Episode 520: Encrypt your entire hard drive! [Discussion]

[marilee]

What's your best defense against a boot CD that breaks Windows passwords in two keystrokes? Encrypting your entire hard disk. Shannon's got the details on truecrypt drive encryption while Darren brings up plausible deniability with hidden volumes.

Watch or download the episode now!

[absolutemayhem]

Great ep! I dont use drive encryption, but i just might start!

Its also a good idea for USB keys as well.

Speaking of security I do use an application called KeePass Password Safe and I have been using if for a very long time.

I have all my banking info in it, I have all my work administrative passwords and even stuff like my WoW accounts info and serial number info.

-MayheM

[masterq]

I love that you guys were drinking yuengling... i live close to the brewery where it is made (oldest brewery in the US)... tasty stuff. it's good to see u representing the east coast

[speed]

I posted this on the Hak5 forums as well, but I figure I may as well get, err.... corrected by two groups of users:

I see a couple of problems with the whole "plausible deniability" thing with TrueCrypt. First of all, you'd have to give even the fake folder a decent password (not some lame one as Darren did on the show) in order for it to be believable (right, the password to all your financial documents is "hunter2", sure....); second, in order for you to have a believable fake hidden file, the information has to look like you'd want to protect it (fake banking information or confidential documents), but more often than not, you'd have to include a date somewhere ("July 2, 2009: $300 ABM withdraw at 2:48am" or "January 15, 2000: subject appears restless") and if someone sees this and sees that the information is old, they might get suspicious. However, you can't update the fake files since TrueCrypt warns this can damage the inner volume. Third, at this point, if someone sees that you have an encrypted file on your computer, wants the information that badly and sees that you have TrueCrypt on your HDD, won't they just assume you have a hidden volume and any claims otherwise are fraudulent? I know if I was going to (hypothetically, of course) torture someone for the password to a TrueCrypt volume, I'd keep torturing them for a password until the volume type was listed as "Hidden".

And I'm now prepared for the barrage of replies telling me why I'm way off base on every single point.

[masterq]

Quote:

Originally Posted by speed

I posted this on the Hak5 forums as well, but I figure I may as well get, err.... corrected by two groups of users:

I see a couple of problems with the whole "plausible deniability" thing with TrueCrypt. First of all, you'd have to give even the fake folder a decent password (not some lame one as Darren did on the show) in order for it to be believable (right, the password to all your financial documents is "hunter2", sure....); second, in order for you to have a believable fake hidden file, the information has to look like you'd want to protect it (fake banking information or confidential documents), but more often than not, you'd have to include a date somewhere ("July 2, 2009: $300 ABM withdraw at 2:48am" or "January 15, 2000: subject appears restless") and if someone sees this and sees that the information is old, they might get suspicious. However, you can't update the fake files since TrueCrypt warns this can damage the inner volume. Third, at this point, if someone sees that you have an encrypted file on your computer, wants the information that badly and sees that you have TrueCrypt on your HDD, won't they just assume you have a hidden volume and any claims otherwise are fraudulent? I know if I was going to (hypothetically, of course) torture someone for the password to a TrueCrypt volume, I'd keep torturing them for a password until the volume type was listed as "Hidden".

And I'm now prepared for the barrage of replies telling me why I'm way off base on every single point.

The trick is that it's called _plausible_ deniability, meaning they can't prove that there is another volume in there. There is no way for them to distinguish a hidden volume from the random data truecrypt puts in the empty part of the file.

Even truecrypt itself can't tell if there is a hidden volume present. It simply tries to decrypt the file with every algorithm with the password you give it until it gets one that works. If it can't, it tells you either the password isn't correct or the file is not a truecrypt volume.

Your files can be old and the person trying to get in can be as suspicious as they want. Without the password you won't be able to find the hidden volume. Also, there's no security measure you can take that will protect against a person giving someone the key, so theres nothing that will protect against the torturing scenario you mentioned.

[speed]

Quote:

Originally Posted by MasterQ

The trick is that it's called _plausible_ deniability, meaning they can't prove that there is another volume in there. There is no way for them to distinguish a hidden volume from the random data truecrypt puts in the empty part of the file.

Even truecrypt itself can't tell if there is a hidden volume present. It simply tries to decrypt the file with every algorithm with the password you give it until it gets one that works. If it can't, it tells you either the password isn't correct or the file is not a truecrypt volume.

Your files can be old and the person trying to get in can be as suspicious as they want. Without the password you won't be able to find the hidden volume. Also, there's no security measure you can take that will protect against a person giving someone the key, so theres nothing that will protect against the torturing scenario you mentioned.

That's my point though. Can they prove that there's a hidden volume? No. However, if they know even a little bit about TrueCrypt, they aren't likely to believe that the first password you give is legit unless TrueCrypt says the decrypted volume is a hidden one. The whole point of plausible deniability is that if you are forced to relinquish the password, you give them the password for the outer volume. However, that benefit is gone if the person has heard of TrueCrypt.

It is amazing what you can do by just hiding things in plain sight. You just have to be inventive the way you store files encrypted.

[bobo99]

hey, guys, cool episode, but i think that some viewers would find it cool to talk about the strength of the various encryptions and hashes and how long it would take to crack (with various cracking techniques) them!

[masterq]

Quote:

Originally Posted by computoman

It is amazing what you can do by just hiding things in plain sight. You just have to be inventive the way you store files encrypted.

Truecrypt is not hiding things in plain sight. Hiding things in plain sight would be like renaming a file to have a jpeg extension and putting it in your pictures folder.

Quote:

Originally Posted by bobo99

hey, guys, cool episode, but i think that some viewers would find it cool to talk about the strength of the various encryptions and hashes and how long it would take to crack (with various cracking techniques) them!

The US government uses AES for top secret file encryption because it takes a VERY long time to crack if it has a good key (which truecrypt will warn you about if yours is too short). Encrypting using two or all three of the algorithms makes it virtually impossible to crack any time soon (like in this lifetime)

I never said that truecrypt was hiding things in plain sight. Renaming a file is an oversimplified way to hide a file in plain sight. There are also more sophisticated yet very simple ways to hide things in plain sight other than just embedding an encrypted file in to a picture or the like.
I see no sense in encrypting a whole drive when usually the size of the sensitive data is only a fraction of that. During WWII, American Indian dialects were used to transmit messages. No encryption was necessary per say, except for using non traditional keywords. Security by obscurity.