Shaun - your views please...

On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

Post by thang ornithorhynchus
Shaun, TC 6.3 has been released and I must say, as Windows 7 has only
just officially been released I am a bit nervous as to how damn fast
the dev crew has reacted. 6.3 is totally congruent with both Win7 and
Snow Leopard. Man, for a free open source crew, they must be
dedicated and skillful.
http://www.truecrypt.org/docs/?s=version-history
I go back to your comments regarding how nice it would be for NSA etc
to have access, should there be the need, to TC encrypted volumes and
devices say hosted on terrorist computers. I cannot for the life of
me see how the devs have the funds, time, dedication and skills to do
this in such a short timeframe. Have you had the time and funds to do
this?
I must say, if this is a honeypot, then a large part of the
cypher-community has fallen for it, me included. In any case, I'm
going to try it out and report later next week as to how it operates
under Win7 (I'm running Win7 at the moment but TC 6.2 is full of bugs
in this regard).
thang

Apparently there's bee a major push on at Microsoft to ensure lots of
Windows 7 compatible software and hardware -- see, for example,

****************************

Windows 7-Compatible Products Surpass 6,000

Microsoft said it's already certified a slew of apps and hardware
devices as part of its new Windows 7 Compatibility logo program.

September 30, 2009
By Stuart J. Johnston

Eager to avert the incompatibility debacle that marred the Windows
Vista launch, when many products did not work properly with Vista if
at all, Microsoft has been working for months to make sure that
hardware peripherals and software makers sport "Compatible with
Windows 7" stickers -- and mean it.

The point is to ensure that as of the first day of consumer
availability -- October 22 -- there will be plenty of hardware and
software products that work with Windows 7.

Full Article here:
http://www.internetnews.com/software/article.php/3841806/Windows+7Compatible+Products+Surpass+6000.htm

MyNym

2009-10-28 02:26:03 UTC

On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

John Smith

2009-11-11 06:08:48 UTC

Can an 18 year old hack through this latest version to, lol

Post by thang ornithorhynchus
I go back to your comments regarding how nice it would be for NSA etc
to have access, should there be the need, to TC encrypted volumes and
devices say hosted on terrorist computers. I cannot for the life of
me see how the devs have the funds, time, dedication and skills to do
this in such a short timeframe. Have you had the time and funds to do
this?
I must say, if this is a honeypot, then a large part of the
cypher-community has fallen for it, me included. In any case, I'm
going to try it out and report later next week as to how it operates
under Win7 (I'm running Win7 at the moment but TC 6.2 is full of bugs
in this regard).
thang

Shaun

2009-11-20 15:09:17 UTC

On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

There must be quite a few of them as well IMHO. I work every day with
this stuff and I know how bloody difficult it can sometimes be.

This is a very interesting question and one I have often speculated
on. If one was aware of the REAL COST and EXPERISE required for
Windows device driver etc. development one would begin to wonder
indeed what might be going on in the realms of TC land. Only recently
we were wanting to explore the development of a new product, and to
save time a well known dev company was approached regarding a
licence to use an "off the shelf" customisable kernel mode device
driver, and the cost was to be a staggering $125,000 dollars, with
$30,000 per year in technical support and updates after the first
year. We have yet to get back to them.

Having said that, people who understand the nuances of windows devices
drivers are a very rare breed indeed, and there are so many gotchas to
watch out for, and the development environment is difficult to say the
least.

So these anonymous TC guys who took Paul Le Roux's old driver and made
it their own, (as they say in musical parlance), must be at least
reasonably competent, and I don't t see how they can be working
entirely for nothing or completely altruistically. However I am merely
speculating as I have no more clue about this than anyone else, save I
know the level of dedication required to make a reasonably reliable
solid product which works on the vast amount of setups in the field.
To me, there must be some kind of remuneration involved in this, or
they really are saints of the highest order. If it was money, rather
than free disk encryption software they were giving away, what would
we think then I wonder ?

DCPP now runs happily on Win7 so far as we know, and we had quite a
bit of work to do to achive this, even though Win7 is Vista like, the
100mbyte boot area is standard on many platforms and has no drive
letter. Much of this area dealing with the preboot (Bootauth) code was
modified to work with Drive GUIDs rather than drive letters, and this
will be extended in the future. DCPP driver had a battle with rdyboost
which now connects to DCPP which caused me some tears and has been
subject to some tortuous testing to determine that the battle has been
won.

But as for TC - I simply can't see it being an entirely motiveless
enterprise somehow. Others are of course free to believe otherwise,
and it could even be, what it seems to be and I could well be wrong.

Regards,
Shaun

MyNym

2009-11-20 17:57:08 UTC

On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

There must be quite a few of them as well IMHO. I work every day with
this stuff and I know how bloody difficult it can sometimes be.

This is a very interesting question and one I have often speculated
on. If one was aware of the REAL COST and EXPERISE required for
Windows device driver etc. development one would begin to wonder
indeed what might be going on in the realms of TC land. Only recently
we were wanting to explore the development of a new product, and to
save time a well known dev company was approached regarding a
licence to use an "off the shelf" customisable kernel mode device
driver, and the cost was to be a staggering $125,000 dollars, with
$30,000 per year in technical support and updates after the first
year. We have yet to get back to them.
Having said that, people who understand the nuances of windows devices
drivers are a very rare breed indeed, and there are so many gotchas to
watch out for, and the development environment is difficult to say the
least.
So these anonymous TC guys who took Paul Le Roux's old driver and made
it their own, (as they say in musical parlance), must be at least
reasonably competent, and I don't t see how they can be working
entirely for nothing or completely altruistically. However I am merely
speculating as I have no more clue about this than anyone else, save I
know the level of dedication required to make a reasonably reliable
solid product which works on the vast amount of setups in the field.
To me, there must be some kind of remuneration involved in this, or
they really are saints of the highest order. If it was money, rather
than free disk encryption software they were giving away, what would
we think then I wonder ?
DCPP now runs happily on Win7 so far as we know, and we had quite a
bit of work to do to achive this, even though Win7 is Vista like, the
100mbyte boot area is standard on many platforms and has no drive
letter. Much of this area dealing with the preboot (Bootauth) code was
modified to work with Drive GUIDs rather than drive letters, and this
will be extended in the future. DCPP driver had a battle with rdyboost
which now connects to DCPP which caused me some tears and has been
subject to some tortuous testing to determine that the battle has been
won.
But as for TC - I simply can't see it being an entirely motiveless
enterprise somehow. Others are of course free to believe otherwise,
and it could even be, what it seems to be and I could well be wrong.
Regards,
Shaun

I wrote in a previous post that Shaun had a valuable history of trust.
Nevertheless, these continued unsupported attacks on TC, without one
single fact, not a single line of code, are rapidly undermining my
trust.

What do we really know about Securestar? Virtually nothing as it is a
privately held company. We do know that Securstar requires an invasive
licensing system that places the user's security at risk.

What does anyone really know about DriveCrypt? Virtually nothing since
the code is secret and unavailable to anyone for study and analysis
under any circumstances.

Perhaps these desperate attacks on TC are explained by desperate
business conditions at Securstar. Perhaps something more troublesome
is involved. Whatever the explanation, the unfounded attacks hardly
generate any level of confidence in DriveCrypt products. It's a sad
situation.

John Smith

2009-11-21 08:52:26 UTC

Post by MyNym
On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

<snipped>

FLUSH

MyNym

2009-11-21 12:38:09 UTC

Post by John Smith

Post by MyNym
On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

<snipped>
FLUSH

Another worried Securstar employee?

thang ornithorhynchus

2009-11-24 07:45:46 UTC

Post by MyNym

Post by John Smith

Post by MyNym
On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

<snipped>
FLUSH

Another worried Securstar employee?

No, apparently the resident troll. I guess I should be honoured I've
been flushed by a troll, the irony...

thang

MyNym

2009-11-21 16:51:28 UTC

On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

There must be quite a few of them as well IMHO. I work every day with
this stuff and I know how bloody difficult it can sometimes be.

This is a very interesting question and one I have often speculated
on. If one was aware of the REAL COST and EXPERISE required for
Windows device driver etc. development one would begin to wonder
indeed what might be going on in the realms of TC land. Only recently
we were wanting to explore the development of a new product, and to
save time a well known dev company was approached regarding a
licence to use an "off the shelf" customisable kernel mode device
driver, and the cost was to be a staggering $125,000 dollars, with
$30,000 per year in technical support and updates after the first
year. We have yet to get back to them.
Having said that, people who understand the nuances of windows devices
drivers are a very rare breed indeed, and there are so many gotchas to
watch out for, and the development environment is difficult to say the
least.
So these anonymous TC guys who took Paul Le Roux's old driver and made
it their own, (as they say in musical parlance), must be at least
reasonably competent, and I don't t see how they can be working
entirely for nothing or completely altruistically. However I am merely
speculating as I have no more clue about this than anyone else, save I
know the level of dedication required to make a reasonably reliable
solid product which works on the vast amount of setups in the field.
To me, there must be some kind of remuneration involved in this, or
they really are saints of the highest order. If it was money, rather
than free disk encryption software they were giving away, what would
we think then I wonder ?
DCPP now runs happily on Win7 so far as we know, and we had quite a
bit of work to do to achive this, even though Win7 is Vista like, the
100mbyte boot area is standard on many platforms and has no drive
letter. Much of this area dealing with the preboot (Bootauth) code was
modified to work with Drive GUIDs rather than drive letters, and this
will be extended in the future. DCPP driver had a battle with rdyboost
which now connects to DCPP which caused me some tears and has been
subject to some tortuous testing to determine that the battle has been
won.
But as for TC - I simply can't see it being an entirely motiveless
enterprise somehow. Others are of course free to believe otherwise,
and it could even be, what it seems to be and I could well be wrong.
Regards,
Shaun

All speculation aside, SecurStar admits to being connected to state
defense departments and the military, and to using "former hackers" in
its business (see "About SecurStar",
http://www.securstar.com/about.php).

"SecurStar was primarily established owing to the special security
needs of... state defense departments of several countries." ...

"SecurStar`s core business is the development of new security
technologies for military use." ...

"SecurStar`s team is consists of well known security experts as well
as famous former hackers" ...

thang ornithorhynchus

2009-11-22 12:48:43 UTC

Post by MyNym
On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

There must be quite a few of them as well IMHO. I work every day with
this stuff and I know how bloody difficult it can sometimes be.

This is a very interesting question and one I have often speculated
on. If one was aware of the REAL COST and EXPERISE required for
Windows device driver etc. development one would begin to wonder
indeed what might be going on in the realms of TC land. Only recently
we were wanting to explore the development of a new product, and to
save time a well known dev company was approached regarding a
licence to use an "off the shelf" customisable kernel mode device
driver, and the cost was to be a staggering $125,000 dollars, with
$30,000 per year in technical support and updates after the first
year. We have yet to get back to them.
Having said that, people who understand the nuances of windows devices
drivers are a very rare breed indeed, and there are so many gotchas to
watch out for, and the development environment is difficult to say the
least.
So these anonymous TC guys who took Paul Le Roux's old driver and made
it their own, (as they say in musical parlance), must be at least
reasonably competent, and I don't t see how they can be working
entirely for nothing or completely altruistically. However I am merely
speculating as I have no more clue about this than anyone else, save I
know the level of dedication required to make a reasonably reliable
solid product which works on the vast amount of setups in the field.
To me, there must be some kind of remuneration involved in this, or
they really are saints of the highest order. If it was money, rather
than free disk encryption software they were giving away, what would
we think then I wonder ?
DCPP now runs happily on Win7 so far as we know, and we had quite a
bit of work to do to achive this, even though Win7 is Vista like, the
100mbyte boot area is standard on many platforms and has no drive
letter. Much of this area dealing with the preboot (Bootauth) code was
modified to work with Drive GUIDs rather than drive letters, and this
will be extended in the future. DCPP driver had a battle with rdyboost
which now connects to DCPP which caused me some tears and has been
subject to some tortuous testing to determine that the battle has been
won.
But as for TC - I simply can't see it being an entirely motiveless
enterprise somehow. Others are of course free to believe otherwise,
and it could even be, what it seems to be and I could well be wrong.
Regards,
Shaun

All speculation aside, SecurStar admits to being connected to state
defense departments and the military, and to using "former hackers" in
its business (see "About SecurStar",
http://www.securstar.com/about.php).
"SecurStar was primarily established owing to the special security
needs of... state defense departments of several countries." ...
"SecurStar`s core business is the development of new security
technologies for military use." ...
"SecurStar`s team is consists of well known security experts as well
as famous former hackers" ...

Haha, I've clearly opened a can 'o worms. Don't blame Shaun, *I*
asked him the question and he answered honestly. I am using TC, and
find it to be a superior product (except for the loss of the outer
volume which chews up one third of my 1TB disk) but I am honestly,
totally, concerned about the fact that the developers are doing such a
huge task for zip, just love and approbation. Admit it, in the event
of a nuclear threat where the terrorists were using TC, it would be
nice if the NSA or Homeland Security could easily decrypt relevant
data per backdoor if they in fact funded the damn thing or provided
the expertise. It would in fact be appropriate. It would be the BFG
withheld until a really big threat came along. Makes sense to me.

Also, why attack Securstar? I used DCPP for years until TC6.2 came
along and I find TC superior for my purposes now. DCPP was a good
companion though, and I must try eventually DCPP now that Shaun says
it accommodates Win7.

Don't get yer knickers in a knot...

thang

MyNym

2009-11-22 14:44:03 UTC

On Sun, 22 Nov 2009 20:48:43 +0800, thang ornithorhynchus

Post by thang ornithorhynchus
Haha, I've clearly opened a can 'o worms. Don't blame Shaun, *I*
asked him the question and he answered honestly. I am using TC, and
find it to be a superior product (except for the loss of the outer
volume which chews up one third of my 1TB disk) but I am honestly,
totally, concerned about the fact that the developers are doing such a
huge task for zip, just love and approbation. Admit it, in the event
of a nuclear threat where the terrorists were using TC, it would be
nice if the NSA or Homeland Security could easily decrypt relevant
data per backdoor if they in fact funded the damn thing or provided
the expertise. It would in fact be appropriate. It would be the BFG
withheld until a really big threat came along. Makes sense to me.
Also, why attack Securstar? I used DCPP for years until TC6.2 came
along and I find TC superior for my purposes now. DCPP was a good
companion though, and I must try eventually DCPP now that Shaun says
it accommodates Win7.
Don't get yer knickers in a knot...
thang

It's true you asked a leading question; and you are to be
congratulated for acting on your feelings of responsibility.

You asked, "why attack Securstar?"

My point was (and is); if we start making attacks based solely on
speculation, and nothing else, SecurStar and DriveCrypt are just as
vulnerable, perhaps more so, as compared to the TC developers and the
TC product. For example, Shaun speculated in an earlier post that the
TC devs could be connected to the US gov. While that is possible, the
same possibility applies to Securstar, particularly in view of
SecurStar's claims of defense department and military connections. As
to secrecy of devs' identities, the same considerations apply to the
principals and finances of SecurStar, and for example, their
unidentified group of former hackers.

As to the TC devs motivations; anyone who has followed this group
knows of the concerns that were voiced repeatedly, by many different
posters, over the evolution of Scramdisk to DriveCrypt, and the closed
code of DriveCrypt. I never held it against Shaun and Securstar that
they sought compensation for risk, hard work, and for building and
maintaining an ongoing commercial enterprise.

Nevertheless, I believe it fair to say that TC appeared in response to
these general concerns (although not necessarily in response to
DriveCrypt and SecurStar, per se or solely). The TC devs have clearly
put in lots of effort into TC. Admitting at least the possibility that
these people might be doing what they do solely for the principle of a
right to privacy, it seems wrong to allow, without question, their
hard work and generosity to be attacked based only on speculation.
This is particularly troublesome since their code is open source, and
since the speculative attacks on TC are in fact questioning the TC
devs right to privacy.

By all means, people should analyse and compare products. But in my
view, the comparisons should be based on fact and not speculation.
Nevertheless, if negative speculation is to be the order of the day,
then in all fairness, it should be applied to all.

Regards.

nemo_outis

2009-11-23 03:21:08 UTC

Post by MyNym
By all means, people should analyse and compare products. But in my
view, the comparisons should be based on fact and not speculation.
Nevertheless, if negative speculation is to be the order of the day,
then in all fairness, it should be applied to all.
Regards.

No, NOT only "facts" should be taken into comparison. When evaluating
security software the criterion need NOT be "beyond reasonable doubt" or
even "balance of probablilities." No, the test for most is the Caesar's
wife one that goes beyond even "a shadow of a doubt" to "above
suspicion."

Nor is any consideration of "fairness" to all comers applicable. A
security program - any particular program - may be rejected for any
reason or no reason.

The objective is to determine a subset of security programs that meet the
user's needs, not some theoretical "balanced" approach that would please
others or satisfy some abstract ideal of "commercial justice" (if there
is such a concept!).

Now, of course, it is entirely possible that application of these
criteria may result in the set of acceptable security programs being very
limited or even being the "null set." In such conditions the user may
decide to relax some or all of his selection crtiteria or, perhaps, to
take an entirely different approach (e.g., eschewing all current security
software in favour of other methods - sometimes called the Osama approach
:-)

Moreover, in the case of Truecrypt, while there may not be fire there is
considerable smoke. First, Truecrypt is NOT open-source - while the code
is available for inspection the licence hedging it is far from being real
open-source.

Further, the (two?) developers have gone to extraordinary lengths to hide
their identity (although I have ferreted out some significant leads in
this respect which I believe identify them). Fair enough, I suppose, but
it means that one avenue for possibly instilling trust - the reputation
of the authors - is not available. Moreover, the authors have taken
additional measures to "close" Truecrypt, one of which is the application
of copyright.

More sinisterly, the authors have gone to extraordinary lengths to
"purge" all traces of earlier versions of the program's source and binary
code from the internet (not just Wayback but many others). However, after
considerable effort I have assembled a complete library of source and
binaries for all previous versions which I will make available to those
who request them. This attemopt to "bury" previous versions makes
comparison of change history difficult (and could be viewed by the
paranoid as a deliberate attempt to impede discovery of later compromised
code).

Yet further, the principal avenue for interaction regarding Truecrypt,
the Truecrypt forums, are rigidly controlled by the developers and/or
their henchmen - to the point where bug lists are not public and where
adverse comments frequently "magically disappear" and are purged from the
forums.

The net effect of this secrecy, rigid control, and chilling atmosphere is
to discourage many academics and other qualified crypto people from
examining the code and promoting Truecrypt. Remember: the principal
alleged benefit of open-source software (although Truecrypt is only
quasi-open-source) is the "many eyes" principal. In the case of
sophisticated security software, however, this principal is greatly
diminished since there are so few "eyes" which are qualified to examine
the subtleties of security software. All the more true when one may be
looking for, not mere bugs, but carefully camouflaged backdoors. (For
those who doubt that compromised code can exist despite being "in plain
view" and open-source, I invite them to review the Obfuscated C contests
of past years).

In short, I'm suspicious of Truecrypt. Suspicious enough that I don't
use it. Do I have hard proof? No! But I don't require hard proof to
disqualify it. Suspicion is sufficient.

Instead I use *two nested* programs from different independent sources:
BestCrypt Wholedisk and FreeOTFE. My way may not be your way, but this
is what I have chosen.

Regards,

MyNym

2009-11-23 18:59:07 UTC

No, NOT only "facts" should be taken into comparison. When evaluating
security software the criterion need NOT be "beyond reasonable doubt" or
even "balance of probablilities." No, the test for most is the Caesar's
wife one that goes beyond even "a shadow of a doubt" to "above
suspicion."
Nor is any consideration of "fairness" to all comers applicable. A
security program - any particular program - may be rejected for any
reason or no reason.
The objective is to determine a subset of security programs that meet the
user's needs, not some theoretical "balanced" approach that would please
others or satisfy some abstract ideal of "commercial justice" (if there
is such a concept!).
Now, of course, it is entirely possible that application of these
criteria may result in the set of acceptable security programs being very
limited or even being the "null set." In such conditions the user may
decide to relax some or all of his selection crtiteria or, perhaps, to
take an entirely different approach (e.g., eschewing all current security
software in favour of other methods - sometimes called the Osama approach
:-)
Moreover, in the case of Truecrypt, while there may not be fire there is
considerable smoke. First, Truecrypt is NOT open-source - while the code
is available for inspection the licence hedging it is far from being real
open-source.
Further, the (two?) developers have gone to extraordinary lengths to hide
their identity (although I have ferreted out some significant leads in
this respect which I believe identify them). Fair enough, I suppose, but
it means that one avenue for possibly instilling trust - the reputation
of the authors - is not available. Moreover, the authors have taken
additional measures to "close" Truecrypt, one of which is the application
of copyright.
More sinisterly, the authors have gone to extraordinary lengths to
"purge" all traces of earlier versions of the program's source and binary
code from the internet (not just Wayback but many others). However, after
considerable effort I have assembled a complete library of source and
binaries for all previous versions which I will make available to those
who request them. This attemopt to "bury" previous versions makes
comparison of change history difficult (and could be viewed by the
paranoid as a deliberate attempt to impede discovery of later compromised
code).
Yet further, the principal avenue for interaction regarding Truecrypt,
the Truecrypt forums, are rigidly controlled by the developers and/or
their henchmen - to the point where bug lists are not public and where
adverse comments frequently "magically disappear" and are purged from the
forums.
The net effect of this secrecy, rigid control, and chilling atmosphere is
to discourage many academics and other qualified crypto people from
examining the code and promoting Truecrypt. Remember: the principal
alleged benefit of open-source software (although Truecrypt is only
quasi-open-source) is the "many eyes" principal. In the case of
sophisticated security software, however, this principal is greatly
diminished since there are so few "eyes" which are qualified to examine
the subtleties of security software. All the more true when one may be
looking for, not mere bugs, but carefully camouflaged backdoors. (For
those who doubt that compromised code can exist despite being "in plain
view" and open-source, I invite them to review the Obfuscated C contests
of past years).
In short, I'm suspicious of Truecrypt. Suspicious enough that I don't
use it. Do I have hard proof? No! But I don't require hard proof to
disqualify it. Suspicion is sufficient.
BestCrypt Wholedisk and FreeOTFE. My way may not be your way, but this
is what I have chosen.
Regards,

I've found your posts thoughtful and beneficial over the years, so I
will simply say I believe fairness, objectivity, and getting the facts
to be worthwhile goals in any endeavor (including this one). I don't
think you disagree. I don't think Shaun does either.

And in all fairness, I must add that I continue to have great respect
for Shaun, his history, and hard work; and, I shoudn't have said or
implied anything to the contrary.

Regards.

nemo_outis

2009-11-23 20:04:09 UTC

Post by MyNym

No, NOT only "facts" should be taken into comparison. When evaluating
security software the criterion need NOT be "beyond reasonable doubt"
or even "balance of probablilities." No, the test for most is the
Caesar's wife one that goes beyond even "a shadow of a doubt" to
"above suspicion."
Nor is any consideration of "fairness" to all comers applicable. A
security program - any particular program - may be rejected for any
reason or no reason.
The objective is to determine a subset of security programs that meet
the user's needs, not some theoretical "balanced" approach that would
please others or satisfy some abstract ideal of "commercial justice"
(if there is such a concept!).
Now, of course, it is entirely possible that application of these
criteria may result in the set of acceptable security programs being
very limited or even being the "null set." In such conditions the
user may decide to relax some or all of his selection crtiteria or,
perhaps, to take an entirely different approach (e.g., eschewing all
current security software in favour of other methods - sometimes
called the Osama approach
:-)
Moreover, in the case of Truecrypt, while there may not be fire there
is considerable smoke. First, Truecrypt is NOT open-source - while
the code is available for inspection the licence hedging it is far
from being real open-source.
Further, the (two?) developers have gone to extraordinary lengths to
hide their identity (although I have ferreted out some significant
leads in this respect which I believe identify them). Fair enough, I
suppose, but it means that one avenue for possibly instilling trust -
the reputation of the authors - is not available. Moreover, the
authors have taken additional measures to "close" Truecrypt, one of
which is the application of copyright.
More sinisterly, the authors have gone to extraordinary lengths to
"purge" all traces of earlier versions of the program's source and
binary code from the internet (not just Wayback but many others).
However, after considerable effort I have assembled a complete library
of source and binaries for all previous versions which I will make
available to those who request them. This attemopt to "bury" previous
versions makes comparison of change history difficult (and could be
viewed by the paranoid as a deliberate attempt to impede discovery of
later compromised code).
Yet further, the principal avenue for interaction regarding Truecrypt,
the Truecrypt forums, are rigidly controlled by the developers and/or
their henchmen - to the point where bug lists are not public and where
adverse comments frequently "magically disappear" and are purged from
the forums.
The net effect of this secrecy, rigid control, and chilling atmosphere
is to discourage many academics and other qualified crypto people from
examining the code and promoting Truecrypt. Remember: the principal
alleged benefit of open-source software (although Truecrypt is only
quasi-open-source) is the "many eyes" principal. In the case of
sophisticated security software, however, this principal is greatly
diminished since there are so few "eyes" which are qualified to
examine the subtleties of security software. All the more true when
one may be looking for, not mere bugs, but carefully camouflaged
backdoors. (For those who doubt that compromised code can exist
despite being "in plain view" and open-source, I invite them to review
the Obfuscated C contests of past years).
In short, I'm suspicious of Truecrypt. Suspicious enough that I don't
use it. Do I have hard proof? No! But I don't require hard proof to
disqualify it. Suspicion is sufficient.
Instead I use *two nested* programs from different independent
sources: BestCrypt Wholedisk and FreeOTFE. My way may not be your
way, but this is what I have chosen.
Regards,

Thank you for your reasoned reply. Let me just add that, especially when it
comes to security software, "facts" are often both scarce and soft.
Moreover, how to weight those facts (soft or hard) is itself a deucedly
tricky business that can dramatically change the selection outcome. In
short, we are frequently left with using less rigorous, even somewhat
arbitrary, methods to come to our decisions. Objectivity is elusive and we
often fall back on what may be no more than rationalizations for our
prejudices.

Post by MyNym
And in all fairness, I must add that I continue to have great respect
for Shaun, his history, and hard work; and, I shoudn't have said or
implied anything to the contrary.

Shaun has been a brick and I always look forward to reading his opinions.
On the other hand, while I have nothing in particular against Securstar, it
strikes me as "just one of the crowd" in terms of both the
features/reliability of its software and its credibility.

Regards,

thang ornithorhynchus

2009-11-24 08:22:27 UTC

I agree, on the basis that security software is directed to serious
usage where there can be no chance of antagonistic involuntary
decryption. From production secrets to national security, there must
be no chance whatsoever of compromise.

Post by nemo_outis
Nor is any consideration of "fairness" to all comers applicable. A
security program - any particular program - may be rejected for any
reason or no reason.
The objective is to determine a subset of security programs that meet the
user's needs, not some theoretical "balanced" approach that would please
others or satisfy some abstract ideal of "commercial justice" (if there
is such a concept!).
Now, of course, it is entirely possible that application of these
criteria may result in the set of acceptable security programs being very
limited or even being the "null set." In such conditions the user may
decide to relax some or all of his selection crtiteria or, perhaps, to
take an entirely different approach (e.g., eschewing all current security
software in favour of other methods - sometimes called the Osama approach
:-)
Moreover, in the case of Truecrypt, while there may not be fire there is
considerable smoke. First, Truecrypt is NOT open-source - while the code
is available for inspection the licence hedging it is far from being real
open-source.

Look, for such advanced code, I seriously doubt anyone at all has sat
down and understood all of the code. A few lines hidden amongst
hundreds of thousands, perhaps millions, of lines of code would be to
most experts totally concealed. Or, some calls to routines which call
to other routines perhaps many many times over may be just as good at
concealment. Until the encrypted OS falls into the hands of the NSA
after a raid on terrorists who plan destruction somewhere in some
city, *then* NSA pulls the plug and opens the backdoor by entering
some line of instruction somewhere in the myriad lines of code that
has never been found.

I mean, who has sat down and followed each line of code comprising the
TC executables? Each line, and each call, and so on? Anyone?
Schneier hasn't that's for sure. I am sure Schneier reads this, how
about it Bruce, who has examined the TC executables?

Post by nemo_outis
Further, the (two?) developers have gone to extraordinary lengths to hide
their identity (although I have ferreted out some significant leads in
this respect which I believe identify them). Fair enough, I suppose, but
it means that one avenue for possibly instilling trust - the reputation
of the authors - is not available. Moreover, the authors have taken
additional measures to "close" Truecrypt, one of which is the application
of copyright.

Copyright won't prevents reverse engineering for examination of
backdoors. I don't believe there are only two devs. I think the
software was released as open source and free of charge to effect the
biggest uptake throughout the world, so it would be the OTFE package
of choice. Hopefully, of choice by significant criminals such as
terrorists and the like. Makes sense doesn't it?

Post by nemo_outis
More sinisterly, the authors have gone to extraordinary lengths to
"purge" all traces of earlier versions of the program's source and binary
code from the internet (not just Wayback but many others). However, after
considerable effort I have assembled a complete library of source and
binaries for all previous versions which I will make available to those
who request them. This attemopt to "bury" previous versions makes
comparison of change history difficult (and could be viewed by the
paranoid as a deliberate attempt to impede discovery of later compromised
code).

Fair enough, but if this project has been underwritten by the NSA or
someother dodgy agency, then the backdoors have been around since
V1.0. So, I don't think the code became compromised later, if it is
compromised, it has probably always been compromised.

I don't know why they have purged the old versions though, in that
case.

Post by nemo_outis
Yet further, the principal avenue for interaction regarding Truecrypt,
the Truecrypt forums, are rigidly controlled by the developers and/or
their henchmen - to the point where bug lists are not public and where
adverse comments frequently "magically disappear" and are purged from the
forums.

This is well known, see my earlier comments in earlier posts. IPs
banned, nicks banned etc if too many questions are asked in the
forums.

Post by nemo_outis
The net effect of this secrecy, rigid control, and chilling atmosphere is
to discourage many academics and other qualified crypto people from
examining the code and promoting Truecrypt. Remember: the principal
alleged benefit of open-source software (although Truecrypt is only
quasi-open-source) is the "many eyes" principal. In the case of
sophisticated security software, however, this principal is greatly
diminished since there are so few "eyes" which are qualified to examine
the subtleties of security software. All the more true when one may be
looking for, not mere bugs, but carefully camouflaged backdoors. (For
those who doubt that compromised code can exist despite being "in plain
view" and open-source, I invite them to review the Obfuscated C contests
of past years).

Agreed. It would not be difficult for the magicians at NSA to hide a
few lines in all that code.

Post by nemo_outis
In short, I'm suspicious of Truecrypt. Suspicious enough that I don't
use it. Do I have hard proof? No! But I don't require hard proof to
disqualify it. Suspicion is sufficient.
BestCrypt Wholedisk and FreeOTFE. My way may not be your way, but this
is what I have chosen.

As far as I know, only TC and DCPP have the capacity for a hidden OS
which I use because it is the best sandbox possible for sensitive
information (along with Tor, Privoxy and SMAC 2.0). I used to use
DCPP until it became unusable because of its reliance on FAT32 for the
initial setup (which fails Win7). I now use TC because while I am
deeply suspicious of TC and its origins, I know that only in utter
emergencies would the NSA (or equivalent) pull the plug on it and use
the backdoor, and my use does not qualify as an utter emergency. My
use has no illegal or national security taint at all, so for my
purposes, TC is ok (I need the hidden OS sandbox). However, my
suspicions remain.

PS How do you know Sarah Dean is not on the payroll of the NSA? Just
kidding, I have followed her career over the past decade from a
student dabbler to wherever she is now. She is very very good, but no
hidden OS.

regards

thang

Post by nemo_outis
Regards,

MyNym

2009-11-24 14:24:22 UTC

On Tue, 24 Nov 2009 16:22:27 +0800, thang ornithorhynchus

Look, for such advanced code, I seriously doubt anyone at all has sat
down and understood all of the code. A few lines hidden amongst
hundreds of thousands, perhaps millions, of lines of code would be to
most experts totally concealed. Or, some calls to routines which call
to other routines perhaps many many times over may be just as good at
concealment. Until the encrypted OS falls into the hands of the NSA
after a raid on terrorists who plan destruction somewhere in some
city, *then* NSA pulls the plug and opens the backdoor by entering
some line of instruction somewhere in the myriad lines of code that
has never been found.
I mean, who has sat down and followed each line of code comprising the
TC executables? Each line, and each call, and so on? Anyone?
Schneier hasn't that's for sure. I am sure Schneier reads this, how
about it Bruce, who has examined the TC executables?

Fair enough, but if this project has been underwritten by the NSA or
someother dodgy agency, then the backdoors have been around since
V1.0. So, I don't think the code became compromised later, if it is
compromised, it has probably always been compromised.
I don't know why they have purged the old versions though, in that
case.

This is well known, see my earlier comments in earlier posts. IPs
banned, nicks banned etc if too many questions are asked in the
forums.

Agreed. It would not be difficult for the magicians at NSA to hide a
few lines in all that code.

As far as I know, only TC and DCPP have the capacity for a hidden OS
which I use because it is the best sandbox possible for sensitive
information (along with Tor, Privoxy and SMAC 2.0). I used to use
DCPP until it became unusable because of its reliance on FAT32 for the
initial setup (which fails Win7). I now use TC because while I am
deeply suspicious of TC and its origins, I know that only in utter
emergencies would the NSA (or equivalent) pull the plug on it and use
the backdoor, and my use does not qualify as an utter emergency. My
use has no illegal or national security taint at all, so for my
purposes, TC is ok (I need the hidden OS sandbox). However, my
suspicions remain.
PS How do you know Sarah Dean is not on the payroll of the NSA? Just
kidding, I have followed her career over the past decade from a
student dabbler to wherever she is now. She is very very good, but no
hidden OS.
regards
thang

Post by nemo_outis
Regards,

thang,

I respect your views, as well as nemo's, and Shauns. But I would
nevertheless add a few comments.

What I actually said that one shouldn't make decesions based ONLY on
negative speculation. Obviously, all available facts and their
reasonable implications should be taken into consideration. But one
simply must start with facts if one is to achieve a reliable analysis.
I also said that speculation should be applied evenly -- obviously,
this is done in view of facts which can allow distinctions between
softwares and evaluation of levels of risk of different softwares
vis-a-vis each other - but giving one software a pass or fail on the
basis of no facts, or on the basis of facts lacking reasonable
distinction from facts of other solutions, will obviously yield a poor
analysis.

I don't believe you honestly think one can achieve the 0% level of
risk you said to be a must. Nevertheless, if that is really your goal,
then you're going to examine software code in detail. Although 0% risk
cannot be achieved (simply because no one is sufficiently omnicient to
predict every possible attack), analysis of code to a high level of
reliability, is achievable.

There are lots of different groups with a great incentive to find
flaws in TrueCrypt. It has a large number of commercial competitors -
including Microsoft - who have real incentive to expose its
weaknesses. An intentional backdoor would be a killer.

The most realistic scenarios for intelligence agencies would always
include cover, by various means, including for example, blackmailing
or corrupting known credentialed individuals in the industry. Cover
and corruption are fundamental to these guys. To start an intelligence
project with the glaring flaw of hidden developers honestly makes
little sense - a possibility, certainly - but a bad start, definitely.

Enough already.

Best regards.

MyNym

2009-11-24 16:56:01 UTC

Just to clarify one point in my prior comments -- regarding cover.

I don't mean to say that one should rule out TrueCrypt as a potential
intelligence agency project. But I do mean to say that the assumption,
people seem to accept without question, that hidden developers implies
an increased liklihood of hidden government involvement strikes me as
illogical -- in view of cover and corruption histories in intelligence
agencies. Hidden government involvement is at least as likely, if not
more so, in softwares having the outward appearence of nothing to
hide. In my view, the issue of hidden developers, in and of itself,
leadsat best (or worst) only to contradictory considerations, i.e. a
'wash', at least as a starting point.

Really enough, already :)

Shaun

2009-11-30 15:39:52 UTC

Post by MyNym
It's true you asked a leading question; and you are to be
congratulated for acting on your feelings of responsibility.
You asked, "why attack Securstar?"

[...]

Post by MyNym
Nevertheless, I believe it fair to say that TC appeared in response to
these general concerns (although not necessarily in response to
DriveCrypt and SecurStar, per se or solely). The TC devs have clearly
put in lots of effort into TC. Admitting at least the possibility that
these people might be doing what they do solely for the principle of a
right to privacy, it seems wrong to allow, without question, their
hard work and generosity to be attacked based only on speculation.

Indeed that might be so. If their work is indeed altruistic. Which is
what this discussion is IN FACT about one way or another.

Post by MyNym
This is particularly troublesome since their code is open source, and
since the speculative attacks on TC are in fact questioning the TC
devs right to privacy.

The speculative "attacks" (as you insist on calling this discussion)
are not questioning the developers right to ANYTHING. They merely
discuss certain aspects of TC, including the NEED of those developers
to remain completely private, and the alleged censorship of their
forums etc. Of course they are free to remain private and to censor
their own forums, but should they do so, they obviously have to accept
any negative impact that such a position might well have including
people having discussions such as this. This is to be expected and is
NOT unhealthy. For a while I went by the name of "Aman" and some
questioned the reason for that.

I for one don't particularly hail the brilliance of the TC folk for
various reasons, and for obvious reasons do not use their software
much (apart from testing it out now and then), because as far as I am
concerned, my own is infinitely more trustworthy to me, than theirs
is. Indeed I have some (sour) gripes about those boys (or girls)
which if fully aired here would simply be taken as being sour grapes
on my part. Having said that if TC took over the world and their was
no longer room for my efforts in this field, then I would hopefully
simply find something else to do.

Perhaps you are correct, but I would be grateful if you would
consider my response as an HONEST answer to the question put, by the
OP.

If such speculation were not to be permitted (and I have been the
subject of a GOOD DEAL of speculation about myself at times over the
years) then I think it would be time for me to call it a day in this
newsgroup. We can all idly speculate about this, and about that until
we are blue in the face. However the fact remains that I do HONESTLY
believe I am in a better position than most to judge certain aspects
about this situation given that I develop similar software myself, and
have first hand knowledge of some of the issues involved, and the
gotchas which slip you up especially in the realm of windows device
driver development. In short I wonder how the TC guys manage to do all
this for free.

In my case as an individual , one also has to remember that I work
for a commercial company with all the contstraints that this imposes
on me. Had I not been subject to such restriction perhaps things would
be very different. But I have to eat you know. I have (now) teenage
offspring to support and house. The means by which I could afford to
develop Scramdisk as open source freeware or cheap shareware on NT
evaporated in the dotcom meltdown of 2001. I needed a job. SecurStar
gave me a job and adopted the work I did on a commercial basis. They
pay me for the work I currently do. and I remain very grateful and
also very loyal to them, for that.

I would imagine too, the TC guys have to eat as well. So I cannot help
but wonder about the source of the means by which their sustainance
is provided. I know though I couldn't do this job in the evening after
being hard at work with another during the day. It is too taxing at
times. Perhaps they won the lottery and do it out of real concern for
humanity. I know where I would be if I had vast amounts of money.

You know, I only obsure my email address because of spam collection,
not to hide my identity.

In fact I am so honest and open you can even see me here:
http://www.crashonline.org.uk/25/gremlin.htm

It's a long time ago though (over 24 years) and I am a lot older, and
a bit more grey. (Mind I do dye my hair a bit, and who cares..)

I love old TV technology as well:
http://www.domino405.co.uk/owners.html

Yes. the TC fellows ARE entitled to their privacy. However I and
everyone else here, should we choose to, are PERFECTLY entitled to
discuss (and even speculate on) that privacy. It could simply be what
they are doing, is not permitted in their country. Equally it could
be that they are being bankrolled by someone who wants as many people
as possible to use this stuff.

Who knows.

But many users might well care.

Regards to all.
Shaun.

MyNym

2009-11-30 17:45:42 UTC

Post by MyNym
It's true you asked a leading question; and you are to be
congratulated for acting on your feelings of responsibility.
You asked, "why attack Securstar?"

[...]

Indeed that might be so. If their work is indeed altruistic. Which is
what this discussion is IN FACT about one way or another.

Post by MyNym
This is particularly troublesome since their code is open source, and
since the speculative attacks on TC are in fact questioning the TC
devs right to privacy.

The speculative "attacks" (as you insist on calling this discussion)
are not questioning the developers right to ANYTHING. They merely
discuss certain aspects of TC, including the NEED of those developers
to remain completely private, and the alleged censorship of their
forums etc. Of course they are free to remain private and to censor
their own forums, but should they do so, they obviously have to accept
any negative impact that such a position might well have including
people having discussions such as this. This is to be expected and is
NOT unhealthy. For a while I went by the name of "Aman" and some
questioned the reason for that.
I for one don't particularly hail the brilliance of the TC folk for
various reasons, and for obvious reasons do not use their software
much (apart from testing it out now and then), because as far as I am
concerned, my own is infinitely more trustworthy to me, than theirs
is. Indeed I have some (sour) gripes about those boys (or girls)
which if fully aired here would simply be taken as being sour grapes
on my part. Having said that if TC took over the world and their was
no longer room for my efforts in this field, then I would hopefully
simply find something else to do.

Perhaps you are correct, but I would be grateful if you would
consider my response as an HONEST answer to the question put, by the
OP.
If such speculation were not to be permitted (and I have been the
subject of a GOOD DEAL of speculation about myself at times over the
years) then I think it would be time for me to call it a day in this
newsgroup. We can all idly speculate about this, and about that until
we are blue in the face. However the fact remains that I do HONESTLY
believe I am in a better position than most to judge certain aspects
about this situation given that I develop similar software myself, and
have first hand knowledge of some of the issues involved, and the
gotchas which slip you up especially in the realm of windows device
driver development. In short I wonder how the TC guys manage to do all
this for free.
In my case as an individual , one also has to remember that I work
for a commercial company with all the contstraints that this imposes
on me. Had I not been subject to such restriction perhaps things would
be very different. But I have to eat you know. I have (now) teenage
offspring to support and house. The means by which I could afford to
develop Scramdisk as open source freeware or cheap shareware on NT
evaporated in the dotcom meltdown of 2001. I needed a job. SecurStar
gave me a job and adopted the work I did on a commercial basis. They
pay me for the work I currently do. and I remain very grateful and
also very loyal to them, for that.
I would imagine too, the TC guys have to eat as well. So I cannot help
but wonder about the source of the means by which their sustainance
is provided. I know though I couldn't do this job in the evening after
being hard at work with another during the day. It is too taxing at
times. Perhaps they won the lottery and do it out of real concern for
humanity. I know where I would be if I had vast amounts of money.
You know, I only obsure my email address because of spam collection,
not to hide my identity.
http://www.crashonline.org.uk/25/gremlin.htm
It's a long time ago though (over 24 years) and I am a lot older, and
a bit more grey. (Mind I do dye my hair a bit, and who cares..)
http://www.domino405.co.uk/owners.html
Yes. the TC fellows ARE entitled to their privacy. However I and
everyone else here, should we choose to, are PERFECTLY entitled to
discuss (and even speculate on) that privacy. It could simply be what
they are doing, is not permitted in their country. Equally it could
be that they are being bankrolled by someone who wants as many people
as possible to use this stuff.
Who knows.
But many users might well care.
Regards to all.
Shaun.

Many thanks for your response Shaun. I do accept your response as your
honest views.

Glad to see you are still posting (almost like the old days), even
though we have different views on some issues.

Best regards.

thang ornithorhynchus

2009-12-01 04:42:51 UTC

Post by MyNym
It's true you asked a leading question; and you are to be
congratulated for acting on your feelings of responsibility.
You asked, "why attack Securstar?"

[...]

Indeed that might be so. If their work is indeed altruistic. Which is
what this discussion is IN FACT about one way or another.

It is definitely about that, seeing as I am the original poster and I
should know.

Post by MyNym
This is particularly troublesome since their code is open source, and
since the speculative attacks on TC are in fact questioning the TC
devs right to privacy.

The speculative "attacks" (as you insist on calling this discussion)
are not questioning the developers right to ANYTHING. They merely
discuss certain aspects of TC, including the NEED of those developers
to remain completely private, and the alleged censorship of their
forums etc. Of course they are free to remain private and to censor
their own forums, but should they do so, they obviously have to accept
any negative impact that such a position might well have including
people having discussions such as this. This is to be expected and is
NOT unhealthy. For a while I went by the name of "Aman" and some
questioned the reason for that.
I for one don't particularly hail the brilliance of the TC folk for
various reasons, and for obvious reasons do not use their software
much (apart from testing it out now and then), because as far as I am
concerned, my own is infinitely more trustworthy to me, than theirs
is. Indeed I have some (sour) gripes about those boys (or girls)
which if fully aired here would simply be taken as being sour grapes
on my part. Having said that if TC took over the world and their was
no longer room for my efforts in this field, then I would hopefully
simply find something else to do.

I think the "taking over the world" bit is more accurate than perhaps
imagined by most. Who said once that if a thing appears to be too
good to be true, it probably is?

Do not do that Shaun please, if you don't mind. I value your opinion
above all others and more importantly, trust it. You have been
posting here for at least the last decade (when I came in, around the
turn of the century). Don't stop now.

We can all idly speculate about this, and about that until

Post by Shaun
we are blue in the face. However the fact remains that I do HONESTLY
believe I am in a better position than most to judge certain aspects
about this situation given that I develop similar software myself, and
have first hand knowledge of some of the issues involved, and the
gotchas which slip you up especially in the realm of windows device
driver development. In short I wonder how the TC guys manage to do all
this for free.
In my case as an individual , one also has to remember that I work
for a commercial company with all the contstraints that this imposes
on me. Had I not been subject to such restriction perhaps things would
be very different. But I have to eat you know. I have (now) teenage
offspring to support and house. The means by which I could afford to
develop Scramdisk as open source freeware or cheap shareware on NT
evaporated in the dotcom meltdown of 2001. I needed a job. SecurStar
gave me a job and adopted the work I did on a commercial basis. They
pay me for the work I currently do. and I remain very grateful and
also very loyal to them, for that.
I would imagine too, the TC guys have to eat as well.

Another telling point. More telling that you might think actually.

So I cannot help

Post by Shaun
but wonder about the source of the means by which their sustainance
is provided. I know though I couldn't do this job in the evening after
being hard at work with another during the day. It is too taxing at
times. Perhaps they won the lottery and do it out of real concern for
humanity. I know where I would be if I had vast amounts of money.
You know, I only obsure my email address because of spam collection,
not to hide my identity.
http://www.crashonline.org.uk/25/gremlin.htm

Ha, reminds me of myself back in the 70s, long hair bellbottoms etc
etc and above all else youthful. Thanks for that I had no idea what
you looked like.

Post by Shaun
It's a long time ago though (over 24 years) and I am a lot older, and
a bit more grey. (Mind I do dye my hair a bit, and who cares..)
http://www.domino405.co.uk/owners.html
Yes. the TC fellows ARE entitled to their privacy. However I and
everyone else here, should we choose to, are PERFECTLY entitled to
discuss (and even speculate on) that privacy. It could simply be what
they are doing, is not permitted in their country. Equally it could
be that they are being bankrolled by someone who wants as many people
as possible to use this stuff.

That's what I think, surely there are others who think the same, or
are all users sheep?

Post by Shaun
Who knows.
But many users might well care.
Regards to all.
Shaun.

nemo_outis

2009-12-01 19:01:42 UTC

MyNym <***@myplace.com> wrote in news:***@4ax.com:

...

I also believe that enhancements against attacks such as the
"evil maid" attack could enhance market share of any product in this
field. Heuristic, antivirus-type software applications specifically
directed at this issue might be included with encryption software to
reduce the level of risk to this type of attack.

There is a dirt-simple protection against the "evil maid" attack *IF* it
is implemented as a modified MBR on an (encrypted) HD.

It's a simple dual-boot procedure. The procedure is as follows:

1) Boot from a known-good source (a CD with half a torn dollar bill
securely glued to it is one possiblity - with the other half always on
your person). Better still if some degree of continuous control & custody
over the CD is maintained. Or perhaps instead a USB stick (an Ironkey?)
always worn around your neck.

2a) Check the hash of the MBR (against the data on the known-good
source). If it differs the MBR has been tampered with.

2b) If required, restore the correct MBR from the known-good source
(after investigating thoroughly and subsequently deciding to proceed, of
course)

3) Once the MBR has been verified/restored, reboot - this time to the
HD.

However, none of this will protect you if, say, a hardware keylogger has
been installed in the computer or if, say, the BIOS or a BIOS extension
has been modified (see, for instance:
http://invisiblethingslab.com/resources/bh09usa/Attacking%20Intel%
20BIOS.pdf
and
http://www.ngssoftware.com/research/papers/Implementing_And_Detecting_A_P
CI_Rootkit.pdf).

In short, there is no substitute for physical security.

Regards,

MyNym

2009-12-01 21:03:33 UTC

Post by nemo_outis
...

There is a dirt-simple protection against the "evil maid" attack *IF* it
is implemented as a modified MBR on an (encrypted) HD.
1) Boot from a known-good source (a CD with half a torn dollar bill
securely glued to it is one possiblity - with the other half always on
your person). Better still if some degree of continuous control & custody
over the CD is maintained. Or perhaps instead a USB stick (an Ironkey?)
always worn around your neck.
2a) Check the hash of the MBR (against the data on the known-good
source). If it differs the MBR has been tampered with.
2b) If required, restore the correct MBR from the known-good source
(after investigating thoroughly and subsequently deciding to proceed, of
course)
3) Once the MBR has been verified/restored, reboot - this time to the
HD.
However, none of this will protect you if, say, a hardware keylogger has
been installed in the computer or if, say, the BIOS or a BIOS extension
http://invisiblethingslab.com/resources/bh09usa/Attacking%20Intel%
20BIOS.pdf
and
http://www.ngssoftware.com/research/papers/Implementing_And_Detecting_A_P
CI_Rootkit.pdf).
In short, there is no substitute for physical security.
Regards,

I must say that your posts over the years have always, always, always,
emphasized physical security. Schneier emphasizes the same.

I do think heuristic preventative software focused on access to the
encryption software entry point would be worthwhile.

But bottom line; you're right -- software security without physical
security is the stuff illusions are made of.

Regards.

nemo_outis

2009-12-01 22:44:53 UTC

Post by MyNym
But bottom line; you're right -- software security without physical
security is the stuff illusions are made of.

However, that does lead to the following paradox: if our physical
security provisions were perfect, there'd be no need for encryption :-)

Instead, we must proceed as the Russians at the battle of Kursk - defence
in depth. For instance, if continuous control and custody (by oneself or
trusted parties) is not possible, then one can move from tamper
prevention to tamper detection. For instance, a laptop can be secured
with tamper-indicating tape (and other mechanisms) to reveal if its
innards have been messed with. There are two problems with this: our
self-discipline (do we always check thoroughly before using?) and the
vulnerability of the seals to compromise (through a multitude of possible
methods). The folks at Los Alamos are the experts at defeating tamper-
indicating seals (although they are not as forthcoming as I would like
regarding specifics).

Of course, one is still left with "environmental threats" during use
(chief of which are tempest, video, indirect monitor recording, and key-
press eavesdropping). I have actually gone to the trouble of providing
reasonable security against these for two of my file servers (gross
overkill since they contain little sensitive beyond some bootleg
software, videos, and music) - but I did it as an exercise. As an uber-
geek I learned much about such matters as "slot leakage" and the
intricacies of (high-frequency) grounding of Faraday cages (technically a
misnomer since Faraday cages rigorously only apply to static charges).
Black-red separation, battery-intermediated power supplies, isolation of
heat, water, power, etc. breaks in the envelope, dead-man shutdowns, even
dual-door personel entry - the works. Not that expensive (a few thousand
in material outlays but little in labour cost - as long as I value my
time at $0.10/hr :-)

The technical intricacies were fascinating (I am an engineer, after all
:-) but the chief vulnerability I noticed was my own lack of self-
discipline to rigorously follow the protocols (e.g., when going to the
can). Managing multiple humans must be hell!

Regards,

PS Incidentally, my safe-room in the basement at Calgary would probably
provide 1/2 hr or better against most fairly-heavy-duty penetration
approaches (including such as diamond-grit power rotary saws and
hydraulic "jaws"). But the killer problem, the insurmountable problem,
is shaped charges - these can penetrate even 24" of reinforced concrete
(i.e., make a man-passable hole) in less than a minute! Fortunately, I
do have seismic-sensor shutdown (surprisingly cheap and effective - in
fact, my main problem was decreasing its sensitivity and tuning the
response signatures so that false alarms wouldn't cause unnecessary
shutdowns).

PPS A laptop stored in a home safe (regarded as tamper-indicating rather
than as tamper-preventing unless you're willing to pony up for something
like a TXTL60-X6 such as the Super Diamond) is probably secure enough for
all but the most severe threats. But then I wouldn't have had as much
"James Bond" fun :-)

MyNym

2009-12-02 00:38:59 UTC

Post by MyNym
But bottom line; you're right -- software security without physical
security is the stuff illusions are made of.

However, that does lead to the following paradox: if our physical
security provisions were perfect, there'd be no need for encryption :-)
Instead, we must proceed as the Russians at the battle of Kursk - defence
in depth. For instance, if continuous control and custody (by oneself or
trusted parties) is not possible, then one can move from tamper
prevention to tamper detection. For instance, a laptop can be secured
with tamper-indicating tape (and other mechanisms) to reveal if its
innards have been messed with. There are two problems with this: our
self-discipline (do we always check thoroughly before using?) and the
vulnerability of the seals to compromise (through a multitude of possible
methods). The folks at Los Alamos are the experts at defeating tamper-
indicating seals (although they are not as forthcoming as I would like
regarding specifics).
Of course, one is still left with "environmental threats" during use
(chief of which are tempest, video, indirect monitor recording, and key-
press eavesdropping). I have actually gone to the trouble of providing
reasonable security against these for two of my file servers (gross
overkill since they contain little sensitive beyond some bootleg
software, videos, and music) - but I did it as an exercise. As an uber-
geek I learned much about such matters as "slot leakage" and the
intricacies of (high-frequency) grounding of Faraday cages (technically a
misnomer since Faraday cages rigorously only apply to static charges).
Black-red separation, battery-intermediated power supplies, isolation of
heat, water, power, etc. breaks in the envelope, dead-man shutdowns, even
dual-door personel entry - the works. Not that expensive (a few thousand
in material outlays but little in labour cost - as long as I value my
time at $0.10/hr :-)
The technical intricacies were fascinating (I am an engineer, after all
:-) but the chief vulnerability I noticed was my own lack of self-
discipline to rigorously follow the protocols (e.g., when going to the
can). Managing multiple humans must be hell!
Regards,
PS Incidentally, my safe-room in the basement at Calgary would probably
provide 1/2 hr or better against most fairly-heavy-duty penetration
approaches (including such as diamond-grit power rotary saws and
hydraulic "jaws"). But the killer problem, the insurmountable problem,
is shaped charges - these can penetrate even 24" of reinforced concrete
(i.e., make a man-passable hole) in less than a minute! Fortunately, I
do have seismic-sensor shutdown (surprisingly cheap and effective - in
fact, my main problem was decreasing its sensitivity and tuning the
response signatures so that false alarms wouldn't cause unnecessary
shutdowns).
PPS A laptop stored in a home safe (regarded as tamper-indicating rather
than as tamper-preventing unless you're willing to pony up for something
like a TXTL60-X6 such as the Super Diamond) is probably secure enough for
all but the most severe threats. But then I wouldn't have had as much
"James Bond" fun :-)

What wonderful reading. I'm reminded of the movie, "Conspiracy
Theory". Thank you for that.

Shaped charges are a facinating technology (theory, not practice, as I
value all parts of all of my appendages). Early discoveries were
apparently based on the observation that bundles of guncotton emgraved
with the Nobel trademark, left the word "Nobel" chiseled onto hard
surfaces when the bundles were exploded on those surfaces.

Shaped charges were the basis for hand launched anti-tank weapons that
constituted a major turning point in WWII. Since then, shaped charge
based weapons have continued to be used effectively against many
tanks. Recent advances in tank armor structures have succedssfully
defended against many shaped charge weapons. Have a look into recent
developments in tank armor if you haven't already for more facinating
reading.

Back to software; Windows, and all forms of software licenses that
require on-line verification, or on-line searching of software and/or
hardware in computers, constitute major security threats in my view.
Software and firmware to monitor DRM are likewise major threats. And
the list goes on and on...

Your paradox/conundrum is quite real -- and broadly speaking is also a
common problem across many disciplines and philosophies. Single, pure,
approaches (disciplines, theories or philosophies) are rarely
effective, and are often self-corrupting. In the West, people say
"Balance in all things." In the East, people emphasize both yin and
yang. I suppose the real truth is; there are typically a plurality of
complementary (sometines at least partially contradictory) truths,
properties and approaches that can be used in concert to create strong
physical structures, process designs and philosophical approaches.

Best regards.

Carsten Krueger

2009-12-01 21:07:10 UTC

Post by nemo_outis
There is a dirt-simple protection against the "evil maid" attack *IF* it
is implemented as a modified MBR on an (encrypted) HD.

Clever attackers install hardware keyloggers or spycams.
:-)

greetings
Carsten

--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://mailcatch.com/ - Antispam
cakruege (at) gmail (dot) com

MyNym

2009-12-01 17:02:12 UTC

On Tue, 01 Dec 2009 12:42:51 +0800, thang ornithorhynchus

Post by MyNym
It's true you asked a leading question; and you are to be
congratulated for acting on your feelings of responsibility.
You asked, "why attack Securstar?"

[...]

Indeed that might be so. If their work is indeed altruistic. Which is
what this discussion is IN FACT about one way or another.

It is definitely about that, seeing as I am the original poster and I
should know.

Post by MyNym
This is particularly troublesome since their code is open source, and
since the speculative attacks on TC are in fact questioning the TC
devs right to privacy.

The speculative "attacks" (as you insist on calling this discussion)
are not questioning the developers right to ANYTHING. They merely
discuss certain aspects of TC, including the NEED of those developers
to remain completely private, and the alleged censorship of their
forums etc. Of course they are free to remain private and to censor
their own forums, but should they do so, they obviously have to accept
any negative impact that such a position might well have including
people having discussions such as this. This is to be expected and is
NOT unhealthy. For a while I went by the name of "Aman" and some
questioned the reason for that.
I for one don't particularly hail the brilliance of the TC folk for
various reasons, and for obvious reasons do not use their software
much (apart from testing it out now and then), because as far as I am
concerned, my own is infinitely more trustworthy to me, than theirs
is. Indeed I have some (sour) gripes about those boys (or girls)
which if fully aired here would simply be taken as being sour grapes
on my part. Having said that if TC took over the world and their was
no longer room for my efforts in this field, then I would hopefully
simply find something else to do.

I think the "taking over the world" bit is more accurate than perhaps
imagined by most. Who said once that if a thing appears to be too
good to be true, it probably is?

Do not do that Shaun please, if you don't mind. I value your opinion
above all others and more importantly, trust it. You have been
posting here for at least the last decade (when I came in, around the
turn of the century). Don't stop now.
We can all idly speculate about this, and about that until

Another telling point. More telling that you might think actually.
So I cannot help

Ha, reminds me of myself back in the 70s, long hair bellbottoms etc
etc and above all else youthful. Thanks for that I had no idea what
you looked like.

That's what I think, surely there are others who think the same, or
are all users sheep?

Post by Shaun
Who knows.
But many users might well care.
Regards to all.
Shaun.

Just a few thoughts...

There are many sophisticated, high quality, royalty-free software
applications available via, for example, SourceForge. TrueCrypt isn't
unique in that regard.

Encryption software falls into a special category of software that
promotes rights of privacy and freedom. Many people hold those rights
dear, and strongly oppose attempts by governments to limit those
rights. People are willing to dedicate time and resources to these
endeavors. I'm sure Shaun can identify here.

Profit is both legitimate and moral in my view. Indeed, I believe
profit fuels technological advancement. Nevertheless, corruption does
exist in the world of business. It is also true that many who claim to
be altruistic are corrupt -- see, for example, religion and politics.
Who can say whether corruption is more likely in business or
altruistic enterprise? Trust but verify is probably a good approach.

DriveCrypt has a good history that could be used to spur growth of
market share. I believe the current licensing system is a drag on that
growth. I also believe that enhancements against attacks such as the
"evil maid" attack could enhance market share of any product in this
field. Heuristic, antivirus-type software applications specifically
directed at this issue might be included with encryption software to
reduce the level of risk to this type of attack.

Thanks for the picture, Shaun.

Best regards to all.

John Smith

2009-11-22 20:02:26 UTC

Post by MyNym
On Fri, 20 Nov 2009 15:09:17 +0000, Shaun

Post by MyNym
On Fri, 23 Oct 2009 16:33:29 +0800, thang ornithorhynchus

There must be quite a few of them as well IMHO. I work every day with
this stuff and I know how bloody difficult it can sometimes be.

This is a very interesting question and one I have often speculated
on. If one was aware of the REAL COST and EXPERISE required for
Windows device driver etc. development one would begin to wonder
indeed what might be going on in the realms of TC land. Only recently
we were wanting to explore the development of a new product, and to
save time a well known dev company was approached regarding a
licence to use an "off the shelf" customisable kernel mode device
driver, and the cost was to be a staggering $125,000 dollars, with
$30,000 per year in technical support and updates after the first
year. We have yet to get back to them.
Having said that, people who understand the nuances of windows devices
drivers are a very rare breed indeed, and there are so many gotchas to
watch out for, and the development environment is difficult to say the
least.
So these anonymous TC guys who took Paul Le Roux's old driver and made
it their own, (as they say in musical parlance), must be at least
reasonably competent, and I don't t see how they can be working
entirely for nothing or completely altruistically. However I am merely
speculating as I have no more clue about this than anyone else, save I
know the level of dedication required to make a reasonably reliable
solid product which works on the vast amount of setups in the field.
To me, there must be some kind of remuneration involved in this, or
they really are saints of the highest order. If it was money, rather
than free disk encryption software they were giving away, what would
we think then I wonder ?
DCPP now runs happily on Win7 so far as we know, and we had quite a
bit of work to do to achive this, even though Win7 is Vista like, the
100mbyte boot area is standard on many platforms and has no drive
letter. Much of this area dealing with the preboot (Bootauth) code was
modified to work with Drive GUIDs rather than drive letters, and this
will be extended in the future. DCPP driver had a battle with rdyboost
which now connects to DCPP which caused me some tears and has been
subject to some tortuous testing to determine that the battle has been
won.
But as for TC - I simply can't see it being an entirely motiveless
enterprise somehow. Others are of course free to believe otherwise,
and it could even be, what it seems to be and I could well be wrong.
Regards,
Shaun

Thats right, they don't rely on TC to protect their data,

Post by MyNym
"SecurStar was primarily established owing to the special security
needs of... state defense departments of several countries." ...
"SecurStar`s core business is the development of new security
technologies for military use." ...
"SecurStar`s team is consists of well known security experts as well
as famous former hackers" ...

<snipped>

Just don't go near 18 year old hackers that broke true crypt, lol

MyNym

2009-11-22 23:12:43 UTC

Post by John Smith
<snipped>
Just don't go near 18 year old hackers that broke true crypt, lol

Your assertions were fully addressed here by Carsten Krueger on
8/5/2009. You are not helping Securstar's image with these underhanded
attacks on TrueCrypt.

Arild Bjørk

2009-11-23 06:36:13 UTC

Post by John Smith
Just don't go near 18 year old hackers that broke true crypt, lol

Just to set the record straight. Not only Truecrypt is vulnerable to
this kind of attack

http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

"...The same kind of attack should work against any whole-disk
encryption, including PGP Disk and BitLocker..."

MyNym

2009-11-23 21:02:58 UTC

On Mon, 23 Nov 2009 07:36:13 +0100, Arild Bjørk

Post by Arild BjÃ¸rk

Post by John Smith
Just don't go near 18 year old hackers that broke true crypt, lol

Just to set the record straight. Not only Truecrypt is vulnerable to
this kind of attack
http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html
"...The same kind of attack should work against any whole-disk
encryption, including PGP Disk and BitLocker..."

That's a great link (particularly with all of the comments) - and
really does elucidate the issue. Many thanks.

thang ornithorhynchus

2009-11-24 08:28:08 UTC

On Mon, 23 Nov 2009 07:36:13 +0100, Arild Bjørk

Post by Arild BjÃ¸rk

Post by John Smith
Just don't go near 18 year old hackers that broke true crypt, lol

Just to set the record straight. Not only Truecrypt is vulnerable to
this kind of attack
http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html
"...The same kind of attack should work against any whole-disk
encryption, including PGP Disk and BitLocker..."

Schneier has just written about this again, in his most recent
Crypto-gram. At length. The point is, one needs physical access (the
evil maid). Simple as that. Give me physical access and I will
install a camera above the keyboard mouse, or a keylogger device
inside the case, rather than tamper with the bootstrap.

thang

thang ornithorhynchus

2009-11-24 08:02:06 UTC