The former data could have been another encrypted container stored in the area in the past (before the present container). TrueCrypt 7.1a Mac OS X.dmg: sha1. Although that data probably wouldn’t look like random noise (which the container would).TrueCrypt Developer David: Said Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’.
Truecrypt Dmg Professional Opinion ThisPartition doesn’t have any outer metadata and is also better performance-wise.I’m really not suggesting this is a practical attackBeen using this since v1.0 and still using it, Linux version is catching up to the Windows version slowly but with great success.A brilliant product, especially since it is 100% free with full source available.Compared to commercial “bloatware” products which companies seem more than happy to lay down the green for, I think TC is something indeed to look up to.I think if someone like Bruce could have a look at it and give his professional opinion this would definetly serve the crypo community.Things that are closed source seem to get plenty of attention but never are really professionally reviewed, all the unknowing users read is *coff**coff* “military strengh encryption using triple blowfish”….lets not say more.Something like this goes along the very merits of why PGP was released at first, those that need it in countries where using crypto is illegal or even life threatening could benefit from a program that is not only open source, does not only contain good “plausable deniabilty” but is also given the thumbs up from someone like Mr Schneier.Just to correct something I read up above on TC been broken in a previous version.The authors implemented LRW over CBC due to an attack that enabled an attacker to place plain text blocks within a mounted volume, which allowed the volume to be identified from the random space,thus it affects the “plausable deniablity” that TC strives for, this did not affect volumes created with AES-Blowfish or AES-Blowfish-Serpent chaining.I had a look at TrueCrypt a while ago, but the one thing I found to be a problem is that the binaries available under Linux are built against the originally shipped kernel for the distribution in question, and not the latest version that the distribution provide (which contains security updates). You should either store the container on a FAT-formatted disk, or encrypt a partition. No, the “magnetic” analysis is useless.Assuming you gave up the keys one of the volumes, the metadata for that volume tells you which sectors should not currently be in use.As the manual says, containers containing hidden volumes should not be stored on NTFS (or any other journaling file system that uses metadata).The mystery file is either another mp3 file, or some more random data. You send me (a) an mp3 file, (b) a file containing random data generated by you, and (c) a mystery file. Of course, you can compile from source, but it’d be nice if they released the packaging information used to build the packages (eg: the “.spec” file for RPM, the “debian/” directory for DEB, etc), something that is not currently part of their source code.5:38 Novak: we can do a blind test. The module is built against 2.6.12-9-386, while Ubuntu are now up to 2.6.12-10-386.It is therefore extremely easy to tell an ordinary mp3 file from random data.Don’t base your security model on ordinary compressed formats being indistinguishable from random data. The likelihood of it being random is extremely close to 0 – “beyond reasonable doubt”. This is useful if they temporarily lose the signal, or want to pick it up part way through, or whatever (think digital radio).So if the data contains a “start of frame” marker, followed by an MPEG frame header (which tells me how long the frame is, so I can calculate where the next “start of frame” marker should occur), and then another “start of frame” marker at the predicted place, then it’s MP3. MP3, in common with other MPEG formats, contains regular “start of frame” markers, which players can use to seek within a stream for a place to start playing. The game is to see whether I can tell you what (c) is.In fact, don’t bother sending the files, because I will win the game every time, even if you send me smallish snippets of MP3 files rather than the whole thing. Varnam ayiram full movie downloadSo the chances of you being believed if you say that some random data “isn’t steganography, just an old mp3 file”, are very small indeed.But yor general point is correct, that provided there is plenty of random data on the disk anyway, one can plausibly deny the hidden sector. This isn’t enough to make it look random, even if it’s 100% fragmented, because the incidence of the “start of frame” markers is much too high and too regular for chance – even with a 512 byte blocksize there should be at least one in every block, but never two closer together than about 400 bytes. So there’s a frame header every 417 bytes on average (and in fact it’ll be quite close to exactly that, because it happens to be fixed rate encoded). ![]() The hidden container should not be larger than 20% of the outer container – just making the number up).2) Who can blame you for your foresight to plan for about 50% of reserve-space in your (outer) volume? It is just that you have not found enough sensitive data to put in the volume yet.The point of it has nothing really to do with a hidden volume.The volume is randomly generated data over all, no markers as in many other OTFE volume products.The point is not to label it as a MP3 file, the point is “if you cannot prove that this is in fact encrypted data, then I have plausable deniabilty”The hidden volume is simply there if you are forced to give away a password (someone breaking fingers?), then mabey this could come in handy.Thing is, if you formated your HDD with TC, which is then filled with random data, you could say to “Mr Smith” from the FBI that the disc contained sensitive information which you destroyed with something like DBAN a few weeks ago.If there is a file with a header/marker which shows its a DriveCrypt volume, there is not much you can say.If however the attacker does not know for sure what the file/device/harddrive is, and if there is any hidden volumes, if there is in fact any encrypted data or just the random bits left over from your DBAN shred, then you have something to work with.Lets face it, nothing is perfect, this just provides some tools that can be used for those who need it.The reason it is there is NOT for you to name a TC volume as song.mp3 and expect your attacker to belive it really is that.If you formatted your HDD with TC, it will be now filled with random data.You could tell the attacker that you had sensitive data on it a week prior which you have destroyed using Darik’s Boot and Nuke disc, thus the reason for all the random data.The hidden volume is ONLY there if you MUST give away a password.Someone has you and is breaking one finger at a time, lets face it though, if it got to that, you would probably be toast even if you gave away the password.But if giving away the HOST volume password that has some sensitive looking data can get you off, then that is what it is there for.
0 Comments
Leave a Reply. |
AuthorAmanda ArchivesCategories |