Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > What is a good Windows XP file to store encrypted volumes

Reply
Thread Tools

What is a good Windows XP file to store encrypted volumes

 
 
nemo_outis
Guest
Posts: n/a
 
      01-19-2007
Sebastian Gottschalk <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> nemo_outis wrote:
>
>>> So, your saying it is OK that your security is not based on a
>>> mathematical proof or a conjecture of the computational bounds of an
>>> adversary, but rather based on the hope that the adversary is
>>> incompetent.
>>>
>>> Do you see anything wrong with that?

>>
>> Short answer: No, I see nothing wrong with that.

>
> Then I pity you for not understanding what security is, but still
> posting in a.c.s . Security requires reliability, at least to a
> certain point, which is the pure contrary of unjustified hope.
>
>> And this is exactly what my suggested use of ADS in these
>> circumstances does. It is a convenient, readily implemented method
>> that is entirely suitable and appropriate for the described threat
>> model.

>
> It isn't. Just run LADS, Streams or one of those many many other
> utilities and you'll easily see a very suspicious ADS.
>



Thank you for your response. My confidence in the accuracy of my answer
is now greatly increased.

You see, Sebastian, you are what can be characterized as an "intelligent
fool." While not actually stupid, you are nonetheless so reliably and
consistenly wrong that sensible folks treat you as an amazingly accurate
"contrary indicator" and regard your condemnation instead as rock-solid
validation of their views.

You invariably want to use a sledgehammer to crack a peanut, and this
produces solutions that are so tiresome and onerous that no one would
ever be bothered implementing and using them (assuming, that is, that
they would work at all in spite of their needless complication and
intricacy). Your grandiose and overworked "solutions" are never suitable
to the problem. No, you propose them only in a puerile - and failed! -
attempt to seem knowledgeable.

So, yes, Sebastian, of course streams can be detected! Any hiding or
mislabelling technique is only suitable against casual adversaries. But,
of course, those were precisely the type of adversaries that were
specified!

However, as a variant of the "hiding" genre, using ADS is vastly superior
to using grossly oversized mislabelled file types. It is a highly
effective technique against casual (and some not-so-casual) snoops.

Regards,


 
Reply With Quote
 
 
 
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      01-19-2007
nemo_outis wrote:

> of course streams can be detected! Any hiding or
> mislabelling technique is only suitable against casual adversaries. But,
> of course, those were precisely the type of adversaries that were
> specified!


Then you just got the specification wrong.

> However, as a variant of the "hiding" genre, using ADS is vastly superior
> to using grossly oversized mislabelled file types.


Nonsense, since using such a bogus but well-known feature makes it way more
suspicious.

> It is a highly effective technique against casual (and some not-so-casual) snoops.


As if those wouldn't know how to Google.
 
Reply With Quote
 
 
 
 
nemo_outis
Guest
Posts: n/a
 
      01-19-2007
Sebastian Gottschalk <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> nemo_outis wrote:
>
>> of course streams can be detected! Any hiding or
>> mislabelling technique is only suitable against casual adversaries.
>> But, of course, those were precisely the type of adversaries that
>> were specified!

>
> Then you just got the specification wrong.



Congratulations, Sebastian! Your perfect record as a "contrary
indicator" who always gets it wrong has been extended.

No, Sebastian, it was NOT I who specified the type of adversaries but
rather the OP - to whom I then responded with an appropriate solution.


>> However, as a variant of the "hiding" genre, using ADS is vastly
>> superior to using grossly oversized mislabelled file types.

>
> Nonsense, since using such a bogus but well-known feature makes it way
> more suspicious.



Goddammit, you're thick, Sebastian! The original question posed was how
to make Truecrypt files less obvious to casual snoops at the OP's
workplace, not thwart the NSA.

If the adversaries suspecting use of Truecrypt had even minimal
competence they would first try, NOT to pore through the HD looking for
oversized mislabelled nonfunctional files (and, of course, far less for
ADS) but rather look for the presence of the Truecrypt driver and its
registry fingerprint which is blatantly there for anyone of non-casual
competence to see and which is awkward for an unskilled person, such as
the OP apparently is, to remove and replace regularly (sitting as it does
as a legacy driver in currentcontrolset).

We are, as the OP originally posed the problem, looking at adversaries
whose investigative repertoire does not even extend that far. And so I
guarantee that ADS will be far beyond the ability of such adversaries to
discover.

In short, Sebastian, the matter is settled; now all that remains is to
see how long you foolishly persist in your truculent stupidity.

Regards,

 
Reply With Quote
 
Wraeth
Guest
Posts: n/a
 
      01-20-2007
Jane_G wrote:
> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted volume
> file even if a hidden volume is used inside the regular encrypted volume.
> For example, the file name containing the encrypted volume could be
> C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?


Jane-G,

As you can no doubt see, there are a lot of suggestions for you to
follow up on regarding the solution to your problem. However, to find
the best solution applicable to your situation, it may be wise to
consider exactly what scenario you are trying to avoid.

From your post, you say that you don't want your co-workers, who
occasionally snoop around your computer, to even know that you have the
data. Therefore, it is not the content that you are hiding, but the
existence.

If this is the case, then perhaps it is not a wise idea to store the
data on a computer to which your co-workers have access; instead, as
suggested before, use a USB thumb drive, or burn the data to a removable
disc. This way, you remove the threat that a co-worker with above
average computer literacy (such as the IT administration or support
team) will notice an unusual file with a large file, or recognize
possibilities from the existence of TrueCrypt on the computer in question.

If, however, it is only the content that you are wishing to hide, not
the existence, then all you really need is a decent encryption program.
If the file you wish to encrypt is large, then perhaps you could place
the file into an archive and split the archive into separate files
before you encrypt it.

It would be a wise move, as also mentioned in a previous response, to
consider the policies in effect at your workplace regarding the use of
company computers for personal reasons. Another point is perhaps
securing the computer against unauthorized use by your co-workers (if
their use is constituted as unauthorized).

I hope that this helps you with your problem, and that you find a
solution that is manageable, practicable, and allows your data to remain
undiscovered.

Regards,
wraeth
 
Reply With Quote
 
David Eather
Guest
Posts: n/a
 
      01-20-2007
nemo_outis wrote:
> David Eather <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> nemo_outis wrote:

> ...
>>> The following will not fool a sysadmin (well, not a good one) but it
>>> works very well against casual or inept snoops.
>>>
>>> Hide the Truecrypt file as an "alternate file stream" attached to
>>> some other file (which could itself be perfectly functional, such as
>>> an Excel file). The hidden stream will not show in any normal system
>>> operation (directory listings, etc.) although some (by no means all)
>>> antivirus software may report it.
>>>
>>> If the ordinary file you wish to use is, say,
>>> C:\directorypath\somefile.xls then create (and subsequently mount
>>> and use) the Truecrypt file as, say, C:
>>> \directorypath\somefile.xls:tc (i.e., the alternate file name -
>>> extent, really - is defined as prefixed by the regular file name and
>>> a colon)
>>>
>>> Regards,
>>>
>>>
>>>

>> So, your saying it is OK that your security is not based on a
>> mathematical proof or a conjecture of the computational bounds of an
>> adversary, but rather based on the hope that the adversary is
>> incompetent.
>>
>> Do you see anything wrong with that?

>
>
> Short answer: No, I see nothing wrong with that.
>
> Longer answer:
>
> The OP framed her question in terms of using nothing stronger than an
> inconspicuous file. Compared to that, an alternate data stream is
> leagues ahead.
>
> Going further, the OP's threat model is coworkers who casually snoop,
> folks who are, if not outright incompetent, clearly without special
> resources or competence.
>
> Against a sufficiently competent, well-funded, and motivated adversary -
> especially one who has repeated unobserved direct access to the machine
> as could happen in a work environment - I fell confident in saying there
> is NO satisfactory method of disguising the use of Truecrypt.
>
> So, the task is not to overdesign the system inordinately in a misguided
> attempt to thwart the NSA. Instead, as with most security questions, the
> real task is to implement a scheme appropriate to the specified threat
> model.
>
> And this is exactly what my suggested use of ADS in these circumstances
> does. It is a convenient, readily implemented method that is entirely
> suitable and appropriate for the described threat model.
>
> Regards,
>
>

The rub:

The adversary is not the NSA. You saw how quickly SG was onto the
faults in this idea. It will only take one person who knows what he is
doing, to show one script-kiddie what to do, who will show everyone else
and security becomes zero or even worse; the user still thinks they have
some security and may well be indiscreet.
 
Reply With Quote
 
Bill
Guest
Posts: n/a
 
      01-20-2007

Jane_G wrote:
> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted volume
> file even if a hidden volume is used inside the regular encrypted volume.
> For example, the file name containing the encrypted volume could be
> C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?


Look at the _hidden_ uninstall service pack directories in a typical
Windows XP installation. They are in the \Windows directory, usually,
with folder names like '$NTUninstallKB999999_0$' and they typically
contain dll files. Create one that does not exist in real
life--probably a directory name starting with $NTUninstallKB0 since all
the current KB numbers are larger than that. Create the file as a
hidden .dll file there. Since the folder will not be listed as a
service pack in the registry, the system unistaller ought to ignore it,
AFAIK. And those directories are a hidden forest that almost nobody
but M$ understands .

 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      01-20-2007
David Eather <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> The adversary is not the NSA. You saw how quickly SG was onto the
> faults in this idea. It will only take one person who knows what he
> is doing, to show one script-kiddie what to do, who will show everyone
> else and security becomes zero or even worse; the user still thinks
> they have some security and may well be indiscreet.



Once again, with feeling:

The method I outlined is entirely appropriate to the threat model specified
by the OP: casual office snoopers. It is significantly superior to the
grossly oversized, non-functional, muslabelled file ruse. Moreover, it is
exceedingly straightforward and easy to implement since Truecrypt natively
supports it with nary a tweak required (an important aspect given the
obvious non-geekiness of the OP).

And here's a flash for you: There is NO satisfactory method of hiding
Truecrypt from a skilled adversary, especially on a workplace machine. As
just one example, Truecrypt leaves awkward-to-erase tracks in the registry.
An adversary of only modest skills using regedit would detect that
Truecrypt was being used in seconds rather than having to do a full HD scan
looking for ADS with special programs.

Regards,





 
Reply With Quote
 
Paul Rubin
Guest
Posts: n/a
 
      01-20-2007
Jane_G <(E-Mail Removed)> writes:
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.


You should never store private files on a public computer. There's no
way to know whether the public computer's software or even hardware
has been modified to compromise your privacy (for example by recording
your keystrokes). If you want to work on private files away from
home, get a portable computer and keep your files on it. TrueCrypt is
a good product for encrypting your files on your own computer, in case
your computer falls into the wrong hands sometime after you've put
your files on it. It can't solve the situation of a computer that's
already in the wrong hands BEFORE you've put your files on it.
 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      01-20-2007
nemo_outis wrote:

> No, Sebastian, it was NOT I who specified the type of adversaries but
> rather the OP


And I told you that your misunderstood this specification. Now, what about
reading comprehension? Go figure!

> If the adversaries suspecting use of Truecrypt had even minimal
> competence they would first try, NOT to pore through the HD looking for
> oversized mislabelled nonfunctional files


Right. He would use Google to find a program which does that for him.
 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      01-20-2007
Bill wrote:

> Look at the _hidden_ uninstall service pack directories in a typical
> Windows XP installation. They are in the \Windows directory, usually,
> with folder names like '$NTUninstallKB999999_0$' and they typically
> contain dll files. Create one that does not exist in real
> life--probably a directory name starting with $NTUninstallKB0 since all
> the current KB numbers are larger than that.


Non-admin users don't have write-access there.

> And those directories are a hidden forest that almost nobody but M$ understands .


Wrong again.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic volumes and dynamic volumes Turtle Windows 64bit 6 08-06-2010 06:18 PM
store encrypted data in sqlite ? Stef Mientki Python 1 10-02-2009 08:37 PM
How to split a huge zip file into multiple volumes with the smallersize each? DD Java 3 11-28-2007 12:28 PM
Store encrypted password in database kebabkongen@hotmail.com Java 4 03-22-2006 06:29 AM
store encrypted images and view them easily and securely free MP Digital Photography 0 05-31-2005 12:10 PM



Advertisments