OT: "enhanced interrogation" (was: Re: HackFest Series: TrueCrypt is Now Detectable)
Joe
lists at joefleming.net
Fri May 1 15:14:49 MST 2009
Yeah, that's why TrueCrypt's ability to "hide" the volume on a device is
so awesome. The idea is, people don't realize anything is even there to
BE encrypted.
One thing I was reading about with regard to plausible deniability is to
hide your volumes inside of other files. For example, I have a jump
drive that just happens to have a redist copy of DirectX on it. In
there, I tossed a new file that is named similarly to the other files
and is similar in size. If someone were to check the drive, it would
appear to just be a binary file in the DirectX software. It is, in fact,
and encrypted volume that I use to store my passwords (as encrypted with
Password Gorilla).
The only trick, then, is to change the date of the volume back to the
date of all the other files whenever it is changed.
The idea being that I can deny that there's anything of interest I know
about on the drive, and it's plausible because it looks like it's just a
copy of DirectX..... along with a bunch of other drivers and freeware
tools for fixing windoze boxes. It's there, hiding in plain sight.
Just my 2 cents.
-Joe
Jim March wrote:
> On Fri, May 1, 2009 at 1:52 PM, Mike Schwartz <mike.l.schwartz at gmail.com> wrote:
>> Oh, so *** that's *** what the phrase "rubber hose decryption" means;
>> in some previous post (probably recently - in the parent thread?) that
>> phrase was used but I thought maybe it was some FOSS tool that I was not
>> familiar with.
>
> Heh.
>
> Yeah, as ghastly as the topic may be, the plain fact is that passwords
> stored in your "personal wetware" are vulnerable to that particular
> "security hole".
>
> Security and encryption discussions have to encompass the full threat,
> and that's definitely one of 'em.
>
> It's even been discussed on XKCD:
>
> http://xkcd.com/538/
>
> Jim
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list