| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jul 2011 16:13:50 -0700 From: Tim <tim-security@...tinelchicken.org> To: Ferenc Kovacs <tyra3l@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Encrypted files and the 5th amendment Hi Ferenc, > check out the link in the last mail, seems to be what you are looking after. > http://www.truecrypt.org/docs/?s=hidden-volume > http://www.truecrypt.org/docs/?s=hidden-operating-system Thanks I did read the first link at least. This doesn't prevent detection of *something else* on that disk though. Once you give an investigator the key to the first partition/layer of encrypted data, they can either see that the partition inside is too small, or if the encrypted volume is within that volume in some way, write a bunch of files and see when allocated space hits a wall. One way or another, TruCrypt has to prevent the hidden partition from being overwritten. This is why I was saying that using compression (plus perhaps random disk access; mixing hidden blocks in with non-hidden ones) could help hide this discrepancy in sizes. However, the investigator can just run the machine under a debugger to see what is really going on to discover how much data should be left and where it should reside. I agree with Thor though, if done carefully there are several ways to argue "that's not mine" or "I forgot the password" or something similar. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists