OnPoint by Keith Ng

Read Post

OnPoint: The Big Guns: Truecrypt and Tails

68 Responses

First ←Older Page 1 2 3 Newer→ Last

  • Morgan Nichol,

    Hidden volumes are great, very reassuring.

    Auckland CBD • Since Nov 2006 • 312 posts Report Reply

  • Keith Ng,

    I wouldn't know. I have no hidden volumes.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Stephen Judd,

    I think it's also worth reading the indictment against Ross Ulbricht in the case of the Silk Road bust. As you get into it it becomes clear how the Feds identified him partly through some pretty stupid giveaways and partly through requisitioning things from Google and other providers. See from about page 24 on.

    As an irrelevant aside, this is where taking Murray Rothbard seriously gets you. Austrian economics devotees be warned.

    Wellington • Since Nov 2006 • 3119 posts Report Reply

  • Duane Griffin,

    If you have access you can read the crypto keys out of memory (along with the decrypted data itself, of course). So installing that cool screensaver is still dangerous with Tails/TrueCrypt. Whatever nastiness it installs will be gone next time you boot, true, but if it has already sent your keys and/or other sensitive data home then it's too late.

    Hidden volumes are great, up to a point, but... The interrogating officer may well ask pointed questions when forensic examination reveals parts of the device have never been touched, even though the filesystem would normally be expected to allocate space from there.

    The only way to defeat a sufficiently advanced, resourced & motivated adversary is to avoid their attention in the first place.

    Palmerston North • Since Nov 2006 • 21 posts Report Reply

  • DaveC,

    You can’t hide secrets from the future with math.
    You can try, but I bet that in the future they laugh
    at the half-assed schemes and algorithms amassed
    to enforce cryptographs in the past.

    Since Nov 2007 • 22 posts Report Reply

  • Paul Campbell,

    Yes the Silk Road bust points to Tor not being as safe as one might think (or hope), and also how doing stupid stuff can compromise your security ...

    Dunedin • Since Nov 2006 • 2550 posts Report Reply

  • Paul Campbell, in reply to DaveC,

    You can’t hide secrets from the future with math.

    well hand me that one time pad .... it's just a really big key .... BTW the music industry already runs a world wide OTP distribution system - let's both buy the same CD and use the LSBs of the waveforms

    Dunedin • Since Nov 2006 • 2550 posts Report Reply

  • BenWilson, in reply to Paul Campbell,

    BTW the music industry already runs a world wide OTP distribution system – let’s both buy the same CD and use the LSBs of the waveforms

    That's not an OTP. The OT being the part by which you can tell. When you use a segment of the OTP's key, you delete it. In the old days the key pieces were on small notepads so that the pages could be burned as they were used, which is where the name comes from. If there's other copies out there, it's a dreadfully insecure system.

    But yes, with an actual OTP you can hide secrets from the future. The burned pages can not be reconstituted, the 7 times overwritten data bits can't be dredged up, and the key was random. The intercepted transmission is utterly useless without the key, and the key is gone. It could only be recreated from the original message, but there is no purpose in doing so if you have that message already. Perhaps you might do that to find out what the key was so that you could prove whom the message was destined for if you then caught them with the key. But that involves a non-encryption compromise, something that every system is vulnerable to. If the keys are gone, the cyphertext is useless.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • BenWilson,

    I'm curious about the real security of the hidden volume idea. It has always struck me that it's not really that safe from compulsion. If you can be compelled to give the first layer key, then existence of second layer files can be found, and you can be compelled to give the keys for those too.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • Paul Campbell,

    well it's only not one time of you can find the original key somewhere in Real Groovy - it's a really big key space given that you can do something like "take the album 19th from the top of billboard on the postmarked date, look at the DJIA amd NSX at 9am on that same day, multiply them together, start picking bytes from that offset on the cd , take the xor of the LSBS of every sample skipping the temperature at noon in Dar es Salaam samples each time"

    In reality you just have to create a big enough haystack that the needle is essentially OTP - there's a lot of relatively random bits at Real Groovy (in more ways than one)

    Dunedin • Since Nov 2006 • 2550 posts Report Reply

  • BenWilson, in reply to Paul Campbell,

    In reality you just have to create a big enough haystack that the needle is essentially OTP

    Not really, not in the sense to which you were originally referring, safe from the future hacker who has processing power with any limit you care to name, and all of the data from now fits on a corner of his phone's memory. The true OTP is actually safe from infinite computing power and storage. With infinite computing power, you could run every known key against every cyphertext and get the answer in zero time. That's the limit case. Public key is most certainly not safe from this. But it's a lot more practical, for now.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • Jarno van der Linden, in reply to Duane Griffin,

    Hidden volumes are great, up to a point, but… The interrogating officer may well ask pointed questions

    When it comes to that stage, your adversary probably already believes (rightly or wrongly) you have information of interest somewhere. Your options then are to convince them that they are wrong (ha!), produce the data that makes them happy (good luck if you really don't have it), or be prepared for the maximum consequences for holding out (detention for hours/days/indefinite, deportation, torture, being on a powerful government's shitlist for the rest of your life).

    Plausible deniability only works if everyone adheres to the innocent until proven guilty principle.

    Nelson • Since Oct 2007 • 81 posts Report Reply

  • BenWilson, in reply to Jarno van der Linden,

    If you appear to have really clever security systems, I don't think even producing the data will necessarily make them happy, because they can't be sure it's the real data. The could demand all the data from your hidden volume space, even if there's none in there. You can't prove there isn't any there, if there isn't any. But if the onus has shifted, that plays against you. You could end up in Guantanamo next to the goat herder who is also completely innocent. If you're lucky enough not to be subjected to extraordinary rendition. And that's all on the assumption that agents don't go Jack Bauer at the least excuse anyway,

    I've made this point before, and I'll make it again. If you're really trying to protect your data from intelligence services, good luck with that. That's a cat and mouse game that they love to play, that they're paid to play, and have extraordinary powers in, well beyond you and your PC.

    Protecting your systems against lesser and much more likely threats is sensible, though. Hackers. Industrial espionage. Colleagues, family. A burglar. Identity thieves. A snoopy detective. For this level of protection it doesn't really need to be that strong. You could use the big cannons that Keith has been writing about.

    Perhaps if it was so widespread to lock up systems with strong encryption, and for all unwritten data space to always be random, then it would not be seen as evidence of having something to hide. But that isn't the case. Most people don't use any security at all, and probably don't have any secrets worth that level of security. This is the backdrop against which you will be seen both by agents, and possibly by a jury too.

    The irony is that in the "security vs obscurity" stakes that is common in encryption speak, any people really planning to do things that intelligence services (and police) really should be worried about, tend to use obscurity. They're a needle in a haystack of billions of people. It's still very hard to detect low tech organization using high tech methods.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • Kiwiiano, in reply to BenWilson,

    then existence of second layer files can be found, and you can be compelled to give the keys for those too.

    There could be all sorts of reasons why you are unaware of the existence of this hidden volume they're on about. The drive or computer is second hand, you had a virus a few months ago, other people use the computer.....
    The other thought is that dodgy activities don't typically take up much space, a few documents, some plans, photos, etc could fit onto a Micro-SD. Even if they are on the hard drive, a 1GB hidden volume would be hard to spot in the clutter of a Terabyte drive. This MacBook Pro has over 1.5 million files according to SuperDuper, that's a lot of hay to find 1 needle.

    ChCh • Since Nov 2006 • 42 posts Report Reply

  • Keith Ng, in reply to Kiwiiano,

    Even if they are on the hard drive, a 1GB hidden volume would be hard to spot in the clutter of a Terabyte drive.

    (Speculation:) I imagine that encrypted files are reasonably distinct, and that a forensic analysis tool should be able to find them, regardless of size.

    But yeah, a microSD card is a great form factor.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Keith Ng, in reply to BenWilson,

    The irony is that in the "security vs obscurity" stakes that is common in encryption speak, any people really planning to do things that intelligence services (and police) really should be worried about, tend to use obscurity.

    This has all been aimed at journalists and their sources. For journalists, obscurity is not an option. But on the up side, journalists aren't going to get Gitmo'd in the near future. I'm not worried about the entirety of the NSA, just about some very specific powers of some very specific individuals.

    In this case, that the Police can get a search warrant and seize your computers and your devices, and upon discovery of an encrypted hard drive, can compel you to give up the password. It's a VERY specific adversary. It's not unlimited, it doesn't involve rubber hosing or extraordinary rendition, or indefinite detention, or supercomputers brute forcing your shit, or the TAO using custom exploits to target whatever.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Keith Ng, in reply to BenWilson,

    then existence of second layer files can be found, and you can be compelled to give the keys for those too.

    No. From http://www.truecrypt.org/docs/hidden-volume#Y0:

    Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created and no part of the (dismounted) hidden volume can be distinguished from random data.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Keith Ng, in reply to Duane Griffin,

    If you have access you can read the crypto keys out of memory (along with the decrypted data itself, of course). So installing that cool screensaver is still dangerous with Tails/TrueCrypt.

    You're right. I was trying to illustrate the point of a straight-to-ram OS, but I overstated the safety of Tails. However, being a Linux system, and with Tails making it very difficult to install anything, it should be fairly difficult to do.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Bill Brown,

    I keep all my passwords in keypass2.

    Keypass2 generates all my passwords, they are strings of random digits up to 20 characters or so in length.

    I use keypass2 to autotype them when I need them - I couldn't reproduce any of them even if I wanted to.

    My keypass2 database is kept on boxdrop and is available from any of my devices. It has a really long key which I remember - this is my only password.

    If I delete that file, nobody, including myself can get into any of those accounts, encrypted zip files or whatever.

    In fact, if I closed my eyes and changed its password to something even I didn't know it would be impenetrable.

    So, if the cops are knocking at my door, and I do that - what's their recourse?

    Since Apr 2008 • 4 posts Report Reply

  • Stephen R, in reply to Bill Brown,

    So, if the cops are knocking at my door, and I do that - what's their recourse?

    What the cops do then is say that your actions are evidence that you were up to no good, probably something criminal, and therefore they should be able to confiscate all your stuff under the proceeds of crime act, (which Labour proposed and National passed when they got in) which does not require conviction on a criminal charge, merely convincing [a judge?/ a jury?] that on the balance of probability, you were doing something naughty, and that although they can't prove what it was, it was probably for making money, and therefore they want your house/car/goldfish as proceeds of a crime.

    Basically, it's very difficult to beat the Government at a game where they can change the rules if they want to.

    I had a long conversation with Annette King (Then minister of police) about the proceeds of crime bill, and she was very keen on people "we know are bad people" being punished by having their toys taken away. It's part of why I stopped voting Labour. My counter-claim that if they couldn't get a conviction then they didn't actually "know" and therefore that such an approach was unsafe was met with a response of "but there are people we really know are bad, trust us".

    On the other hand, I am very grateful to both Annette King and the Labour government of the time that I could stand on a street corner and have a spirited conversation about such topics with the minister of police (or at least, my local MP) where she actually engaged with my argument, without a coterie of bodyguards / flak-catchers to interfere. I don't think the same could be said of Anne Tolley, although she's not my local MP, so I can't be sure.

    Wellington • Since Jul 2009 • 253 posts Report Reply

  • Rich of Observationz, in reply to Stephen R,

    It's part of why I stopped voting Labour

    Me too - whenever I think of voting for them I remember the long list of things from Zaoui onwards they did when in office (and have largely not repudiated), and stick to the Greens.

    Back in Wellington • Since Nov 2006 • 5528 posts Report Reply

  • Chris Waugh, in reply to Stephen R,

    the proceeds of crime act, (which Labour proposed and National passed when they got in) which does not require conviction on a criminal charge, merely convincing [a judge?/ a jury?] that on the balance of probability, you were doing something naughty,

    One of several reasons governments of recent years have given me for thinking we need some kind of constitutional convention or constitutional court made up of people of immense mana and expertise in constitutional law that would be able to send shite like this back to the government with instructions to stop trying to steal our democracy and human rights* away from us. I mean, isn't this not just riding roughshod, but stampeding a herd of wild horses all over "innocent until proven guilty"?

    As to how you'd make that work while avoiding US Supreme Court-style nonsense, I don't know. Where's a constitutional lawyer when you need one?

    *heh, and I'm in China....

    Wellington • Since Jan 2007 • 2380 posts Report Reply

  • BenWilson, in reply to Keith Ng,

    No. From http://www.truecrypt.org/docs/hidden-volume#Y0:

    Fair enough – even the header information itself is encrypted and may not exist. Which does not mean you couldn’t be compelled to give that password and be in violation of law if the existence of the drive comes to light later.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • BenWilson, in reply to Keith Ng,

    This has all been aimed at journalists and their sources. For journalists, obscurity is not an option.

    Why not? You can hide a memory stick somewhere, same as anyone else. Or put it "somewhere on the internet". You can have private conversations with people that do not involve electronic records. Indeed this seems like the most usual way of protecting themselves, most especially because it works.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

  • BenWilson,

    @Bill Brown

    If they hack your email password alone, then almost all of those other passwords can just be reset.

    Auckland • Since Nov 2006 • 10488 posts Report Reply

First ←Older Page 1 2 3 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.