U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 01-26-2012, 12:02 AM
 
24,503 posts, read 35,982,964 times
Reputation: 12852

Advertisements

Quote:
Originally Posted by ghz24 View Post
And also the same container can have both a hidden and normal volumes you can't force me to decrypt any of my volumes even with a gun.
Because even if you find the container you'll never know if there is a hidden volume and the pass phrase I provide will only open the normal volume with the fake data in it. Not the real hidden data.
And yeah the FBI can crack the encryption but not before my grand kids die of old age! (Quantum computing aside)
Back door? It's open source software so a decent code writer would see a back door.
The best way to get at a Truecrypt volume is Trojan the system and wait for the user to mount the volume.
Here's a poster that knows what he/she is talking about. Hidden volumes are safe until quantum computing (or the equivalent)becomes reality.
Reply With Quote Quick reply to this message

 
Old 01-26-2012, 10:19 AM
 
15,924 posts, read 17,657,958 times
Reputation: 7645
You guys are hilarious

Information Security Short Takes: Cracking a TrueCrypt Container

Schneier research team cracks TrueCrypt | Security Management | ZDNet UK

Innovations Blog » Blog Archive » TrueCrypt is now Detectable (http://www.forensicinnovations.com/blog/?p=7 - broken link)

https://docs.google.com/viewer?a=v&q...PR7OHKfoN5Ancw
Reply With Quote Quick reply to this message
 
Old 01-26-2012, 03:36 PM
 
6 posts, read 6,830 times
Reputation: 10
Default RE:You guys are hilarious

Do you even read past the headline
from your first link (the only one that actually attempts to crack in to the container)
Quote:
Conclusion
The generic brute force attack on any target, including a TrueCrypt volume is extremely difficult to achieve since the time needed to try the passwords is very long. The only logical approach is to perform the 'due dilligence' of knowing the partial password before attacking the TrueCrypt volume.
your second link says it cracks truecrypt but actually just detects the container and remnants in the system OS.
That's not "cracked" that's found, not cracked unless you can read my data.
And we haven't even touched on keyfiles that use data from normal file(s) as part of the password making a very long pass phrase.
And no one has found a way of determining if or which files that may or may not be present on the system were used as keyfiles. Because they are in all respects ordinary files unchanged by the fact that their info was used to help encrypt the hidden volume in the container that you point out can be detected.

And even if you tie up your computer guessing passwords the first password you'll find is the one to the fake normal volume (cause the password is short) not the important password to the hidden volume.
So you will believe you have cracked the file and wondering why I would so carefully protect pictures of my yard, pets and kids would be your only hint of something amiss.

So I did miss speak MY grand kids great grand kids will be dead before they get my data. With out a massive jump in computing (quantum)
Unless they ask nice, but then again they can't be sure if there is or isn't a hidden volume in the container they found.

Again the best attack on a truecrypt volume is to corrupt the OS and get the user who knows the password ect. to mount the volume.
So you can read the mounted "drive" as a normal drive.
Ive seen other reports of "cracking" truecrypt but this is how they cracked it (not what I'd consider cracking the encryption).

edit: and for the point of deneability and auto created shortcuts: If I boot to a live CD OS like knoppix there are no surviving shortcuts or records of files used or accessed. Once the system powers down all the ram memory (where the shortcuts or tracks would be) is gone. Crack that!
And I use truecrypt version 7.0 not 5.1

Last edited by ghz24; 01-26-2012 at 03:55 PM.. Reason: add
Reply With Quote Quick reply to this message
 
Old 01-26-2012, 04:46 PM
 
24,503 posts, read 35,982,964 times
Reputation: 12852
Quote:
Originally Posted by plwhit View Post
You guys are hilarious

Information Security Short Takes: Cracking a TrueCrypt Container

Schneier research team cracks TrueCrypt | Security Management | ZDNet UK

Innovations Blog » Blog Archive » TrueCrypt is now Detectable (http://www.forensicinnovations.com/blog/?p=7 - broken link)

https://docs.google.com/viewer?a=v&q...PR7OHKfoN5Ancw
Linking to the same study twice does not make it anymore valid. If you READ Schneier's paper, it determines that there is a hidden volume by analyzing residual data of certain productivity software. This is a good study because it teaches us something very important. Place the entire OS on the hidden volume. It doesn't demonstrate a flaw in TrueCrypt but demonstrates an error in usage.

The other two only discuss the container volume and not the hidden volumes. As discussed earlier, it is possible to find only the container volume. You may want to read your links.
Reply With Quote Quick reply to this message
 
Old 01-26-2012, 06:52 PM
 
15,924 posts, read 17,657,958 times
Reputation: 7645
Quote:
Originally Posted by NJBest View Post
Linking to the same study twice does not make it anymore valid. If you READ Schneier's paper, it determines that there is a hidden volume by analyzing residual data of certain productivity software. This is a good study because it teaches us something very important. Place the entire OS on the hidden volume. It doesn't demonstrate a flaw in TrueCrypt but demonstrates an error in usage.

The other two only discuss the container volume and not the hidden volumes. As discussed earlier, it is possible to find only the container volume. You may want to read your links.
Where have I ever said there was a flaw in it?

Every time people like you stand on your pedestal and proclaim something is "foolproof" or something is "beyond hacking" you wind up with egg on your face.

Oh well, once again, you have managed to take the thread off-topic
Reply With Quote Quick reply to this message
 
Old 01-26-2012, 08:43 PM
 
24,503 posts, read 35,982,964 times
Reputation: 12852
We're discussing a valid technical solution to the concern raised by the ruling. Folks who otherwise felt they had the protection of the 5th amendment should know that there's a technical solution in which they cannot be forced to reveal their encrypted data due to deniability. It's clearly offtopic. Now if you'd stop suggesting that this is false and stop posting links that don't support your suggestion, we could all move on.

Your nonsense can confuse a reader not familiar with the subject.
Reply With Quote Quick reply to this message
 
Old 01-26-2012, 11:17 PM
 
6 posts, read 6,830 times
Reputation: 10
Default off topic?

Quote:
It's clearly offtopic
First let me apologize if I helped pull this thread off topic.
But the initial post claimed that Americans can be forced to decrypt their hard drives.
I thought refuting an erroneous statement with facts was very on topic.

And the judiciary may have proclaimed the legal right to order people to decrypt but they lack the ability to enforce it.(or even tell if the person has complied with their orders) so their proclamation is moot.

Quote:
Where have I ever said there was a flaw in it?
That would be here
Quote:
'll bet you even think Truecrypt and others like them haven't built in backdoors for law enforcement...
because a backdoor in an encryption program is a gigantic flaw.

Quote:
Every time people like you stand on your pedestal and proclaim something is "foolproof" or something is "beyond hacking" you wind up with egg on your face.
Well you got that one right. All generalizations and absolute statements are dangerous including this one.
I'll just have to keep a napkin handy (for the egg).
Reply With Quote Quick reply to this message
 
Old 02-13-2014, 02:22 AM
 
6 posts, read 6,830 times
Reputation: 10
Default Quantum Computing

For the record now you can worry about some one cracking your true crypt protected data

http://www.vancouversun.com/business...545/story.html

All present encryption is vulnerable to these.
Reply With Quote Quick reply to this message
 
Old 02-13-2014, 10:47 AM
 
48,516 posts, read 85,127,415 times
Reputation: 18083
Quote:
Originally Posted by hoffdano View Post
I don't think this is so cut and dry. An encrypted hard drive is analagous to a locked safe or safety deposit box. Existing law allows law enforcement, with a proper warrant, to search those sealed devices.

I think in the cited case there are some doubts about the quality of the warrant. But if the warrant is legally valid unlocking the hard drive seems reasonable to me.
Yep; warrant changes everything. Legality of Probable Cause used is always a argument in any case where used; depending on writers side.
Reply With Quote Quick reply to this message
 
Old 02-13-2014, 02:50 PM
 
Location: 10110001010110100
6,385 posts, read 10,848,547 times
Reputation: 5589
I also tend to think this is unconstitutional because I don't consider a sealed hard drive same as a safe but more like a brain where you retain data, information, etc. so, yes, it seems anti 5th to me too.

That said, if I had such critical, discriminating (for anyone) type of data on my HDs, I would make sure to have one of those ESD type zappers nearby for a one button, evidence neutralization action.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 06:04 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top