On Tue, 10 Jun 2014 11:08:05 +0100, Shaun
Yep I've been running TC on three 3TB disks with the hidden container
option for a year or two now. Like you, they found UEFI too hard to
nonchalantly upgrade the hidden OS code.

You know, apart from mobile phones where there is no mechanical
keyboard, I find touchscreen availability almost an affectation (for
desktops and notebooks). I'm probably a dinosaur but have you
researched it? I would think upgrading hidden OS to UEFI/GPT would be
far more important - for one thing, you will be the first of the
hidden OS FDE providers to do so! What an achievment. I dare say that
was what mainly broke the back of the TC development (which doesn't
worry me because Win 7 will be around for a long long time).
Ok. Major difference and I should have remembered that. Correction
noted. I did use DCPP for about three years way back...it was one
thing actually which did appeal to me about DCPP, as I didn't like the
2 partition configuration at all when I became aware of TC - it seemed
to me it was a red flag...but then I came to your conclusion that many
disks are partitioned for various reasons and in TC's case it could be
said that the second partition was set aside but never used. It was
randomised including the headers.
I will. In the next few weeks. What's your timing - say, the next 6
months or so?
That's what I meant. Or are you saying there is a version of DCPP
which doesn't support hiddenOS? I would think your clients would
prefer or require only DC - with appropriate corporate support.
The corporate IT types would probably appreciate a more comprehensive
explanation of the mechanics of the products. Marketing can then
broadcast Securstar's "superior documentation" as an added fillip for
the conscientious IT professional (or CIO's).
Yes. I was discussing the difference in product availability and
therefore documentation. I was once intimately familiar with both DC
and DCPP having used both for several years. I was not happy that TC
used two partitions - it seemed to me that plausible deniability was
compromised, unlike the DCPP scheme.
Did you mean "we have plans for DCPP"? And, yes, that does surprise
me. My reason for using a hidden OS is simply to prevent leakage of
multiple passwords for multiple purposes (banking, patents, client
information and a multititude of other purposes) into the numerous
niches and crannies which MS has created with its Frankenstein's
monster (eg page file, user accounts, program files, registry hive,
hiberfil, etc etc). I would think that corporates would not be as
careful, especially in context of auditability and central control of
access, and would therefore not need hidden OS availability. I would
have thought that on a "sales volume" basis DC>DCPP.
I get it. DCPP is mainly sold as a OTF-FDE solution for your OS-boot
drive. Hidden OS functionality is an extra flavour.
I understand that - I have been a marketeer all of my professional
life. I'm semi retired and still have a short list of clients for
whom I market regularly.

However, as this was a specific comparison with TC *and* superiority
of BC over TC on a function by function basis was being trumpeted, to
leave one vital component out because they couldn't match it was just
...dishonest. It should have been left in and explained away on the
basis that, for instance, there is very limited need for a hidden OS
when OTF FDE of the first active partition (C drive) is available.

That's what I have done for clients and myself for the last 30 years -
because I believe that dishonesty in the corporate world is grubby and
low, and because there are intelligent types in that part of society
who *will* pick up on such dishonesty.

They painted themselves into that corner and then were dishonest in
their comparison.
I understand now Shaun that you offer UEFI/GPT support for DCPP but
not for DCPP in its incarnation with hidden OS functionality.
Therefore, max addressing space for hidden OS is restricted to 32bit.
Yes, as agreed by you above - for DCPP if your plans are approved at
executive level for hidden OS functionality for UEFI/GPT.
Better. As of yet, TC and its forks (see Veracrypt) don't offer
UEFI/GPT functionality for hidden OS.

Although, Veracrypt probably has that in mind:

https://veracrypt.codeplex.com/workitem/list/basic

"GPT System Partitions cannot be encrypted because the bootloader does
not support GPT Partition Table"

and:

https://veracrypt.codeplex.com/discussions/547604#post1253164

"GPT partitions and UEFI are not supported yet. This is planned but it
is complex to implement. Work on it started but we can't give any
release date yet. As of today, no open source implementation of UEFI
boot encryption for Windows exists and we hope to be the first to
release such implementation." This was written in June 2014.

I don't know if you were aware of Veracrypt Shaun. They have already
upgraded TC source PBKDF2-RIPEMD160 from 1000 iterations to 327661 and
for standard containers and other partitions from 2000 iterations to
655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

It seems they (he, actually) is working on this problem (UEFI/GPT)
right at the moment. He lives in France - that's a good thing. Out
of reach of the yanks and there is little love lost between the French
and the US - or you Brits.

His implementation is open source - if he does this, and this being a
fork of TC, and TC being audited at the moment and that audit being
fully funded through to completion, then it would be almost trivial to
compare the source code for his code exceptions (his method of
UEFI/GPT boot encryption) and then prove absence of backdoors etc. It
will all be open source.

Interesting, no?
Yes, agreed. The decoy in your case is not a working OS. In TC's
case, it is and can be shown to be so for excellent plausible
deniability. In DCPP's case, if RIPA forces one to cough up the pass
for the decoy OS, there will be no time stamps etc on that decoy to
prove that it was in use and therefore it seems to me plausible
deniability will be that much more difficult to demonstrate.
Nothing negative at all. However, if you have for instance data which
your British authorities consider to be in the national interest (say
patents or IP regarding something which they want to confiscate and
quarantine for "national" use therefore denying the inventor or holder
of the IP the opportunity to commercialise internationally) can you
demonstrate how giving up the password for the decoy OS is going to
convince them of the absence of the hidden OS? Given that your
drawings, schematics, patents, IP etc all reside on the hidden OS? For
one thing, the decoy will not have been in use - correct? Therefore,
no current timestamps, no pagefile, no hiberfile, no roaming, temp,
and so on - unused. So, they ask, how come there are timestamps on
the other drives in the machine which demonstrate recent use (because
DCPP doesn't read-only other drives and partitions) - and what have
you been using if you haven't been using this OS?

It all becomes rather elaborate - oh, I have another desktop or laptop
which I have been using. Well, why have *this* machine set up with an
encrypted OS and a suspicious second partition, and data on the MBR
which shows there is a DCPP installation - and then use another
machine for your day to day stuff?

Whereas, with TC, there is a fully operational decoy/sacrificial
OS...and nothing but a second partition which is full of random data,
including the headers for that partition.
But not the exclusion of IP protection. Surely IP is protected there
for the creator/author? And above the level of code, the systems
themselves are protected by patents? Which means such "property" can
only be transferred for use by another party by way of formal contract
- an agreement. Unless you are an employee - in which case everything
you create (code and systems) vests automatically in your employer.

I doubt that "free exchange" means that an external consultant for
instance would work just so his inventions can be "freely exchanged".
Perhaps you haven't read my other comment in the other thread about
the stuff which was posted on Pastebin a few years ago by the anon
hackers. They took down a full machine in the US which had
inter-agency emails involving a senior IT investigator in a State IB -
and his counterparts in the FBI. THE FBI has invented an internal
program called ZSearch specifically targeting TC and other FDE
programs - looking for PWs in the page file, memory, and so on. Fully
documented - I can post if you like, it was freely available for a
while. TC OS's and containers/files came up often and they could not
crack it directly outside of brute force or looking for leakage.

As to the Miranda issue, here is actually what happened with TC per
Oliver Robbins, your Deputy National Security Adviser for Intelligence
and Security, in the High Court of Justice in MIRANDA vs SECRETARY OF
STATE FOR THE HOME DEPARTMENT:

"13. I am advised that the data recovered from the claimant is
almost certain to contain some of the material passed by Mr Snowden to
Ms Poitras and Mr Greenwald. Much of the material is encrypted .
However, among the unencrypted documents recovered from the claimant
was a piece of paper containing basic instructions for accessing some
data, together with a piece of paper that included the password for
decrypting one of the encrypted files on the external hard drive
recovered from the claimant. I have been briefed that the authorities
have therefore been able to examine the data contained in this file.
They have been able to determine that the external hard drive contains
approximately 58,000 highly classified UK intelligence documents. Work
continues to access the content of the other files on the hard drive
and the USB sticks."

These are facts stated in defence of Miranda's application to the High
Court seeking restoration of his laptop. They were and still are
stuck on TrueCrypt - according to Greenwald, in a later statement,
said "...they only got access to 75 of the documents that he was
carrying, most of which are probably ones related to his school work
and personal use."

This situation hasn't changed - neither the external drive nor the
internal drive have been decrypted. Note also that Miranda did not
have a hidden OS setup - just containers with thousands of files in
them. Detective Superintendent Goode said that the information on the
external hard drive was encrypted by a system called “True Crypt,”
which she said “renders the material extremely difficult to access.”
Goode said the process to decode the material was complex and that “so
far only 75 documents have been reconstructed since the property was
initially received.”

With TC, there is no complex process. The file or container is
mounted (one click) and then a password is entered - and everything in
that container or file is available in plaintext. Why use the word
"reconstructed"? Well, with TC containers, files or even partitions
there is leakage of the PW of course to the page file and retention of
documents in plaintext etc not only in the swap but in unallocated
space and file tails. This is what she means by "reconstructed".

They still haven't accessed Miranda's encrypted containers - if they
had, he would have been charged, and he hasn't. They have picked up
some stuff from normal forensics of his unallocated space etc - the
leakage in the unencrypted OS.

If Miranda had used full disc encryption, not necessarily even the
hidden OS, then they would not have "reconstructed" even one file.


Don't tl;dr the above Shaun, I would like your comments please.
Otherwise, it's just a handy means of organising my own thoughts...
Nah, they knew Miranda was Greenwald's partner, of course. And they
knew Greenwald was the source of the revelations of part of Snowden's
haul. They knew with a fair degree of certainty what was in the
encrypted container.
You have competition in France. See my comments on VeraCrypt above.
He is working towards supporting it for hidden OS purposes and open
source.

What do you mean "UEFI is still a nightmare for the well designed spec
is still widely broken"?
Yes, excuse my ignorance explained above on the basis of long
abstinence from the way you have designed things. Apologies. If you
are rethinking the entire UEFI/GPT/HiddenOS scenario, you should
ensure firstmost and foremost that the decoy is (a) fully usable and
therefore a plausible decoy and (b) have the option to write protect
everything but the hidden OS when the hidden OS is booted (this will
oneup TC because that factor is not optional - it's mandatory).
For you it's easy enough to use, and for me...but not for the teeming
masses. The documentation needs to be twofold - simple for the
simpletons and complex for the professionals or dilettantes.

Marketing is essential - email me when you have determined which, if
any, course you are going to set for the UEFI/GPT compatible DCPP with
HiddenOS and I will give you at the least bullet points you can use on
your glossy material (website and emailable .pdfs). It's what I do
for a crust and my clients come in varieties up to transnational with
multi-billion toplines.
The money is often opportunity cost - the revenue you would have
generated elsewhere if not for the development you are engaged in. I
have a friend who is developing code for a provisioning system for use
by insurance companies in the motor vehicle sector - he has been paid
around $40K for it so far and has done about that amount again of
development for zero revenue - on the basis that if it takes off, then
he will be paid retrospectively and generate some revenue from
licensing etc.

There is always a motivation. Sometimes it's idealism (think: TC
devs) but that can fade over time. Sometimes it's just to prove a
point, but usually it's to generate income whether now or in the
future. Some people have the capacity to think strategically rather
than tactically - their timescales are in years not in months.
Idealism. Youthful. No longer so young or so idealistic. Can you
understand how you developed Scramdisk over 10 years ago when you were
young and idealistic? Before you had mouths to feed and were full of
the bullshit that society force feeds you on?

Anonymity is a good thing sometimes. I don't do FB, Twitter, Google+
or any of the other stuff which destroys privacy (anonymity). I have
always been that way. I don't do photographs. I don't reveal casual
personal data on the net or for that matter anywhere else. I never
have nor will I. I don't do linkedIn, or any of that stuff either.
I'm a "word of mouth man" and it's placed me in a great suburb in a
million dollar house (no mortgage) and all the trappings - if I want
those trappings which I don't. Because I don't do jealousy and envy
either.

More to the point, and illustrating my point about youthful idealism
and creativity, didn't you write Scramdisk with Paul back in 1999 and
with the following license?

"License Details

1.You accept that the creator of this software cannot be responsible
for *any* loss of data however caused (including by any incorrect
operation of this software program despite 'best efforts') and you
agree to back up any files you consider important before you use this
software on your system.


2.You agree that the creator of this program is anonymous, but wishes
to retain copyright and commercial rights to this software.


3.You agree not to redistribute this software in any form other than
that in which it was received by you, and will include all files
exactly as present when it was so received, if you do distribute it.


4.You agree in the event of loss, or forgetting of passwords used by
this software, no technical support can be given to assist in recovery
such passwords, and that you forgetting any passwords, EQUATES to loss
of your data when that data is stored on any disk partitions, or disk
drive images created, and opened by the execution of this software.
You accept no back doors exist, to gain access to scrambled data.


5.You agree that some of the ciphers used are the intellectual
property of others, and may need a licence for commercial use, such as
use on a business system.You acknowledge this is especially true in
the case of the IDEA algorithm and will read the documents regarding
the Ascom conditions of use of IDEA which can be found in the document
file 'scramdisk.doc' included in this software package.


6.You agree that if you obtain the publicly available source code, and
amend it you will submit the amended program and new source code to
the originators for publication, and understand that these amendments
shall not violate compatibility with older versions of the software or
reduce security levels in any way."

You and Paul wanted to be anonymous (see 2 above). Scramdisk at that
stage was free, freely distributable to non-commercial interests and
open source. Just like Truecrypt which came along later but never
turned commercial (Scramdisk -> Drivecrypt).

I still have your "sdfullsource202h.zip" on file Shaun. Source and
binaries, both PGP signed.

That's my point. They just never went commercial - but who's to say
going commercial *now* isn't part of their strategy, and killing off
TC a necessary preliminary to that?
Talk to me Shaun. I will endorse a NDA with you. My input can be
valuable, especially seeking your target market and then marketing to
that target population.

It will mean me converting to non-anonymous, so it will need to be
good :)

"...which would increase plausible deniability greatly." That's the
kicker.
Yes, but those second partitions aren't accompanied by a DCPP header
on the MBR/GPT (or a TC header on the MBR). When you have both, you
have a suspicion in respect of the secondary partition, especially in
DCPP's case where the decoy has no usage, no recent timestamps, no
used pagefile, no evidence of regular use.
You've already answered this - it's "randomized" to use your term
above.
I'm talking RIPA Shaun, not some other conviction. RIPA means that if
they have evidence which is "reasonable" then the court can order a PW
be provided for decryption. If the PW is not provided, then a
conviction is recorded under RIPA for non-compliance. That's a matter
which can be determined by the encryption user based on whether the
degree of "plausible deniability" is sufficient for the "reasonable"
test to be *not* satisfied.

Eg: with TC hidden OS, the decoy is fully used with up to date time
stamps, functional swap file, plenty of evidence in the nonallocated
space and file tails of full usage, bloated registry hive and so on.
The second partition and its headers are fully encrypted and
randomized as you say - indistinguishable forensically from an
unformatted disk.

With DCPP, there is no evidence of usage of the decoy, there are no
current time stamps, no files in unallocated space, no file tails in
unused parts of clusters etc. Hard to show plausible deniability to a
reaonable degree especially in the face of a determined state player.

Hence, RIPA, give up a PW or face conviction...
What Shaun, not even RIPA? It's a law and a bad one at that along
with its equivalents in many other countries (but not the USA which
has an excellent constitution). Interesting to hear you say this when
your website talks about plausible deniability - which is surely an
"evasion" of the need to cough up a PW by allowing you to "evade"
detection of your hidden OS (even though it wouldn't stay hidden for
too long after the decoy OS is booted and shown to be a sham OS).

By not assisting in enforcement of RIPA you are, in essence, evading
RIPA. That's nothing to be ashamed of, but TC does it better by
allowing the decoy to be more than a decoy - I am using it right now
to type this on my NNTP client.

Some interesting stuff above. Get back to me please on the various
issues, I enjoy our discussions and I believe they are both useful to
me in my "hobby" and useful to you commercially, if you give it more
than a passing thought.

cheers

thang