Back to list
Re: Question about TrueCrypt
Aug 07 2007 06:35PM
Neil (neil horizontheory com)
I made a small error as well. ;)
Eraser _is_ indeed Open Source software (hosted on Sourceforge).
On 8/7/2007 10:40 PM, Luis Acuña wrote:
> *Eraser* Thats my favorite one.
> Yes, it's possible that you cannot recognize the volume under linux.
> So, assuming that Truecrypt work as PGP Desktop, you can define an
> encrypted folder (that works as you mentioned in the first email, that
> is, you copy a file to this folder and it will be automatically
> encrypted), and then you can try to open the folder/files even with
> another user and all you will be able to see will be wacko characters.
> Open them with a hex or text editor.
> It's almost unbelievable that a software that encrypts data doesn't do
> a safe delete. GOD WE ARE SO ON OURSELVES! :)
> PD: one little error here: "... in a secure manner, the files before
> they get encrypted. I don't know if TrueCrypt can do this for you..."
> of course that you'll have to securely erase the plaint-text file
> after you encrypted it......Oops
> On 8/7/07, *Neil* <neil (at) horizontheory (dot) com [email concealed]
> <mailto:neil (at) horizontheory (dot) com [email concealed]>> wrote:
> Luis' is another good idea; I suspect Linux will flat-out refuse
> to mount it though (probably an "unknown filesystem" type error).
> Another thing that occurred to me, if you want to get technical
> with the boss is to open an NTFS filesystem in a hex editor and
> show her the various identifying marks, and then show that those
> marks don't exist on the encrypted volume. That will at least
> show that the filesystem is encrypted (I'm assuming you're
> formatting the volume with NTFS; though personally I would
> probably make it a FAT32 volume for cross-platform compatibility).
> Truecrypt _cannot_ do a secure erase.
> On Windows, one of my favorite tools for this sort of thing is
> Eraser (1). It's free (though I think its not OSS). It can
> securely erase things and integrates into the system a variety of
> ways, including a special context menu entry called "Secure Move",
> which is effectively a copy + paste + secure delete.
> (1) http://www.heidi.ie/eraser/
> On 8/7/2007 8:17 PM, Luis Acuña wrote:
>> Or you can mount the encrypted volume under Unix or Linux. If you
>> can mount it... and open a file, and you really encrypted it, it
>> will be totally scrambled.(use a live-distro to make this test).
>> It's very important what Neil told you: there is still a copy of
>> the file on your unencrypted volume, only that it's not visible
>> to the OS and you need a tool to recover it (plenty of free tools
>> of this type on the net), so it's crucial that you manage to
>> erase, in a secure manner, the files before they get encrypted. I
>> don't know if TrueCrypt can do this for you...
>> On 8/7/07, *Neil* <neil (at) horizontheory (dot) com [email concealed]
>> <mailto:neil (at) horizontheory (dot) com [email concealed]>> wrote:
>> On 8/7/2007 9:27 AM, goodcrap (at) gmail (dot) com [email concealed]
>> <mailto:goodcrap (at) gmail (dot) com [email concealed]> wrote:
>> > Hi,
>> > My boss need a solution to encrypt her personal data, and i
>> recommended her TrueCrypt. Now as TrueCrypt provides on the
>> fly encryption and when the encrypted or the hidden volume is
>> mounted and file is copied into the volume it encrypts it
>> automatically using the encryption algo specified and
>> automatically decrypts it when the file is opened. Now my
>> boss wants me to prove her that when it file is copied to the
>> TrueCrypt volume is encrypted. How do i do that ? because the
>> moment volume is mounted, even if you preview the file in
>> windows i think it decrypts it into RAM. So is there a way
>> out to show the files in truecrypt volume when mounted are
>> encrypted ??
>> > I hope you guys understand my problem.
>> > Thanks in Advance,
>> > Jeff
>> First, let me remind you that after you move a file from the
>> volume to the encrypted volume, there will still be a copy of
>> the file
>> on the unencrypted volume until you use something to do a
>> secure erase
>> of the data.
>> As for your boss, you need to explain to her that Truecrypt
>> is, as you
>> said, on-yhe-fly, or transparent, encryption; meaning that
>> hides all the workings of the encryption from all other
>> programs. To
>> the other programs, it's just another partition.
>> If she still doesn't believe you, the best way I could think
>> to show her
>> is to open a file in a hex editor, show her the hex, and copy
>> a portion
>> of it. Then open the truecrypt volume, and search for the
>> hex, which
>> shouldn't appear (pick a rather long string of hex, so as to
>> the chances that the string of hex would be reproduced
>> randomly in the
>> encrypted container (eg. if you pick 'FF', I'm sure it'll appear
>> somewhere in the encrypted partition anyways)). That's not
>> proof per say, but if she understands that's not proof, she
>> should also
>> be good enough at crypto to understand how Truecrypt encrypts
>> Now, personally, if your boss has a good sense of humor or
>> you don't
>> care about your job; what I would do is ask her for an important
>> personal file, ideally text, copy it onto the truecrypt
>> volume, securely
>> erase it from the unencrypted. Then, unmounting the
>> encrypted volume,
>> I'd search for it. Then I'd open it from the encrypted
>> volume and open
>> the file, and challenge her to explain how that could've
>> possible worked
>> if it wasn't encrypted.
>> Something like that.
>> Or you could hand her the entire Truecrypt manual, along with
>> explaining each algorithm they use (AES, etc.), and tell her
>> to RTFM,
>> but again...not great for your advancement prospects...
>> Luis Acuña, GCFA
>> Coordinador Monitoreo y Manejo de Incidentes de Seguridad de
> Luis Acuña, GCFA
> Coordinador Monitoreo y Manejo de Incidentes de Seguridad de Información
[ reply ]
Copyright 2010, SecurityFocus