lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2d6724811001270838k3c4d0066t113f0bfa38928a1@mail.gmail.com>
Date: Wed, 27 Jan 2010 11:38:47 -0500
From: T Biehn <tbiehn@...il.com>
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: "McGhee, Eddie" <Eddie.McGhee@....com>,
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

Bipin.
I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP
Desktop, Windows EFS and all manners of configurations of those
products, including the hidden container features of DCPP and TC.

I am familiar with computer forensics, computer forensic methods, and
anti-forensics. Furthermore I have working knowledge of the various
one-way hashes, symmetric and asymmetric encryption algorithms.
Working knowledge of the various block-cipher modes and what the
differences are between them.

>>From firsthand experience with the courts I am familiar with their
tool dependence and what they can and cannot grab and why.

>>From simple logic it is plain to see that filling a drive with content
from wikipedia, some n-gram algorithm or other source would be
worthless. A waste of time and effort.

This is because a drive full of zeros, a drive full of random bits and
a drive full of random word garbage are equivalent.

Some obfuscating filesystem that does -not- use encryption is as
worthless as a generic F-S. If the content on your drive is worth
grabbing the investigating authorities can and will reverse engineer
it.

As everyone has told you, encrypt with a FDE product from the start or
simply wipe your drive to nulls or garbage.

If you are very paranoid use my solution of a hidden container
containing a VM that you use for anything 'private.' Make sure your
host OS has a ream of malware running on it preferably pointed to
non-existent C&C channels, or using PKI where which nobody has the
private key.

-Travis

On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam <bipin.gautam@...il.com> wrote:
> Really? How much do you know of computer forensics? Care to Double
> clicked a few forensic tools first............
>
> I bring up this issue here because as you can see the laws are
> different in different country and at places just "possession" of a
> questionable content is a crime, without much analysis from where did
> it come from. Such a logic doesnt hold much water from a technical
> prospective, that is what i was trying to discuss. (but you were so
> much concerned about my english lol )
>
> We were talking on a NEW topic, But if truecrypt is all you know, then
> download truecrypt and add a "custom cascade of ciphers" to your
> truecrypt source code... so that your truecrypt hidden volume will be
> very hard to bruteforced with off the self tools (which is what most
> forensic examiners do, they are tool dependent).....
>
> (i  wish to make fun of you, but maybe another email! ;)
>
>
> -bipin
>
>
> On 1/27/10, T Biehn <tbiehn@...il.com> wrote:
>> You made the argument against youself; apparently you didn't comprehend the
>> points made in 90% of the on-topic responces to this thread.
>>
>> On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam@...il.com> wrote:
>>
>> McGhee & T Biehn !
>>
>> Thankyou for putting up your "best" argument.... sadly that is the
>> BEST technical thing you happen to pick............. in this topic to
>> comment about........
>>
>> -bipin
>>
>> On 1/27/10, McGhee, Eddie <Eddie.McGhee@....com> wrote: > and also lol @
>> maybe USELESS, try making ...
>>
>>> <bipin.gautam@...il.com<mailto:bipin.gautam@...il.com>> wrote: > > Enough
>> noise, Lets wrap up: > >...
>>
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ