| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jan 2010 11:38:47 -0500 From: T Biehn <tbiehn@...il.com> To: Bipin Gautam <bipin.gautam@...il.com> Cc: "McGhee, Eddie" <Eddie.McGhee@....com>, full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Disk wiping -- An alternate approach? Bipin. I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP Desktop, Windows EFS and all manners of configurations of those products, including the hidden container features of DCPP and TC. I am familiar with computer forensics, computer forensic methods, and anti-forensics. Furthermore I have working knowledge of the various one-way hashes, symmetric and asymmetric encryption algorithms. Working knowledge of the various block-cipher modes and what the differences are between them. >>From firsthand experience with the courts I am familiar with their tool dependence and what they can and cannot grab and why. >>From simple logic it is plain to see that filling a drive with content from wikipedia, some n-gram algorithm or other source would be worthless. A waste of time and effort. This is because a drive full of zeros, a drive full of random bits and a drive full of random word garbage are equivalent. Some obfuscating filesystem that does -not- use encryption is as worthless as a generic F-S. If the content on your drive is worth grabbing the investigating authorities can and will reverse engineer it. As everyone has told you, encrypt with a FDE product from the start or simply wipe your drive to nulls or garbage. If you are very paranoid use my solution of a hidden container containing a VM that you use for anything 'private.' Make sure your host OS has a ream of malware running on it preferably pointed to non-existent C&C channels, or using PKI where which nobody has the private key. -Travis On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam <bipin.gautam@...il.com> wrote: > Really? How much do you know of computer forensics? Care to Double > clicked a few forensic tools first............ > > I bring up this issue here because as you can see the laws are > different in different country and at places just "possession" of a > questionable content is a crime, without much analysis from where did > it come from. Such a logic doesnt hold much water from a technical > prospective, that is what i was trying to discuss. (but you were so > much concerned about my english lol ) > > We were talking on a NEW topic, But if truecrypt is all you know, then > download truecrypt and add a "custom cascade of ciphers" to your > truecrypt source code... so that your truecrypt hidden volume will be > very hard to bruteforced with off the self tools (which is what most > forensic examiners do, they are tool dependent)..... > > (i wish to make fun of you, but maybe another email! ;) > > > -bipin > > > On 1/27/10, T Biehn <tbiehn@...il.com> wrote: >> You made the argument against youself; apparently you didn't comprehend the >> points made in 90% of the on-topic responces to this thread. >> >> On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam@...il.com> wrote: >> >> McGhee & T Biehn ! >> >> Thankyou for putting up your "best" argument.... sadly that is the >> BEST technical thing you happen to pick............. in this topic to >> comment about........ >> >> -bipin >> >> On 1/27/10, McGhee, Eddie <Eddie.McGhee@....com> wrote: > and also lol @ >> maybe USELESS, try making ... >> >>> <bipin.gautam@...il.com<mailto:bipin.gautam@...il.com>> wrote: > > Enough >> noise, Lets wrap up: > >... >> > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists