volumes will cause considerable credibility
to be attached to the likely use of that feature.
Overwhelmingly so if other circumstances (e.g., why you are
being investigated in the first place) are consonant with
this.
Good lord. Do you believe in rule of law? Rules of
evidence? Here in Australia, if the encryption cannot be
cracked, there is no evidence, therefore there is no case.
http://www.tomsguide.com/us/PC-Camera-Encryption-Video-Peeph
ole,news-4910.html
You should learn to read for comprehension:

1) This case has *absolutely nothing* to do with plausible
deniability - the encryption was of the plain ordinary kind.

2) The fellow was *convicted* and jailed.
Post by thang ornithorhynchus
Of particular interest to me, and it should also interest
you, are the comments on Truecrypt, especially the
"If you're savvy enough to encrypt your harddrive, then I
suspect a criminal in the UK would simply use Truecrypt's
hidden encrypted volume feature. That way, he could give
the police one key, after putting on a good show of
refusing to comply, and they would still have nothing to
charge him with.
In the U.S., they are still debating the legality of trying
to force someone to give up an encryption passphrase. The
5th Amendment of our Constitution provides, among other
things, protection against self-incrimination. Defense
attorneys have taken the position that the contents of
someones own mind, to include encryption passphrases, are
thus protected. While I hate to see criminals get away with
things. From a privacy standpoint, I believe this is a
correct interpretation of the law."
My point *exactly*.
And I think that "waxdart," like you, is misinformed and
wildly speculating.

FWIW I can ostensibly **fully decrypt** A truecrypt container
- absolutely 100% - as I've recently posted in sci.crypt. and
yet still not have revealed the secret contents!

And that method too - although it works *perfectly* and goes
*far beyond* mere plausible deniability - is, like plausible
deniability, mostly just an interesting but worthless
curiosity.
Post by thang ornithorhynchus
Post by nemo_outis
Sure you can deny it, sure you can scream "You can't
absolutely prove it!" but that may cut very little ice.
Many a man has been hanged for murder even though the body
of the victim was never found.
Rubbish. Perhaps in the 1800's, but this is the third
millenium...as the story above shows, the courts need
evidence. TC's hidden OS is indiscernible even on bit by
bit inspection. Only the Evil Maid attack, freezing the
RAM, camera in roof vent etc etc works.
You continue to think that "absolute proof" is necessary.
Good for you.

In fact, I'm so confident in your position that I'd bet *your*
ass on it!


…
Post by thang ornithorhynchus
No its not. I am degreed with practical background in law,
briefed Counsel many times etc etc. Might be rusty, but
not shallow.
You're the fellow who said that "reasonable suspicion" and
"probable cause" only applied in the US. You're not just a
little rusty - corrosion has destroyed all the metal!
Post by thang ornithorhynchus
Post by nemo_outis
Second, the standards of "reasonable suspicion" and
"probable cause" are widely used OUTSIDE the US in MANY
common-law jurisdictions. I can, for instance, cite cases
from the Canadian Supreme Court addressing these exact
topics.
Not here in Australia they ain't, sport. And we are common
law to the marrow of our bones. Again, refer to the link I
posted above. No mention of these mealy mouthed words,
just a lack of evidence because the coppers couldn't crack
the encryption. And that was encrypted containers or just
files, let alone invisible, indiscernible hidden TC
volumes!
I think you know as much about law, including Australian law,
as, again in the words of my Dear old Dad, "my arse does about
shootin' peas."

You cited a case that has absolutely nothing to do with
plausible deniability, a case in which the defendant was
convicted, and yet you think it's somehow supportive of your
position.
Post by thang ornithorhynchus
Post by nemo_outis
As for civil matters, yes, the standard in many common-law
jurisdictions is "balance of probabilities" or
"preponderance of evidence." But what you may not fully
realize is how often criminal and civil cases are
conjoined. For instance, it is very common in copyright
matters to bring both criminal *and civil* processes, with
the civil case frequently being won even though the
criminal case wasn't. (The most famous example of the
criminal/civil duality is, of course, the O J Simpson
matter.)
This happens infrequently, when for instance a person is
clearly guilty of an indictable offence which cannot be
proven beyond reasonable doubt due to incompetence, for
instance, or tampering with evidence (per OJ). It is
infrequent because in most such cases, there is no party to
undertake the civil action (at the lower burden of proof)
or that party is unwilling to do so. It is an extremely
infrequent occurrence here in Australia.
Oh dear. "Clearly guilty of an indictable offence which
cannot be proven" And this from the fellow who professes to
trust in the legal system. It is to laugh!

As for your knowledge of the frequency of such civil cases in
Australia, let me repeat my father's "peas" remark above.
Post by thang ornithorhynchus
Post by nemo_outis
Post by nemo_outis
But there is a bigger problem with encryption in civil
matters. In civil matters there is generally some form of
disclosure or discovery procedure. If one of the litigants
fails to be *fully forthcoming* or appears (in the
estimation of the judge for which he has very wide
discretion) to be evasive, furtive, or unresponsive (not a
question of what the discloser *must* do but what he
*should* do) then the case will be automatically be decided
against him! I've seen this happen in cases in which I've
participated. I'll be happy to quote the legal principle
in Latin if you think that would help :-)
I just love pompousness in all its forms, because the
pompous fool has so far to fall (and fall they do!).
Firstly, if there is a necessity, perceived or otherwise,
for OTFE at the sophisticated level of decoy, outer and
hidden volume, then we are most decidedly not talking about
civil action are we? Why? Because simple encryption of
files will suffice for whatever is potentially litigible at
the lower level of proof (balance of probabilities) because
the person bringing the suit will not have the full force
of government on side. Civil action is generally one
private person against another. No NSA, no police and so
on. TC would only be used for instance by persons in fear
of powerful adversaries who still need observe the rule of
law, such as federal police forces, security organisations
(such as NSA, CIA, our ASIO, etc) and so on.
No! I suggest you reread what I wrote. (I'd type slower but
I doubt that would help you)
Post by thang ornithorhynchus
So, as we are not discussing TC and its complexities in the
context of civil litigation, there is no need to quote your
principle in a dead language to me.
The point you made is only relevant on the very low burden
of proof so is not relevant to this discussion of TC
(again, because there is no need to use the hidden
volume/hidden OS for simple, run of the mill civil
lawsuits).
I believe civil suits are very relevant. Dismiss them as
cavalierly as you do all else. As I said before: It's your
ass.
Post by thang ornithorhynchus
http://www.theregister.co.uk/2009/11/24/ripa_jfl/page2.html
"Police then warned him they would seek a section 49
notice under
RIPA Part III, which gives a suspect a time limit to supply
encryption keys or make target data intelligible. Failure
to comply is an offence under section 53 of the same Part
of the Act and carries a sentence of up to two years
imprisonment, and up to five years imprisonment in an
investigation concerning national security."
Some points. Firstly, his encrypted files were just that,
files. They were not hidden, they were obvious. Secondly,
where is the reversal of the burden of proof? They asked
for the keys, he didn't provide them, he was jailed. The
law says he must provide key, and he didn't do it. If he
had had a hidden TC volume, and given up the decoy
passphrase, he would have complied with the RIPA
requirement and not have gone to jail. This, by the way,
was an indictable offence, not a civil misdemeanour.
Once again you idiotically cite cases which destroy rather
than support your position:

1) The case had absolutely nothing to do with plausible
deniability but rather with plain old vanilla encryption

2) The fellow, despite it being the first case of its kind,
despite the fellow being a raving loonie, and despite the
judge cutting him the slack of not considering him a threat to
national security, **WAS CONVICTED AND JAILED!**
Post by thang ornithorhynchus
Post by nemo_outis
I can also point out that there are other legal (and quasi-
legal) processes beyond civil and criminal matters, such as
regulatory and administrative ones. The classic example
here is customs where they can, in practice, do whatever
the fuck they want without even meeting the minimum
standard of "reasonable suspicion."
Bullshit. Here in Australia Customs has started peering
into laptops, phones etc on the basis of stopping the
importation of illegal porn. There is the usual outcry by
people who don't understand that such stuff has always been
illegal and specifically, a banned import. Customs could
always have peered into laptops, but is doing so now by
adding an extra box on the on-board questionnaire. Thus,
this is quite the opposite of what you assert.
http://www.abc.net.au/news/stories/2010/05/21/2905424.htm
1) Do you not understand that customs, including Australian
customs, can look into laptops etc. at their entire whim and
discretion - JUST AS I SAID

2) Do you not understand that the requirement to declare
pornography is yet another layer of "piling on" that can be
used to arbitrarily crucify you if the government so wishes?

3) Do you not understand that this has *absolutely nothing*
to do with plausible deniability?

4) Do you not understand that this is yet another proof that
government and law is arbitrary and uncontrolled, an exercise
in naked raw coercive power, and that any public good is mere
lip service?

And yet you believe in the rule of law. Well, good for you.
It takes real stick-to-it-ive-ness to continue to believe in
the face of mountains of evidence to the contrary.

I've made my points for those with wit enough to understand.
You, of course, may continue to believe whatever you wish.

...

But, just as Cato used to end all his speeches with "Carthago
delenda est" I will again remind more open-minded readers that
"Plausible deniability isn't!" Trust in it at your peril.

Regards.
thang ornithorhynchus
2010-05-21 03:13:56 UTC
Permalink
Raw Message
Post by nemo_outis
As I said earlier, I know that I have no prospect of
convincing a true believer like you that plausible deniability
is next to worthless. I can only hope my cautions will be
taken to heart by those less rash and more prudent than you.
If you stopped pontificating you might understand that there is no
need to try to convince me thus, because, my haughty friend, you are
wrong. In other words, why don't you try getting off your high horse
and listen?
Post by nemo_outis
If it were just you, I would simply drop the matter and merely
"Never try to teach a pig to sing; it wastes your time and it
annoys the pig.”
Ah, we have a similar saying, "Don't put perfume on a pigs ear". In
your case, it still smells like pig.
Post by nemo_outis
But you may mislead others with your zealotry and so I post to
warn them.
A zealot? As I said in the last post, go to Truecrypt forums where
much more knowledgable people than you, and I for that matter, will
tear you to shreds in a much quicker and more complete manner than I.
For those who are following this, I do insist you go to Truecrypt
forums (google) and read some of the information there. It still
won't be too simple to set up your two partitions, especially getting
the sizes right, but you will see just how superior an encryption
package TC is. Whatever you do, don't listen to this guy, he is
probably arrayed with some three letter agency in the US whose design
is to scare the less initiated off from useing TC, which is
impenetrable.
Post by nemo_outis
But that does not mean that I will continue to answer endless
objections which are mere repetitions and elaboration of
points you made earlier. As a judge will say to a lawyer who
adopts such a lame approach, "Asked and answered, counsellor -
move on."
And you are a judge now, my salubrious friend? Let my scalpel now
dissect your ruminations, deceptive though they be.
Post by nemo_outis
"Plausible deniability" is a marketing ploy by encryption
vendors, not a realistic strategy for personal security.
The term has been around since the mid-80's and is a realistic
strategy for personal security. As I said, TC is used all over the
world, point out one example of a hidden volume being identified to
the satisfaction of any court in any country. Just one example.
Post by nemo_outis
…
Post by thang ornithorhynchus
Post by nemo_outis
Speculative and conjectural on your part, but let that
pass.
Speculative = conjectural (redundancy) but let that pass
too.
A silly and stupid objection on your part.
And, no, silly and stupid are no more synonymous than
speculative and conjectural are. English has more subtlety
and range than you appreciate.
Oh, I can see that you are trying to be articulate, but you are only
succeeding in being verbose. English, when properly used and applied,
can actually be an elegant language - something which will probably
escape *your* appreciation for the forseeable future. By the way, my
silly and stupid objection on my part was in response to your
startlingly obtuse usage of HM's english.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
As my response to the OP showed, I usually discuss these
matters in alt.privacy, alt.computer.security, or
sci.crypt. But since the matter arose here I pursued it
here. And I have continued to pursue it here even as it
wandered far from the original topic.
In no wise has it wandered far from the OP's link (TC).
Whether plausible deniability will fly has sweet fuck all to
do with firewire attacks on RAM.
You are a prickly old fart, ain'tcha? Here was my polite response to
your first response to the OP (third post on this thread).

"This is true, the "attack" is simply picking the password out of
memory. The best method to avoid this is to disable firewire
(IEEE-1394) in BIOS rather than in the OS, which is equivalent to but
preferable to disconnecting the port on the mainboard. This is
because to reset BIOS the adversary needs to reboot the OS thereby
wiping memory.

So far, at least until the advent of practical quantum computing, TC
is unassailable on an unbooted PC."

You, mr seat-of-all-knowledge, then went on to try to destroy my
statement that TC was unassailable on an unbooted PC. That pompous
meandering by *you* resulted in where we are now, namely, you trying
to salvage your reputation as some sort of oracle of encryption.
Post by nemo_outis
Truecrypt is also susceptible to video observation of password
entry but that wouldn't mean discussion of "Avatar" was on the
same topic.
…
Post by thang ornithorhynchus
Post by nemo_outis
I don't think you quite get it - you have allowed yourself
to be dazzled by the technical details. The *mere
presence* of large quantities of random data - even without
absolute proof - will be viewed as a near certainty that
encryption is being used. And use of a crypto program that
supports hidden volumes will cause considerable credibility
to be attached to the likely use of that feature.
Overwhelmingly so if other circumstances (e.g., why you are
being investigated in the first place) are consonant with
this.
Good lord. Do you believe in rule of law? Rules of
evidence? Here in Australia, if the encryption cannot be
cracked, there is no evidence, therefore there is no case.
http://www.tomsguide.com/us/PC-Camera-Encryption-Video-Peeph
ole,news-4910.html
1) This case has *absolutely nothing* to do with plausible
deniability - the encryption was of the plain ordinary kind.
It was the closest possible thing, which was OTFE (whole disk
encryption, the police couldn't get into the OS). Using your
reasoning, which is the use of one implies the use of the other (the
other being a hidden volume), aren't the odds in favour of their being
also a hidden volume? Seems to me that encryption works, and they
didn't even get to the stage where they could determine the existence,
or non-existence, of a hidden volume.
Post by nemo_outis
2) The fellow was *convicted* and jailed.
Here is the link again, it got truncated for some reason:

http://www.tomsguide.com/us/PC-Camera-Encryption-Video-Peephole,news-4910.html

From this, if you read for comprehension, you will see he served time
in lockup on remand (ie *before* he was convicted) then he was put on
probation - *not* jailed!

Also, he was not convicted of the original allegations, which if the
police had been able to crack the encryption, he would have been.
Post by nemo_outis
Post by thang ornithorhynchus
Of particular interest to me, and it should also interest
you, are the comments on Truecrypt, especially the
"If you're savvy enough to encrypt your harddrive, then I
suspect a criminal in the UK would simply use Truecrypt's
hidden encrypted volume feature. That way, he could give
the police one key, after putting on a good show of
refusing to comply, and they would still have nothing to
charge him with.
In the U.S., they are still debating the legality of trying
to force someone to give up an encryption passphrase. The
5th Amendment of our Constitution provides, among other
things, protection against self-incrimination. Defense
attorneys have taken the position that the contents of
someones own mind, to include encryption passphrases, are
thus protected. While I hate to see criminals get away with
things. From a privacy standpoint, I believe this is a
correct interpretation of the law."
My point *exactly*.
And I think that "waxdart," like you, is misinformed and
wildly speculating.
Sure, and many many more where he and I come from. The odds are
against you being right, and I should know, I'm an actuary
(mathematical statistician).
Post by nemo_outis
FWIW I can ostensibly **fully decrypt** A truecrypt container
- absolutely 100% - as I've recently posted in sci.crypt. and
yet still not have revealed the secret contents!
And that method too - although it works *perfectly* and goes
*far beyond* mere plausible deniability - is, like plausible
deniability, mostly just an interesting but worthless
curiosity.
You are again, *not* reading for comprehension. Regardless of your
claims, I am talking about VOLUMES, not containers. I am specifically
talking about firstly finding the damn volume, when it is buried
within a second, adjacent partition. The secret, and please read this
and read this again, is that the hidden volume cannot be, under any
circumstances, found. So, you hand your passphrase over to TLA for
the decoy OS (encrypted of course), and they say, well there is a
second partition here, we suspect that is TC as well, and you put up a
fuss etc, but then hand over the second passphrase for the outer
volume on the second partition. Yet, there is a third passphrase, for
the hidden volume on the second partition, which cannot be identified.
I think that after handing over two passphrases, no judge on earth is
going to believe (reasonably believe, in Australian law - the
Cybercrime Act 2001 as amended) that there is a third passphrase to be
handed over, for something unidentifiable.

See, your problem is that you haven't, and can't, tell me or your
audience how to identify that there is indeed a hidden volume on the
second partition. That's my challenge to you. If you can tell me
how, technically, the hidden volume can be identified, either from the
headers, the nature of the bits on the volume, or whatever, then you
will have converted me. You won't do it though, because it can't be
done.

And, unlike you, I don't have an agenda, so I am truly open minded to
proper discourse and argument.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
Sure you can deny it, sure you can scream "You can't
absolutely prove it!" but that may cut very little ice.
Many a man has been hanged for murder even though the body
of the victim was never found.
Rubbish. Perhaps in the 1800's, but this is the third
millenium...as the story above shows, the courts need
evidence. TC's hidden OS is indiscernible even on bit by
bit inspection. Only the Evil Maid attack, freezing the
RAM, camera in roof vent etc etc works.
You continue to think that "absolute proof" is necessary.
Good for you.
In fact, I'm so confident in your position that I'd bet *your*
ass on it!
Wrong again. I didn't mention absolute proof, and I don't even know
what you are talking about here. That term does not exist in law. I
was talking about the evidence in the citation provided by me.
Post by nemo_outis
…
Post by thang ornithorhynchus
No its not. I am degreed with practical background in law,
briefed Counsel many times etc etc. Might be rusty, but
not shallow.
You're the fellow who said that "reasonable suspicion" and
"probable cause" only applied in the US. You're not just a
little rusty - corrosion has destroyed all the metal!
I have never pretended to practice or to apply law in any other
country than Australia. You are practicing the black art of double
speak.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
Second, the standards of "reasonable suspicion" and
"probable cause" are widely used OUTSIDE the US in MANY
common-law jurisdictions. I can, for instance, cite cases
from the Canadian Supreme Court addressing these exact
topics.
Not here in Australia they ain't, sport. And we are common
law to the marrow of our bones. Again, refer to the link I
posted above. No mention of these mealy mouthed words,
just a lack of evidence because the coppers couldn't crack
the encryption. And that was encrypted containers or just
files, let alone invisible, indiscernible hidden TC
volumes!
I think you know as much about law, including Australian law,
as, again in the words of my Dear old Dad, "my arse does about
shootin' peas."
You'd be surprised what I know about law, but what you know about law
wouldn't surprise me in the least.
Post by nemo_outis
You cited a case that has absolutely nothing to do with
plausible deniability, a case in which the defendant was
convicted, and yet you think it's somehow supportive of your
position.
Hang on buster, didn't you say above he was also jailed? Which he
wasn't. You are exhausting my patience - once again, I was discussing
the fact that this fellow had a fully encrypted OS, they couldn't even
get into his HD, and he was not convicted on the original charges
because they couldn't decrypt the alleged evidence (videos etc). He
was convicted on lesser charged, and not even jailed - given
probation. This shows how impregnable a hidden volume is, because
they couldn't even get past the first layer of encryption, what TC
describes as the "decoy os". Therefore it not only works, it works
under pressure. More so than your ridiculous virtual machines and so
on.

If you can, I suggest you try and set up for your own trial the unholy
trio, decoy, outer and hidden volumes/os. You will see what a fine
system it is. If you need help with the mathematical aspects (size
balancing because of the journalling by NTFS), just yell and I'll drop
everything a help you out.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
As for civil matters, yes, the standard in many common-law
jurisdictions is "balance of probabilities" or
"preponderance of evidence." But what you may not fully
realize is how often criminal and civil cases are
conjoined. For instance, it is very common in copyright
matters to bring both criminal *and civil* processes, with
the civil case frequently being won even though the
criminal case wasn't. (The most famous example of the
criminal/civil duality is, of course, the O J Simpson
matter.)
This happens infrequently, when for instance a person is
clearly guilty of an indictable offence which cannot be
proven beyond reasonable doubt due to incompetence, for
instance, or tampering with evidence (per OJ). It is
infrequent because in most such cases, there is no party to
undertake the civil action (at the lower burden of proof)
or that party is unwilling to do so. It is an extremely
infrequent occurrence here in Australia.
Oh dear. "Clearly guilty of an indictable offence which
cannot be proven" And this from the fellow who professes to
trust in the legal system. It is to laugh!
Silly man. Surely you can intuit what I mean, which is that OJ was as
guilty as hell, but due to evidence tampering, they couldn't convict
him (the detective, I can't remember his name, but he tainted the
entire prosecution case). It couldn't be proven at all, but he was
clearly guilty, as most of your colleagues in the US would agree.
Post by nemo_outis
As for your knowledge of the frequency of such civil cases in
Australia, let me repeat my father's "peas" remark above.
Please don't. Try to restrain yourself.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
Post by nemo_outis
But there is a bigger problem with encryption in civil
matters. In civil matters there is generally some form of
disclosure or discovery procedure. If one of the litigants
fails to be *fully forthcoming* or appears (in the
estimation of the judge for which he has very wide
discretion) to be evasive, furtive, or unresponsive (not a
question of what the discloser *must* do but what he
*should* do) then the case will be automatically be decided
against him! I've seen this happen in cases in which I've
participated. I'll be happy to quote the legal principle
in Latin if you think that would help :-)
I just love pompousness in all its forms, because the
pompous fool has so far to fall (and fall they do!).
Firstly, if there is a necessity, perceived or otherwise,
for OTFE at the sophisticated level of decoy, outer and
hidden volume, then we are most decidedly not talking about
civil action are we? Why? Because simple encryption of
files will suffice for whatever is potentially litigible at
the lower level of proof (balance of probabilities) because
the person bringing the suit will not have the full force
of government on side. Civil action is generally one
private person against another. No NSA, no police and so
on. TC would only be used for instance by persons in fear
of powerful adversaries who still need observe the rule of
law, such as federal police forces, security organisations
(such as NSA, CIA, our ASIO, etc) and so on.
No! I suggest you reread what I wrote. (I'd type slower but
I doubt that would help you)
Now you *are* being silly. Yet, you seem to agree with my remarks
about pomposity.
Post by nemo_outis
Post by thang ornithorhynchus
So, as we are not discussing TC and its complexities in the
context of civil litigation, there is no need to quote your
principle in a dead language to me.
The point you made is only relevant on the very low burden
of proof so is not relevant to this discussion of TC
(again, because there is no need to use the hidden
volume/hidden OS for simple, run of the mill civil
lawsuits).
I believe civil suits are very relevant. Dismiss them as
cavalierly as you do all else. As I said before: It's your
ass.
Why do you believe in the context of double or triple layered
encryption that civil litigation is apt? No indictments, no TLA or
LEA, resources generally limited to less than state coffers, etc etc.
Copyright? Its a crime, not civil. Naughty videos of the neighbours
wife? Its a crime, not civil. Give me an example, explicitly please,
of civil litigation where triple layered encryption might be involved.
Post by nemo_outis
Post by thang ornithorhynchus
http://www.theregister.co.uk/2009/11/24/ripa_jfl/page2.html
"Police then warned him they would seek a section 49
notice under
RIPA Part III, which gives a suspect a time limit to supply
encryption keys or make target data intelligible. Failure
to comply is an offence under section 53 of the same Part
of the Act and carries a sentence of up to two years
imprisonment, and up to five years imprisonment in an
investigation concerning national security."
Some points. Firstly, his encrypted files were just that,
files. They were not hidden, they were obvious. Secondly,
where is the reversal of the burden of proof? They asked
for the keys, he didn't provide them, he was jailed. The
law says he must provide key, and he didn't do it. If he
had had a hidden TC volume, and given up the decoy
passphrase, he would have complied with the RIPA
requirement and not have gone to jail. This, by the way,
was an indictable offence, not a civil misdemeanour.
Once again you idiotically cite cases which destroy rather
1) The case had absolutely nothing to do with plausible
deniability but rather with plain old vanilla encryption
You are citing me out of context. I know it was containers, files
encrypted with vanilla flavour, but that wasn't my point. Here is the
Post by nemo_outis
Now I could point out that I've been speaking broadly of
common-law principles, but in most jurisdictions these have
generally (but not totally) been supplanted by statutory
equivalents. The statutory equivalents usually are more or
less "equivalent" but they do sometimes introduce new
"wrinkles" - in extreme cases they can, for instance, entirely
reverse the burden of proof, as with the UK RIP law.
My response was to your statement that RIPA reverses the burden of
proof. I clearly showed with this citation that (a) the RIPA was
applied; and (b) there was no indication anywhere that the RIPA
"reversed the burden of proof" as you asserted.

Why did you snip this out?
Post by nemo_outis
2) The fellow, despite it being the first case of its kind,
despite the fellow being a raving loonie, and despite the
judge cutting him the slack of not considering him a threat to
national security, **WAS CONVICTED AND JAILED!**
So what? My point was that there was no reversal of the burden of
proof, as you asserted. You selectively snipped out your comment, to
which I was responding. Simply, plain encryption was discovered and
identified, he was required by law and in due process to hand over the
password, he didn't, and he was jailed. No reversal of the burden of
proof, so you are wrong (again).
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
I can also point out that there are other legal (and quasi-
legal) processes beyond civil and criminal matters, such as
regulatory and administrative ones. The classic example
here is customs where they can, in practice, do whatever
the fuck they want without even meeting the minimum
standard of "reasonable suspicion."
Bullshit. Here in Australia Customs has started peering
into laptops, phones etc on the basis of stopping the
importation of illegal porn. There is the usual outcry by
people who don't understand that such stuff has always been
illegal and specifically, a banned import. Customs could
always have peered into laptops, but is doing so now by
adding an extra box on the on-board questionnaire. Thus,
this is quite the opposite of what you assert.
http://www.abc.net.au/news/stories/2010/05/21/2905424.htm
1) Do you not understand that customs, including Australian
customs, can look into laptops etc. at their entire whim and
discretion - JUST AS I SAID
Isn't that what I agreed with above? Read it again, there is no
argument. However, its only because of the nature of what they are
looking for, which is a banned import (whether it is there or not). It
is in accordance with regulations, not something they can do ultra or
mala fides (sorry, lapsed into a dead language there :).
Post by nemo_outis
2) Do you not understand that the requirement to declare
pornography is yet another layer of "piling on" that can be
used to arbitrarily crucify you if the government so wishes?
Do you not understand that it is not arbitrary? It is a prohibited
import, under several jurisdictions (state, federal). That empowers
Australian Customs Service to look at electronic devices, they have
always had that legal **power**.
Post by nemo_outis
3) Do you not understand that this has *absolutely nothing*
to do with plausible deniability?
It does if they find an encrypted partition on your laptop.
Post by nemo_outis
4) Do you not understand that this is yet another proof that
government and law is arbitrary and uncontrolled, an exercise
in naked raw coercive power, and that any public good is mere
lip service?
Rubbish. You must be an expert witness for the defence, because you
don't have the correct state of mind for the other side. This sounds
like conspiracy theory to me, especially in this day and age when
stinking terrorists took out America's two front teeth!
Post by nemo_outis
And yet you believe in the rule of law. Well, good for you.
It takes real stick-to-it-ive-ness to continue to believe in
the face of mountains of evidence to the contrary.
Yes I do. Even in your country, I would believe in it (yes, I have
been all over the US, even down to Louisiana).
Post by nemo_outis
I've made my points for those with wit enough to understand.
You, of course, may continue to believe whatever you wish.
You still have not responded to my main points in the penultimate
post. Your snippers are out again. Those points are, and I challenge
you:

1. Are you an encryption expert and if so, what are your
qualifications? I'm an actuary with a passing interest in encryption.
My knowledge of the law comes predominantly from civil insurance
cases, with a salting of the other. Whence yours?

2. Can you point to one case involving TC where the hidden volume
has been discovered? (or even DCPP)

3. When you take your arguments against OTFE with hidden volumes over
to TC fora, can you let me know please so that I can follow
proceedings?
Post by nemo_outis
...
But, just as Cato used to end all his speeches with "Carthago
delenda est" I will again remind more open-minded readers that
"Plausible deniability isn't!" Trust in it at your peril.
Fuck Cato and Scipio and all the rest, they have all been dead for 2K
years. Something more useful for you to ponder, perhaps, is this
thread. Please note the sage comments under Peter's post.

http://www.peterkleissner.com/?p=11

This is the only way really to penetrate TC because until TC 6 came
along, even Bruce Schneier could only pick on leakage from an
encrypted container to unencrypted (that's fixed now with 6, there can
be no leakage whatsoever from the hidden OS as all writing outside of
that volume is prohibited).

thang
Post by nemo_outis
Regards.
nemo_outis
2010-05-21 04:30:49 UTC
Permalink
Raw Message
...snip endless whining...

As I said before, "Asked and answered."

You cited cases having exactly NOTHING to do with plausible
deniability. Cases about plain vanilla encryption. Cases that
the accused LOST!

And yet you think that somehow bolsters your position? No, my
lad, I don't intend to squander my time refuting such nonsense.
Its lameness speaks for itself.

If the legal system really worked, was really fair, if there
really were proper safeguards against self-incrimination, then
there would be no conceivable need for plausible deniability.
An accused would simply refuse to decrypt his **single layer**
encryption and that would be that.

And if the legal system is not fair, if the legal system is a
stacked deck, if judges really aren't kindly old men just trying
to help you, then the weak bullshit of "You can't absolutely
prove I'm not using the inner layer - even though the developer
loudly boasts about it" isn't going to save your sorry ass. You
will get the horselaugh as you're convicted.

Either way plausible deniability fails. Unnecessary in the
first case, unbelievable in the second.

In short, plausible deniability isn't.

Regards,
thang ornithorhynchus
2010-05-21 11:56:04 UTC
Permalink
Raw Message
Post by nemo_outis
...snip endless whining...
Lol. You can't respond to my requests (in what area are you expert,
anyway?). Even if you don't understand the utility of TC, surely you
know of an example of its insecurity? Or, the lines of code which
afford unwarranted entry by unauthorized persons? No, converting my
relevant comments etc into "whining" is childish and rather impotent.
Post by nemo_outis
As I said before, "Asked and answered."
You can say that 'till you're blue in the face. It won't change the
facts - you didn't answer anything apart from vague condemnation of
the notion of plausible deniability without discussing, in any depth,
the structure of the TC encrypted HD.
Post by nemo_outis
You cited cases having exactly NOTHING to do with plausible
deniability. Cases about plain vanilla encryption. Cases that
the accused LOST!
Don't get emotional because being effectively rebutted will happen to
you, in life. Just get used to it. Try to absorb my comments and
read the text of the citations, references and so on.
Post by nemo_outis
And yet you think that somehow bolsters your position? No, my
lad, I don't intend to squander my time refuting such nonsense.
Its lameness speaks for itself.
My lad? How typical of you and how condescending. If you are an
expert witness for the prosecution, I hate you already :0 esp with an
attitude like that.
Post by nemo_outis
If the legal system really worked, was really fair, if there
really were proper safeguards against self-incrimination, then
there would be no conceivable need for plausible deniability.
An accused would simply refuse to decrypt his **single layer**
encryption and that would be that.
No, the RIPA and our equivalent and other statutes would operate well
and effectively with your bottom of the garden encryption. We don't
have the self incrimination defence here, because we don't have a
proper, human-oriented, constition. We have an act which regulates
the macro rather than protects the micro.
Post by nemo_outis
And if the legal system is not fair, if the legal system is a
stacked deck, if judges really aren't kindly old men just trying
to help you, then the weak bullshit of "You can't absolutely
prove I'm not using the inner layer - even though the developer
loudly boasts about it" isn't going to save your sorry ass. You
will get the horselaugh as you're convicted.
Its not that bad, really. Lots of corruption, lots of crooked cops
and stitch ups, but on the balance they get the job done. I don't
stand in judgement on anyone, so its an invidious job to start with
(the whole sequence from police work to jail cell). But over here the
judges are by the by fair and very professional, many actually with a
heart. And they generally, but not always, err on the side of
innocence (acquittal). They certainly don't all nestle snugly into
police pockets.
Post by nemo_outis
Either way plausible deniability fails. Unnecessary in the
first case, unbelievable in the second.
No - I don't doubt you are an expert (in what?) and are plausible and
malleable in Court, but in *our* discussion you have not dotted the
i's and crossed the t's. If you have evidence of TC being outed in
Court, you need to advise the world accordingly. The program has been
downloaded over 24 million times from the TC foundation website, and
probably several times over this by virtue of the many, many file
sites which make it available for download too! If you have knowledge
of its fallibility, beyond evil maid, frozen ram, Firewire and all
that, then your duty is to advise all hundred million of the
downloaders.
Post by nemo_outis
In short, plausible deniability isn't.
Words, words, words. I guess plausible deniability didn't work though
with Oliver North and his employers, back in the day.

thang
Post by nemo_outis
Regards,
nemo_outis
2010-05-21 15:47:17 UTC
Permalink
Raw Message
thang ornithorhynchus <***@spitzola.com.org.net> wrote in news:***@4ax.com:

Asked and answered.

You keep raising the same points and thet're just as weak the
tenth time as the first. But, having demolished them once, I
feel no need to demolish them nine more times.

You still don't seem to get it: I don't have to satisfy YOU.
(I said from the outset that converting a true believer like
you was an exercise in futility.) No, I've made my case for
rational folks who may read this thread. It's not about YOU;
you are only the vehicle for making my points, a vehicle to be
discarded when you become useless and your whining tiresome -
as is now the case.

The facts remain:

1) Truecrypt's code has never been publicly reviewed by
*anyone* let alone anyone with even a pretence of decent
crypto credentials.

2) "Plausible deniability" has never even been tried, let
alone worked, in any reported legal case. It's an act of
desperate blind faith to rely on it.

3) "Plausible deniability" depends on the rash presumption
that the constabulary and judiciary are all gullible fools who
will be thwarted by such a transparently weak ploy. But it is
those who think that "Nyah, nyah, you can't absolutely prove
there's an inner layer" will pass muster who are the real
fools.

4) "Plausibile deniability" is a marketing ploy used to try
to differentiate Truecrypt from similar software. Truecrypt
has claimed to have "plausible deniability" right from version
1.0, right from the outset! Except it keeps changing!
Bigtime!

The mechanisms for getting that supposed plausible deniability
have changed again and again, each time with Truecrypt
disparaging all previous versions as worthless! Truecrypt
continues to morph and warp what will supposedly give
plausible deniability to this day, adding layer after layer of
complexity. Today Truecrypt claims that plausible deniability
is ONLY attanable with two partitions, both a decoy and a
hidden OS, as well as an inner and outer volume! And a
partridge in a pear tree... And even then it requires endless
housekeeping and tinkering and mustn't ever be connected to
any network, let alone the internet. Hilarious!

5) The legal system is not your friend. If the constabulary
and judiciary come after you they will not be lightly turned
aside, certainly not by something as insubstantial as so-
called plausible deniability. You will discover that the
legal system is not all just rosewood panelling and fusty wigs
- it has very, very sharp teeth!


You can rashly disregard any or all of these points. Suit
yourself. As I've said repeatedly, "Your ass, your call."

My words are for others in the hope that rationality and
prudence will trump misplaced enthusiasm for such a useless
toy as plausible deniability.

Regards,
thang ornithorhynchus
2010-05-23 05:51:07 UTC
Permalink
Raw Message
Post by nemo_outis
Asked and answered.
You keep raising the same points and thet're just as weak the
tenth time as the first. But, having demolished them once, I
feel no need to demolish them nine more times.
Didn't notice any demolition happening in your earlier posts.
Post by nemo_outis
You still don't seem to get it: I don't have to satisfy YOU.
(I said from the outset that converting a true believer like
you was an exercise in futility.) No, I've made my case for
rational folks who may read this thread. It's not about YOU;
you are only the vehicle for making my points, a vehicle to be
discarded when you become useless and your whining tiresome -
as is now the case.
I am not a blind "true believer", I have used, tested and questioned
TC over the last few years since I started using TC and dropped DCPP
because of the latter's incompatibility with Win7. You will not be
able to convert me unless you have arguments which are more than just
wind. If you, or anyone else, has such arguments, based on reported
or reportable fact, then I will drop TC like a hot potato. I, unlike
yourself, am open to reason. In particular, I don't use invective as
do you, for the very good reason that I have not run out of arguments,
like you.

As for your talk of vehicles and so on, I doubt that anyone who has
been following this discussion, even the rubes, allows you any
credibility at all. Perhaps I should crosspost to achieve the maximum
effect? Nah, I'm not that vindictive nor am I that childish.
Post by nemo_outis
1) Truecrypt's code has never been publicly reviewed by
*anyone* let alone anyone with even a pretence of decent
crypto credentials.
You don't know that. You don't know that it hasn't been reviewed by
NSA, for instance (with up to 100 million downloads, I can guarantee
you that it **has** been reviewed, and by the best at that). All you
know is that you haven't seen a report on the net for such review.
What a bellicose, ridiculous statement.
Post by nemo_outis
2) "Plausible deniability" has never even been tried, let
alone worked, in any reported legal case. It's an act of
desperate blind faith to rely on it.
Well, its not going to be used as in "Your honour, I plead plausible
deniability", is it? Like, there will be sets of keys or passphrases
provided in accordance with law (RIPA etc) and after provision by LEA
of the requisite Notices. At some stage, there will be no way to
demonstrate (prove) the existence of further encryption, to the
satisfaction of even the lowest burden of proof. Then, the principle
of plausible deniability clicks in, even though the term itself will
not be used or uttered.

Can you quit with the hyperbole already, please? "act of desperate
faith" etc does not provide knowledge nor reason to this discussion.
Post by nemo_outis
3) "Plausible deniability" depends on the rash presumption
that the constabulary and judiciary are all gullible fools who
will be thwarted by such a transparently weak ploy. But it is
those who think that "Nyah, nyah, you can't absolutely prove
there's an inner layer" will pass muster who are the real
fools.
There goes that hyperbole again. "Rash", "presumption", "gullible",
"thwarted", "transparently weak ploy" etc etc. Lets stick with facts.
No one is going to stand in court and state "can't prove there is an
inner layer" (actually, "hidden volume" is the term of art) - rather
the process of LEA providing a written Notice requiring
keys/passphrases to **identified** encryption on a suspect HD, then
within the 21 day period or whatever, the keys being provided and the
encryption being decrypted will occur outside of Court, apart from LEA
obtaining the necessary warrants for this procedure. All things going
well, there will be no Court appearance at all by the owner of the HD
because there will be full compliance with the Court ordered warrant
for the keys or passphrases.

The issue is - there is only a Court appearance for the "defendant" if
encryption can be identified, proven to some low level such as
"reasonable suspicion" or "balance of probabilities". In the case of
a hidden volume, there can be no such proof!!! Get it? No such proof,
and no way of obtaining such proof. The hidden volume is just garbled
bit soup within the outer volume indiscernible from anything else on
the unwritten part of the second partition. Of course, the keys for
the outer volume will be handed over, pursuant to Court order.

I would like you to describe, in the way that I have done, how your
process of "nyah nyah, can't prove the hidden layer" will take place?
Especially the bit where it is demonstrated to the Court that there is
a hidden volume to which a third set of keys exists, which must be
given up by the "defendant"?
Post by nemo_outis
4) "Plausibile deniability" is a marketing ploy used to try
to differentiate Truecrypt from similar software. Truecrypt
has claimed to have "plausible deniability" right from version
1.0, right from the outset! Except it keeps changing!
Bigtime!
The hidden OS only came into being late in the game, first version 6.
No OS leakage, write protected everything, etc etc. Certainly hidden
containers and volumes were earlier available, but not hidden OS's.
Its not a ploy, Securstar may have more overtly used marketing in
respect of sales, being a commercial organization, but TC Foundation
is not a commercial org, so the word "marketing" is hardly apt. True
plausible deniability only came into being with the hidden operating
system, version 6, mid-2008, 4 years after inception of TC. It may
not have been too effective with earlier version because of leakage,
but not so with V6 up.
Post by nemo_outis
The mechanisms for getting that supposed plausible deniability
have changed again and again, each time with Truecrypt
disparaging all previous versions as worthless!
They merely said improved, not worthless. Hardly have they ever
disparaged their own product!

Truecrypt
Post by nemo_outis
continues to morph and warp what will supposedly give
plausible deniability to this day, adding layer after layer of
complexity. Today Truecrypt claims that plausible deniability
is ONLY attanable with two partitions, both a decoy and a
hidden OS, as well as an inner and outer volume! And a
partridge in a pear tree... And even then it requires endless
housekeeping and tinkering and mustn't ever be connected to
any network, let alone the internet. Hilarious!
Absolute rubbish and it is *now* clear, that for all your promending
and posturing, you have never, ever set up a TC V6+ hidden OS. It is
not complex, just takes time to do it properly. Certainly less
complex than DCPP because you don't need to move all the blocks to the
front of the same partition using Partition Magic or somesuch, and set
up initially on a FAT volume with the later clone overlaid on a NTFS
volume. TC is much simpler than that, and its leakage protection in
the hidden OS is automatic, it just makes everything outside of the OS
write-protected, including USB sticks, CD-ROM (thus rendering burners
useless). In short, there is no way for infomation, at all, outside
of the internet, to leak anywhere. No tracks whatsoever. And,
totally hidden to boot! Even the ratio to set up the two partitions
is easy, 1:2, so that the hidden OS is one third of the HD capacity
(because of journaling within NTFS which starts at the centre of the
volume).

So, no "endless tinkering" or "housekeeping" and if you can't control
internet access by Kaspersky, good habits, and a retinue of lesser
apps such as rootkit killers and so on, then you have no reason to be
on the net.
Post by nemo_outis
5) The legal system is not your friend. If the constabulary
and judiciary come after you they will not be lightly turned
aside, certainly not by something as insubstantial as so-
called plausible deniability. You will discover that the
legal system is not all just rosewood panelling and fusty wigs
- it has very, very sharp teeth!
Its only your enemy if you break the law.
Post by nemo_outis
You can rashly disregard any or all of these points. Suit
yourself. As I've said repeatedly, "Your ass, your call."
I'm not rash, unlike you I don't make proclaimations and declarations
about things of which I know little. I venture forth only after
significant research and deliberation. TC current version is as safe
as houses.
Post by nemo_outis
My words are for others in the hope that rationality and
prudence will trump misplaced enthusiasm for such a useless
toy as plausible deniability.
The only reason I am following up your tempestuous and intemperate
statements is precisely that. For others, so that they can arrive at
a balanced view.

By the way, Securstar is apparently on the way to development of a
Win7 version of DCPP. I await that with bated breath...

thang
nemo_outis
2010-05-23 06:01:59 UTC
Permalink
Raw Message
Post by thang ornithorhynchus
Post by nemo_outis
Asked and answered.
You keep raising the same points and thet're just as weak
the tenth time as the first. But, having demolished them
once, I feel no need to demolish them nine more times.
Didn't notice any demolition happening in your earlier
posts.
Of course you didn't notice. You're too thick to realize you've
been stripped naked and are standing there with your dick in
your hands.
Post by thang ornithorhynchus
Post by nemo_outis
1) Truecrypt's code has never been publicly reviewed by
*anyone* let alone anyone with even a pretence of decent
crypto credentials.
You don't know that. You don't know that it hasn't been
reviewed by NSA...
Do you know what the word "publicly" means?

No, my lad, I have no inclination whatsoever to continue to
respond to your endless repetition of your idiotic objections.

...rest of your drivel snipped unread...

As a judge will say: Your position is frivoulous and vexatious.
Accordingly: You are dismissed - with prejudice.

Regards,
thang ornithorhynchus
2010-05-23 09:14:46 UTC
Permalink
Raw Message
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
Asked and answered.
You keep raising the same points and thet're just as weak
the tenth time as the first. But, having demolished them
once, I feel no need to demolish them nine more times.
Didn't notice any demolition happening in your earlier
posts.
Of course you didn't notice. You're too thick to realize you've
been stripped naked and are standing there with your dick in
your hands.
You've been shown as the fraud you are. Some noobs and greenhorns
might take some of what you say to heart, but not many. Those who
quietly inhabit this place, and there are a *lot* of them, correctly
pick you as the know-it-all fool with pretensions of knowledge who
hasn't, prima facie, even tried TC. You seem to have an agenda
actually, but if so, then the adversary who has employed you has not
gotten his money's worth.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
1) Truecrypt's code has never been publicly reviewed by
*anyone* let alone anyone with even a pretence of decent
crypto credentials.
You don't know that. You don't know that it hasn't been
reviewed by NSA...
Do you know what the word "publicly" means?
So? I said "you don't know that" in respect of that comment by you,
then moved on to the NSA. You're grasping at straws. In fact, you
are a man of straw.
Post by nemo_outis
No, my lad, I have no inclination whatsoever to continue to
respond to your endless repetition of your idiotic objections.
My lad. What a fucking boofhead you are. You must have a glass
navel, your head is so far up your arse. If you can't continue, fuck
off. I subjected you to the acid test and you failed. End. of.
story.
Post by nemo_outis
...rest of your drivel snipped unread...
As a judge will say: Your position is frivoulous and vexatious.
Accordingly: You are dismissed - with prejudice.
Immature fool. Go away and try TC for a year or two, then you just
might be qualified to comment knowledgeably. Until then, stop trying
to mislead people.

Fool.

have a nice day, mr expert witness haha

thang
Post by nemo_outis
Regards,
nemo_outis
2010-05-23 16:08:54 UTC
Permalink
Raw Message
thang ornithorhynchus <***@spitzola.com.org.net> wrote in news:***@4ax.com:


Are you back yet again? You linger like a fart in a small room.

It's very clear that in trying to teach it to sing, I have
indeed annoyed the pig. Tough! I'm rather indifferent to the
pig's wounded feelings.

I've made my case. The rational and prudent will accept it.
But some folks will not.

That's hardly surprising - there are also millions and millions
who believe the world was created in six days by a magic sky
pixie. There's no foolishness so absurd that some fool will not
believe it. And so with plausible deniability.

I've already demolished your position and I'm not going to waste
my time repeatedly entertaining your same whining objections
over and over, my lad. But, hey, it's your life - come back as
often as you wish - if you enjoy being summarily dismissed and
mocked.

Regards,
thang ornithorhynchus
2010-05-26 10:12:46 UTC
Permalink
Raw Message
Post by nemo_outis
Are you back yet again? You linger like a fart in a small room.
Too bad about your reputation, which is now on the scrapheap
regardless of your futile snipping of my posts in your responses. How
you must be suffering, being a person of your particular personality
type, which will brook no contradiction. Unfortunately, you clearly,
patently, do not know what you are talking about. You have not tested
TC, that is clear by your language (unlike some 100 million or
thereabouts who are presently using the software). You are
consequently peddling bullshit without basis or clarity of thought,
and to make matters worse, your pretentions are, in this day and age,
ridiculous. BUt worst of all, you are attempting to mislead people.
"Expert witness"...you must, sir, be joking.
Post by nemo_outis
It's very clear that in trying to teach it to sing, I have
indeed annoyed the pig. Tough! I'm rather indifferent to the
pig's wounded feelings.
I think in fact you are the wounded one, ol' fella. I don't give a
shit, whereas you are there poised over the keyboard waiting for my
next salvo. Well, sorry to take a few days, I actually had a real
life to get on with. I'll try to be more prompt in the future :)
Post by nemo_outis
I've made my case. The rational and prudent will accept it.
But some folks will not.
That's hardly surprising - there are also millions and millions
who believe the world was created in six days by a magic sky
pixie. There's no foolishness so absurd that some fool will not
believe it. And so with plausible deniability.
Why throw in your agnosticism? Totally irrelevant. You're starting
to unravel. Why the heck don't you just accept the inevitable. Peddle
your crap in NG's of lesser discipline than here please.
Post by nemo_outis
I've already demolished your position and I'm not going to waste
my time repeatedly entertaining your same whining objections
over and over, my lad. But, hey, it's your life - come back as
often as you wish - if you enjoy being summarily dismissed and
mocked.
Idiot. Thanks for the entertainment.

thang
Post by nemo_outis
Regards,
nemo_outis
2010-05-26 14:29:04 UTC
Permalink
Raw Message
thang ornithorhynchus <***@spitzola.com.org.net> wrote in news:***@4ax.com:

Are you back whining again? Makes sense - you're as
insignificant as a gnat.

Swat!
John Smith
2010-05-24 06:33:38 UTC
Permalink
Raw Message
Post by thang ornithorhynchus
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
Asked and answered.
You keep raising the same points and thet're just as weak
the tenth time as the first. But, having demolished them
once, I feel no need to demolish them nine more times.
Didn't notice any demolition happening in your earlier
posts.
Of course you didn't notice. You're too thick to realize you've
been stripped naked and are standing there with your dick in
your hands.
You've been shown as the fraud you are. Some noobs and greenhorns
might take some of what you say to heart, but not many. Those who
quietly inhabit this place, and there are a *lot* of them, correctly
pick you as the know-it-all fool with pretensions of knowledge who
hasn't, prima facie, even tried TC. You seem to have an agenda
actually, but if so, then the adversary who has employed you has not
gotten his money's worth.
Post by nemo_outis
Post by thang ornithorhynchus
Post by nemo_outis
1) Truecrypt's code has never been publicly reviewed by
*anyone* let alone anyone with even a pretence of decent
crypto credentials.
You don't know that. You don't know that it hasn't been
reviewed by NSA...
Do you know what the word "publicly" means?
So? I said "you don't know that" in respect of that comment by you,
then moved on to the NSA. You're grasping at straws. In fact, you
are a man of straw.
Post by nemo_outis
No, my lad, I have no inclination whatsoever to continue to
respond to your endless repetition of your idiotic objections.
My lad. What a fucking boofhead you are. You must have a glass
navel, your head is so far up your arse. If you can't continue, fuck
off. I subjected you to the acid test and you failed. End. of.
story.
Post by nemo_outis
...rest of your drivel snipped unread...
As a judge will say: Your position is frivoulous and vexatious.
Accordingly: You are dismissed - with prejudice.
Immature fool. Go away and try TC for a year or two, then you just
might be qualified to comment knowledgeably. Until then, stop trying
to mislead people.
Fool.
have a nice day, mr expert witness haha
thang
Post by nemo_outis
Regards,
Thang, you should try a great free encryption program, it's called
compusec security suite. It doesn't have hidden volumes, etc, but it
does full total disc encryption and I know it'll be good for what you're
into down the road. Cheers
a***@privacy.net
2010-05-30 01:29:35 UTC
Permalink
Raw Message
Post by nemo_outis
...snip endless whining...
As I said before, "Asked and answered."
You cited cases having exactly NOTHING to do with plausible
deniability. Cases about plain vanilla encryption. Cases that
the accused LOST!
And yet you think that somehow bolsters your position? No, my
lad, I don't intend to squander my time refuting such nonsense.
Its lameness speaks for itself.
If the legal system really worked, was really fair, if there
really were proper safeguards against self-incrimination, then
there would be no conceivable need for plausible deniability.
An accused would simply refuse to decrypt his **single layer**
encryption and that would be that.
And if the legal system is not fair, if the legal system is a
stacked deck, if judges really aren't kindly old men just trying
to help you, then the weak bullshit of "You can't absolutely
prove I'm not using the inner layer - even though the developer
loudly boasts about it" isn't going to save your sorry ass. You
will get the horselaugh as you're convicted.
Either way plausible deniability fails. Unnecessary in the
first case, unbelievable in the second.
In short, plausible deniability isn't.
Regards,
What if an innocent man is raided (through CC cloning for example)
by the police. Let us say he has a TC encrypted OS together with
a hidden OS, but has not used the secret OS option. Remember he
is innocent, so he has nothing to hide and meekly hands over his
twin keys. Both OS are examined, nothing is found. Now the police
to hide their embrassment try to assert he must have a second
hidden OS as TC offers this facility. The suspect in reality has
no secret OS, he never mastered the ability to create one.

This scenario may be unlikely, but is perfectly feasible. So how can
our suspect prove there is no secret hidden OS?

If plausible deniability is not possible, how on earth can he avoid
being convicted? After all, the police according to your beliefs
can show a Judge that he must have such a hidden OS.

If you are correct, an innocent man will go to jail. You cannot
have it both ways.
nemo_outis
2010-05-30 01:46:49 UTC
Permalink
Raw Message
Post by a***@privacy.net
If you are correct, an innocent man will go to jail. You
cannot have it both ways.
Not one, but many, many innocent people get convicted and go to
jail. Happens all the time. Whoever told you life was fair?
(or the legal system, for that matter?) As I said earlier,
forget Civics 101.

Hell, as just one example, the Innocence Project has gotten 254
exonerations, 17 of whom were on death row. Hundreds of
wrongful convictions even though based supposedly on the most
incontrovertible techy evidence: DNA. And I'm sure that's just
a drop in the bucket.

As for plausible deniability, the legal system is hardly
unfamiliar with dealing with lies. And, despite all the Civics
101 claptrap, you won't get a fair shake. When you begin to
think of the legal system, not as being about so-called
"justice" but as a power realtionship, a power relationship in
which you are definitely not its equal, the scales may begin to
fall from your eyes.

Regards,

Loading...