Velocity Reviews > A Truecrypt Trick

# A Truecrypt Trick

Non scrivetemi
Guest
Posts: n/a

 09-11-2006
Chris Lawrence wrote:

> On Mon, 11 Sep 2006, Non scrivetemi wrote:
>
> > > > None of those things use obscurity in any significant way to provide
> > > > security. Even your car key relies on provable mathematical formula and
> > > > the probability that a thief can't try all possible keys in any
> > > > practical span of time. Passwords and encryption (remailers) rely on
> > > > hard mathematics even more so than your auto's locks, and are
> > > > consequently even harder to "crack". Assuming passwords of sufficient
> > > > strength of course, which is a contradiction to passwords that are
> > > > merely obscure.
> > >
> > > The point is that the keys and passwords protect the car and the files.
> > > Obscurity protects the keys and the passwords.

> >
> > Obviously not. Keys and passwords aren't secure because they're
> > obscure, they're secure because they're made physically so.

>
> the security of the protection of keys and passwords. Car keys are
> quite intrinsically secure but you still have to hide them from
> strangers.

Yes. That's physical security, not obscurity. There's a difference.
Physical security is keeping possession of your keys and not letting a
car thief have them. Obscurity would be tossing them on the ground
somewhere near your car and hoping a thief doesn't recognize that
they're car keys.

> Ultimately the security of your vehicle comes down to how
> well you hide your keys (given that the ignition can't be defeated due
> to its intrinsic security). In otherwords the ignition is safe because
> the key system is strong. The key is safe because you don't know how to
> get it.

Actually that's not true at all. In most cases a car thief knows
exactly how to get your keys. They're not obscured at all, the thief
knows they're right there in your pocket. Or inside the house where
your car is parked, or at the mall where you're shopping.

>
> > > That's what he was
> > > saying. Ultimately your car and files are safe because you hide your
> > > keys and passwords from strangers.

> >
> > False. There's a huge difference between obscurity and physical
> > security.

>
> You need to make the separation between the intrinsic security of the
> key and the security in managing the key.

I've made that distinction from the beginning. You need to understand
the difference between physical security and obscurity.

> If I choose a strong password
> for a well protected service that is good, but it's only safe because a)
> you can't guess it, by definition and b) you can't access mine. And you

Exactly. It's both cryptographically secure and physically secure.
OTOH, if you rely on obscurity by writing your password on a sticky
note and keeping it under your keyboard your security is likely to fail.

> can't access mine because I hide it from you. Ultimately it comes down

You haven't hidden anything from me. I know exactly where that password
is, and how to get it. If it were worth my time to so so I'd be able
to plan and execute an "attack" on you and own your password. Obscurity
relies on dumb luck, not the fact that you might be bigger and
stronger than me, better armed, or the fact that your password just
isn't valuable enough for me to bother with you. Your physical
is state secrets, you might even have an entire military at your
disposal.

> to something I know that you don't know. That's security through
> obscurity.
>
> Trouble is people chant the "security by obscurity never works" mantra

People don't chant that at all. It may in deed work on occasion. Blind
squirrels find nuts on occasion too, but that doesn't make blind
squirrels competent food gatherers. Even though they might find the
occasional nut, they're still likely to starve in the end.

> so blithely, seemingly trying to look good by association with their
> equally noisy peers.
>

nemo_outis
Guest
Posts: n/a

 09-11-2006
Chris Lawrence <(E-Mail Removed)> wrote in
news(E-Mail Removed) losys.wlan:

....
>> Kerckhoff's principle recognizes that every secret is a potential
>> point of failure, and such points of failure should therefore be
>> minimized by "concentrating" all secrecy at one point, the key, which
>> can then be guarded without diffusing one's resources. A case of
>> accepting the violation of another principle - no single point of
>> failure - but compensating by guarding the one secret (i.e., the
>> potential point of failure) well.

>
> Exactly, "guarding" being the operative word, almost always coming
> down to a case of hiding something, for example a sequence of
> characters in your head, or keeping a car key separate from the car.

While hiding is the primary mechanism for most ordinary folk, there is an
alternative: prevention of dislosure by physical security including safes,
vaults, and guards (a literal application of guarding).

Safes, of course, are themselves protected by a secret (the combination or
physical key). We thus arrive at an interesting recursion problem

Regards,

Chris Lawrence
Guest
Posts: n/a

 09-12-2006
On Tue, 12 Sep 2006, Non scrivetemi wrote:

> Chris Lawrence wrote:
>
> > On Mon, 11 Sep 2006, Non scrivetemi wrote:
> >
> > > > > None of those things use obscurity in any significant way to provide
> > > > > security. Even your car key relies on provable mathematical formula and
> > > > > the probability that a thief can't try all possible keys in any
> > > > > practical span of time. Passwords and encryption (remailers) rely on
> > > > > hard mathematics even more so than your auto's locks, and are
> > > > > consequently even harder to "crack". Assuming passwords of sufficient
> > > > > strength of course, which is a contradiction to passwords that are
> > > > > merely obscure.
> > > >
> > > > The point is that the keys and passwords protect the car and the files.
> > > > Obscurity protects the keys and the passwords.
> > >
> > > Obviously not. Keys and passwords aren't secure because they're
> > > obscure, they're secure because they're made physically so.

> >
> > the security of the protection of keys and passwords. Car keys are
> > quite intrinsically secure but you still have to hide them from
> > strangers.

>
> Yes. That's physical security, not obscurity.

Car keys only protect your car if they are kept out of the way of car
thieves. Yes it's physical, but necessarily so since they are physical
objects. The same applies to a password however - in this case it's
hidden, or obscured, in my head. My knowledge becomes the key that
keeps the original key safe. Therefore my knowledge is keeping the
original thing safe.

> There's a difference. Physical security is keeping possession of your
> keys and not letting a car thief have them. Obscurity would be tossing
> them on the ground somewhere near your car and hoping a thief doesn't
> recognize that they're car keys.

They're just two degrees of the same system. I might throw the keys on
the floor and hope a thief doesn't recognise them. I might leave them
on the floor under a newspaper and hope that they're not found. I might
raise them off the floor into my pocket and hope a thief doesn't mug me
for them. They're all security by obscurity. Each degree in that
example has a risk attached to it - in some cases it might be acceptable
to throw my keys on the floor, for example if I'm staying at a friend's
house and it's his floor. That's an assessment for me to make. In many
cases having posession of the keys would be equal to leaving them on the
floor - for example if I'm walking through an area where people are
often viciously mugged for their car keys, or where car-jackings are
rife. In either case there - floor or pocket or car - the result would
be the loss of the car, making the fancy key/ignition security
completely irrelevant.

> > Ultimately the security of your vehicle comes down to how
> > well you hide your keys (given that the ignition can't be defeated due
> > to its intrinsic security). In otherwords the ignition is safe because
> > the key system is strong. The key is safe because you don't know how to
> > get it.

>
> Actually that's not true at all. In most cases a car thief knows
> exactly how to get your keys. They're not obscured at all, the thief
> knows they're right there in your pocket. Or inside the house where
> your car is parked, or at the mall where you're shopping.

That proves what I'm saying. My car remains safe despite merely keeping
the keys in my pocket. My car is protected by a key, and the
key/ignition mechanism is inherently secure, but ultimately my car
remains safe because I am good at looking after a small piece of metal
and plastic, not because it is inherently secure. The same goes for a
strong password system - ultimately it's protected by obscurity - I know
something you don't know. In the end it's for me to assess how
successful the obscurity aspect is going to be.

> > > > That's what he was
> > > > saying. Ultimately your car and files are safe because you hide your
> > > > keys and passwords from strangers.
> > >
> > > False. There's a huge difference between obscurity and physical
> > > security.

> >
> > You need to make the separation between the intrinsic security of the
> > key and the security in managing the key.

>
> I've made that distinction from the beginning. You need to understand
> the difference between physical security and obscurity.

In these examples they are necessary consequences of the systems
described but the principles remain the same.

> > If I choose a strong password
> > for a well protected service that is good, but it's only safe because a)
> > you can't guess it, by definition and b) you can't access mine. And you

>
> Exactly. It's both cryptographically secure and physically secure.
> OTOH, if you rely on obscurity by writing your password on a sticky
> note and keeping it under your keyboard your security is likely to fail.

Keeping it on a sticky note is just another level in the spectrum of
"keeping the password from those who should not have it". It's no
different to keeping it in my head in principle. It's harder to get out
of my head than it is to get from under my keyboard, but perhaps not
that much harder. A few minutes of torture might get it with little
effort. In my head, under my keyboard, they're all just degrees of
security through obscurity. And of course, they work.

> > can't access mine because I hide it from you. Ultimately it comes down

>
> You haven't hidden anything from me. I know exactly where that password
> is, and how to get it. If it were worth my time to so so I'd be able
> to plan and execute an "attack" on you and own your password.

Exactly - you know I have a password hidden from you, yet I remain safe.
As I said months ago, security through obscurity is a risk assessment.
I don't think anyone is going to torture me for the password to my mail
account so I can happily remember it. I don't think anyone is going to
gain access to my pocket so I can store my car key there. If I felt
that someone WOULD torture me for a password, I would look at
alternative methods to using a password. And if someone DID
successfully extract a password, what use was the security of a
key-based system anyway? Ultimately it comes down to management of the
keys, and much of the time that's done by hiding them and assessing the
risks in doing so.

> Obscurity relies on dumb luck, not the fact that you might be bigger
> and stronger than me, better armed, or the fact that your password
> just isn't valuable enough for me to bother with you.

It relies on many variables, where dumb luck isn't something I would
consider an informed risk assessment. I think that it what most people
are imagining when they talk about security through obscurity. Without
the risk assessment it is indeed pure luck based and worthless.

--
Chris

George Orwell
Guest
Posts: n/a

 09-12-2006
nemo_outis wrote:

> Chris Lawrence <(E-Mail Removed)> wrote in
> news(E-Mail Removed) losys.wlan:
>
> ...
> >> Kerckhoff's principle recognizes that every secret is a potential
> >> point of failure, and such points of failure should therefore be
> >> minimized by "concentrating" all secrecy at one point, the key, which
> >> can then be guarded without diffusing one's resources. A case of
> >> accepting the violation of another principle - no single point of
> >> failure - but compensating by guarding the one secret (i.e., the
> >> potential point of failure) well.

> >
> > Exactly, "guarding" being the operative word, almost always coming
> > down to a case of hiding something, for example a sequence of
> > characters in your head, or keeping a car key separate from the car.

>
>
> While hiding is the primary mechanism for most ordinary folk, there is an

Putting the keys in your pocket when you park your car isn't "hiding".
It's physical security. 99% of the time people will know or can guess
exactly where they are.

> alternative: prevention of dislosure by physical security including safes,
> vaults, and guards (a literal application of guarding).

Those things are certainly physical security, but so is keeping
something on your person, or in your house. You're guarding it, not
hiding it.

Vanguard
Guest
Posts: n/a

 09-12-2006
"nemo_outis" <(E-Mail Removed)> wrote in message
> "Vanguard" <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>
>> Data streams is a feature of the NT file system (NTFS), not of
>> TrueCrypt. Data streams have been around since NTFS was invented.
>> It
>> is sometimes used but not often. In fact, Kaspersky used it...

>
>
> You're coming a little late to the party - I have already noted
> these
> points.
>
> As for steganography, it is readily detectable unless the payload is
> less
> than a few percent (i.e., the ratio of hidden to host data). While
> now
> of such
> things as OutGuess and stegdetect. Then move on to the Crypto
> conferences
>
> Regards,
>

For my post dated 9/10/06 at 8:24 PM, you only had 2 posts before
that. In those 2 posts, just where did you say that ADS was a feature
of NTFS (so we knew that you knew what ADS was about)? The only
mention of "NTFS" was in your first post and that was for the name of
a utility, not in your description of data streams. Where in those
posts did you address the issue of anti-malware programs triggering on
the streams and possibly resulting in deleting their files because of
the inclination to eradicate "pests"? Where in your 2 prior posts did
you mention using the hidden volume within a TC volume to hide content
(rather than waste effort to hide the fact that the TC volume exists)?
So on what was I "late"? Remember that indentation shown in
branches with older datestamps to show the subbranches that were added
at later times. Obviously my post could not address or account for
topics discussed in posts that were submitted later.

Anonyma
Guest
Posts: n/a

 09-12-2006
Chris Lawrence wrote:

> > > > > The point is that the keys and passwords protect the car and the files.
> > > > > Obscurity protects the keys and the passwords.
> > > >
> > > > Obviously not. Keys and passwords aren't secure because they're
> > > > obscure, they're secure because they're made physically so.
> > >
> > > the security of the protection of keys and passwords. Car keys are
> > > quite intrinsically secure but you still have to hide them from
> > > strangers.

> >
> > Yes. That's physical security, not obscurity.

>
> Car keys only protect your car if they are kept out of the way of car
> thieves. Yes it's physical, but necessarily so since they are physical
> objects. The same applies to a password however - in this case it's
> hidden, or obscured, in my head.

It's not obscured in your head at all. You know exactly where it is,
and so does an attacker. Obscurity would be using your child's middle
name as a password and hoping an attacker just happened not to guess
it or see the "all A's" report card on the bulletin board next to the
computer and try it, or writing down a strong password and taping it
to the under side of a desk drawer hoping nobody would look there.

security. You're relying on your physical ability to keep something
secret. Banking on the notion that nobody can beat it out of you, that
you'll talk in your sleep, or that you'll let someone see over your
shoulder when you enter it.

> My knowledge becomes the key that
> keeps the original key safe. Therefore my knowledge is keeping the
> original thing safe.
>
> > There's a difference. Physical security is keeping possession of your
> > keys and not letting a car thief have them. Obscurity would be tossing
> > them on the ground somewhere near your car and hoping a thief doesn't
> > recognize that they're car keys.

>
> They're just two degrees of the same system. I might throw the keys on

They're no such thing at all. When you keep something on your person
something on the ground or tape it to the bottom of your keyboard and
just pray nobody discovers it, there's no physical security at all. A
safe behind a painting has elements of both. A safe out in the open is
physical. A painting hiding a secret open shelf is pure obscurity. If
you memorize your password then hide behind a drape to avoid attackers
you may have elements of both, but most people don't bother with trying
to make themselves obscure if they're confident nobody can make them
confess their secrets. They and everyone else know exactly who has that
secret, and where they are. Where that secret might be obtained. Thus
there is no element of obscurity. None.

> the floor and hope a thief doesn't recognise them. I might leave them
> on the floor under a newspaper and hope that they're not found. I might

Obscurity.

> raise them off the floor into my pocket and hope a thief doesn't mug me
> for them.

Physical security. Completely different and easily distinguishable
things.

> They're all security by obscurity. Each degree in that

Nope.

> example has a risk attached to it - in some cases it might be acceptable
> to throw my keys on the floor, for example if I'm staying at a friend's
> house and it's his floor. That's an assessment for me to make. In many

That would be no security at all, assuming you were aware your friend
secure then you keys are physically secured from outsiders. To what
degree they're physically secure is a matter of debate, but it's still
physical security.

> cases having posession of the keys would be equal to leaving them on the
> floor - for example if I'm walking through an area where people are
> often viciously mugged for their car keys, or where car-jackings are
> rife.

Physical security. Likely to fail unless you're a formidable target,
but physical security none the less.

> In either case there - floor or pocket or car - the result would
> be the loss of the car, making the fancy key/ignition security
> completely irrelevant.

The fact that something might fail is completely irrelevant. There's is
no perfect security of any type.

> > > Ultimately the security of your vehicle comes down to how
> > > well you hide your keys (given that the ignition can't be defeated due
> > > to its intrinsic security). In otherwords the ignition is safe because
> > > the key system is strong. The key is safe because you don't know how to
> > > get it.

> >
> > Actually that's not true at all. In most cases a car thief knows
> > exactly how to get your keys. They're not obscured at all, the thief
> > knows they're right there in your pocket. Or inside the house where
> > your car is parked, or at the mall where you're shopping.

>
> That proves what I'm saying. My car remains safe despite merely keeping
> the keys in my pocket.

Yes. Because the keys are physically secure in your pocket. If you hid
them on top of the back tire that would be obscurity. You're not trying
to hide the fact that you have the keys in your pocket, in fact you
probably put them there in plain view of anyone who happened to be in
the vicinity. And they likely make a bulge that most anyone can
identify. You may even jingle them from time to time out of habit. The
security of your keys depends entirely on you physically maintaining
possession of them, and not one bit on you trying to hide the fact that
you have them.

> My car is protected by a key, and the
> key/ignition mechanism is inherently secure, but ultimately my car
> remains safe because I am good at looking after a small piece of metal
> and plastic, not because it is inherently secure. The same goes for a
> strong password system - ultimately it's protected by obscurity - I know

No. It's ultimately protected by a mathematically secure sequence of
characters and your physical ability to keep them a secret. You're not
trying to hide the fact that you're the one who knows the password any
more than you're trying to hide the fact that you have car keys in your
pocket.

[...]

> Keeping it on a sticky note is just another level in the spectrum of
> "keeping the password from those who should not have it". It's no
> different to keeping it in my head in principle. It's harder to get out

sticky note under your keyboard you're abdicating all that and relying
on dumb luck. Two completely different things.

> of my head than it is to get from under my keyboard, but perhaps not
> that much harder. A few minutes of torture might get it with little
> effort. In my head, under my keyboard, they're all just degrees of
> security through obscurity. And of course, they work.

Obscurity fails with an all too predictable regularity. Just ask anyone
who had their house broken into because they hid a key under the door
mat, or their account broken into because they taped their password to
the bottom of their keyboard.

> > > can't access mine because I hide it from you. Ultimately it comes down

> >
> > You haven't hidden anything from me. I know exactly where that password
> > is, and how to get it. If it were worth my time to so so I'd be able
> > to plan and execute an "attack" on you and own your password.

>
> Exactly - you know I have a password hidden from you, yet I remain safe.

Why can't you see that it's not hidden. I know exactly where it is. In
from me, not my ability to guess where it is.

> As I said months ago, security through obscurity is a risk assessment.

You were as wrong then as you are now.

Security through obscurity is false security. There is none. Any
success is pure luck and any failure is predictable and expected. Real
security on the other hand can be counted on up to the point it's
designed to secure something.

> I don't think anyone is going to torture me for the password to my mail
> account so I can happily remember it. I don't think anyone is going to

Then all the physical security you need is your ability to say no. If
your password were a little more critical, you might need to employ
other additional measures like carrying a weapon or hiring a body

> gain access to my pocket so I can store my car key there. If I felt

it's obvious exactly where your keys are, they're secure enough. If you
held the keys to a nuclear missile silo your pocket might not be secure
enough.

> that someone WOULD torture me for a password, I would look at
> alternative methods to using a password. And if someone DID

Indeed. Smart cards that could be easily destroyed, additional personal
security, etc. You wouldn't fold the sticky note in half and put it
back under your keyboard hoping that if someone did see it there they
wouldn't open it up to look.

> > Obscurity relies on dumb luck, not the fact that you might be bigger
> > and stronger than me, better armed, or the fact that your password
> > just isn't valuable enough for me to bother with you.

>
> It relies on many variables, where dumb luck isn't something I would
> consider an informed risk assessment. I think that it what most people

That is precisely why security through obscurity is false security, but
still occasionally works. You're playing the odds. Gambling. Not
assessing your real risks and developing sound methods to mitigate them.

nemo_outis
Guest
Posts: n/a

 09-12-2006
"Vanguard" <(E-Mail Removed)> wrote in news:v-
http://www.velocityreviews.com/forums/(E-Mail Removed):

> For my post dated 9/10/06 at 8:24 PM, you only had 2 posts before
> that. In those 2 posts, just where did you say that ADS was a feature
> of NTFS (so we knew that you knew what ADS was about)? The only
> mention of "NTFS" was in your first post and that was for the name of
> a utility, not in your description of data streams. Where in those
> posts did you address the issue of anti-malware programs triggering on
> the streams and possibly resulting in deleting their files because of
> the inclination to eradicate "pests"? Where in your 2 prior posts did
> you mention using the hidden volume within a TC volume to hide content
> (rather than waste effort to hide the fact that the TC volume exists)?
> So on what was I "late"? Remember that indentation shown in
> newsreaders for thread posts in a discussion will push down the
> branches with older datestamps to show the subbranches that were added
> at later times. Obviously my post could not address or account for
> topics discussed in posts that were submitted later.

Sadly, as with real parties, it doesn't matter when you set out to get
there but rather when you arrive. You arrived late for the party.

Regards,

anonymous
Guest
Posts: n/a

 09-13-2006
"nemo_outis" <(E-Mail Removed)> wrote in
news:Xns983B9F09EE2F7abcxyzcom@127.0.0.1:

> "Security by obscurity never works" is a bumper-sticker version of
> Auguste Kerckhoff's principle that, while catchy, sacrifices
> precision.

Dr. EvenMorePedantic is compelled to point out that the gentleman's name in
question is Kerchoffs, so in fact it is "Kerckhoffs' principle".

nemo_outis
Guest
Posts: n/a

 09-13-2006
anonymous <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> "nemo_outis" <(E-Mail Removed)> wrote in
> news:Xns983B9F09EE2F7abcxyzcom@127.0.0.1:
>
>> "Security by obscurity never works" is a bumper-sticker version of
>> Auguste Kerckhoff's principle that, while catchy, sacrifices
>> precision.

>
> Dr. EvenMorePedantic is compelled to point out that the gentleman's
> name in question is Kerchoffs, so in fact it is "Kerckhoffs'
> principle".

Reduced to looking for misplaced apostrophes? Your life really must be
very empty.

Regards,

PS But never let it be said that I am unkind, especially to those with
obsessive-compulsive disorders. So, just for you, here's another
typographicla error. Knock yourself out.

TwistyCreek
Guest
Posts: n/a

 09-17-2006
"nemo_outis" <(E-Mail Removed)> wrote in news:Xns983D52A68669Dabcxyzcom@
127.0.0.1:

> anonymous <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):

>> Dr. EvenMorePedantic is compelled to point out that the gentleman's
>> name in question is Kerchoffs, so in fact it is "Kerckhoffs'
>> principle".

>
>
> Reduced to looking for misplaced apostrophes? Your life really must be
> very empty.

Nemo, I was making a (very) modest joke here, no attack intended. I thought
a smile or two would be useful in this group in between poor traveler66
being given the 'Mr. Bill' treatment everyday and the 'bait the psycho'
stuff going on with the "FBI sadists' guy.

BTW I am slightly disappointed in you as you failed to point out my
misspelling of 'Kerckhoffs' name in my first use of it.

PS-If one uses VMWare to run Win98 (or 2000) inside a Truecrypt partition
in Xp, (in essence a poor man's full disk encryption) are you aware of any
leaks into the host OS that would suggest this method inferior to an actual
FDE of XP?