Main Area and Open Discussion > General Software Discussion
TrueCrypt 6.0 released
f0dder:
Stoic Joker: doing the ADS thing only helps if you're trying to smuggle contraband - it's not feasible for regular data files that you need to use daily, programs, etc. If I had to go to the .us for work-related reasons, I'd have to bring a laptop full of reverse-engineering tools and other things that would probably look suspicious to customs. ADS wouldn't help me there, but a hidden OS partition would, since I could just boot an inconspicuous XP to sjov them that everything is hunky-dory.
Also, Justice's ADS link is outdated, with XP taskmgr was upgraded to show which stream of a file that's executed, so suddenly that trick stands out like a naked drag queen in the oval office. Or more, probably.
PS: encryption is only one of the benefits of VPNs - the main advantage is of course that you can refrain from punching any public holes through from the internet to your LAN, except for VPN... and still be able to access the LAN from home/whatever, as if you were inside your corporate building. Obviously you need strong password policies (and certificates for anything serious) for the VPN.
Eóin:
An updated 6.0a is just out today!
6.0a, July 8, 2008
Resolved incompatibilities / bug fixes:
* On systems where certain inappropriately designed chipset drivers were installed, it was impossible to encrypt the system partition/drive. This will no longer occur. (Windows Vista/XP/2003)
* Other minor bug fixes. (Windows, Mac OS X, and Linux)-http://www.truecrypt.org/docs/?s=version-history
--- End quote ---
MrCrispy:
Lets say I am at the airport and my laptop is inspected. If I have TC installed, they will automatically assume I have something to hide and interrogate me further. I have no doubt the DHS will have tools to scan a computer to see if it has encrypted containers.
Also the plausible deniability thing works both ways - they can read TC's feature list as well and know that if I'm smart enough to use it, and I have a 10gb encrypted container which only contains 1gb of files, I'm very likely to have a hidden volume in there too! And then its only a matter of time (read waterboarding) before I am forced to reveal its password - since I can't prove I don't have one. It'd be better to have a hidden encrypted partition but even then its pretty easy to see that and wonder about its contents.
And for those who think that "I have nothing to hide, why encrypt at all", anything discovered in a lawful search can be used against you. The laws these days are designed so that pretty much everyone is guilty of infringement, and its very easy to trap us. If you have some mp3's, if you've accessed a website and its there in your cache, have a ripped movie/youtube video, be prepared to prove you have the rights for it, or they can prosecute you, confiscate equipment and lock you up for as long as they want.
Of course I am being paranoid but its the principle that matters, and to me it seems we have very little privacy left at all.
nosh:
And then its only a matter of time (read waterboarding)
-MrCrispy (July 08, 2008, 01:43 PM)
--- End quote ---
Ah, water! The king of all bruteforcers! ;D
Stoic Joker:
Stoic Joker: doing the ADS thing only helps if you're trying to smuggle contraband - it's not feasible for regular data files that you need to use daily, programs, etc. If I had to go to the .us for work-related reasons, I'd have to bring a laptop full of reverse-engineering tools and other things that would probably look suspicious to customs. ADS wouldn't help me there, but a hidden OS partition would, since I could just boot an inconspicuous XP to sjov them that everything is hunky-dory.
Also, Justice's ADS link is outdated, with XP taskmgr was upgraded to show which stream of a file that's executed, so suddenly that trick stands out like a naked drag queen in the oval office. Or more, probably.
PS: encryption is only one of the benefits of VPNs - the main advantage is of course that you can refrain from punching any public holes through from the internet to your LAN, except for VPN... and still be able to access the LAN from home/whatever, as if you were inside your corporate building. Obviously you need strong password policies (and certificates for anything serious) for the VPN.
-f0dder (July 08, 2008, 08:35 AM)
--- End quote ---
I tossed out ADS only as a comparative example not "the answer", however the TaskMgr showing the stream location would only apply if the program was running at the time. ...Which bring me to the main point which MrCrispy seems to have picked up on...Don't look interesting.
I too have network analysis (hacking) utilities (as part of my job) that have great potential to be hard to explain. How ever at first glance it wouldn't even raise an eyebrow because they're seed throughout the OS on a very boring appearing vanilla install. I know exactly how to find them, and that's all that's important. I don't really need a shortcut to eEye's Iris on the desktop, the hotkey works just fine...
Having any kind of 3rd party Uber encryption will simply make you and your laptop stick out like a shiny red Corvette at an Amish BBQ.
MrCrispy's 2nd point is also 100% correct, put anybody under a spot light and they're gona fail (politics 101). The laws are fast and loose, and there are a ton of bureaucrats that are dying to try out their new toys. Which is why you really don't want to look interesting.
Spiffy encryption widgets make you look interesting enough to poke around a bit, if that turns up anything your screwed. The first two guys you talk to, won't be that (IT) bright ... But the third guy that shows up...
...You can't hide a partition from the POST report (Talk about hard to Explain...).
PS: Yes I am familiar with the point and purpose of a VPN I was just tossing out an example of how some people (miss)use encryption to lock all the windows and then leave the doors wide open.
One of my biggest pet peeves is people who sell a ton of security hard/software to a person or company who then gets hosed by a (lack of) common sense issue that they would have known about if they had simply been told the truth in the first place.
The company I mentioned earlier spent a total of $12,000 on data recovery (4 catastrophic failures) over a six year period because the asshole vendor kept installing their (resource hogging) practice software on a low-end ("working server") workstation using a CD based backup (which failed every time...). I got them to spring for a entry level (dedicated) server with RAID and a tape drive ($2,000) ... and now their problem is finally (truly) solved.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version