Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > What is a good Windows XP file to store encrypted volumes

Reply
Thread Tools

What is a good Windows XP file to store encrypted volumes

 
 
Jane_G
Guest
Posts: n/a
 
      01-19-2007
What is a good filespec to hold an encrypted volume on WinXP?

Based on extensive googling, I installed the TrueCrypt freeware disk
encryption to safeguard my private files on a rather public computer.

TrueCrypt requires a file name to contain the rather large encrypted volume
file even if a hidden volume is used inside the regular encrypted volume.
For example, the file name containing the encrypted volume could be
C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin

To contain the TrueCrypt encrypted volume, I can choose any file name and
location that doesn't already exist. But, my question is what file name and
location would arouse the least suspicion were a coworker to be snooping
around looking for my personal data on my WinXP computer?

Specifically what binary file could reasonable be expected to be a few
megabytes in size, yet have a normal sounding name in a normal sounding
location containing "gibberish" (ie encrypted data) that would not arouse
suspicions that it is actually a TrueCrypt encrypted volume?
 
Reply With Quote
 
 
 
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      01-19-2007
Jane_G wrote:

> TrueCrypt requires a file name to contain the rather large encrypted volume


No, it doesn't. You can also encrypt an entire partition.

> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?


Wild.Girls.swallow.everything.III.DVDRip.[PrOPer].Xvid.AC3.640x480.[3AC74AB].avi

> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?


Compressed movie files. In fact, for sufficient bad parameters, you can't
differ between a part of a broken video file, encrypted data and random
data.

If you want to go any further, there are steganographic file systems.
Seemingly not implemented yet, they'd simply split up the data in
sufficient small chunks, add MPEG headers and a main header at the front to
make it a genuine MPEG movie containing either garbage or encrypted data.
 
Reply With Quote
 
 
 
 
nemo_outis
Guest
Posts: n/a
 
      01-19-2007
Jane_G <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted
> volume file even if a hidden volume is used inside the regular
> encrypted volume. For example, the file name containing the encrypted
> volume could be C:\Documents and Settings\Administrator\My TrueCrypt
> Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name
> and location that doesn't already exist. But, my question is what file
> name and location would arouse the least suspicion were a coworker to
> be snooping around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal
> sounding location containing "gibberish" (ie encrypted data) that
> would not arouse suspicions that it is actually a TrueCrypt encrypted
> volume?
>




The following will not fool a sysadmin (well, not a good one) but it works
very well against casual or inept snoops.

Hide the Truecrypt file as an "alternate file stream" attached to some
other file (which could itself be perfectly functional, such as an Excel
file). The hidden stream will not show in any normal system operation
(directory listings, etc.) although some (by no means all) antivirus
software may report it.

If the ordinary file you wish to use is, say, C:\directorypath\somefile.xls
then create (and subsequently mount and use) the Truecrypt file as, say, C:
\directorypath\somefile.xls:tc (i.e., the alternate file name - extent,
really - is defined as prefixed by the regular file name and a colon)

Regards,



 
Reply With Quote
 
vedaal
Guest
Posts: n/a
 
      01-19-2007
Jane_G wrote:

> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?



a .dll file in the windows system folder
[not high on the curious co-worker list of snoop folders ]
and there are so many of them that most people have no idea of what
they do,
or if they are legitimately required to be there

you can call it something benign and not unexpected, like
'AdobeUPD.dll'
(although i don't remember ever seeing a dll file 5mb or greater)


vedaal

 
Reply With Quote
 
=?ISO-8859-1?Q?j=F8rgen?=
Guest
Posts: n/a
 
      01-19-2007
Jane_G wrote:
> What is a good filespec to hold an encrypted volume on WinXP?



If using NTFS, check up on alternate data streams
 
Reply With Quote
 
=?ISO-8859-1?Q?j=F8rgen?=
Guest
Posts: n/a
 
      01-19-2007
jørgen wrote:
> If using NTFS, check up on alternate data streams


Just know, if they snoop around with special utilities, hidden files in
alternate streams will be found rather quickly
 
Reply With Quote
 
David Eather
Guest
Posts: n/a
 
      01-19-2007
nemo_outis wrote:
> Jane_G <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> What is a good filespec to hold an encrypted volume on WinXP?
>>
>> Based on extensive googling, I installed the TrueCrypt freeware disk
>> encryption to safeguard my private files on a rather public computer.
>>
>> TrueCrypt requires a file name to contain the rather large encrypted
>> volume file even if a hidden volume is used inside the regular
>> encrypted volume. For example, the file name containing the encrypted
>> volume could be C:\Documents and Settings\Administrator\My TrueCrypt
>> Encrypted Volume.bin
>>
>> To contain the TrueCrypt encrypted volume, I can choose any file name
>> and location that doesn't already exist. But, my question is what file
>> name and location would arouse the least suspicion were a coworker to
>> be snooping around looking for my personal data on my WinXP computer?
>>
>> Specifically what binary file could reasonable be expected to be a few
>> megabytes in size, yet have a normal sounding name in a normal
>> sounding location containing "gibberish" (ie encrypted data) that
>> would not arouse suspicions that it is actually a TrueCrypt encrypted
>> volume?
>>

>
>
>
> The following will not fool a sysadmin (well, not a good one) but it works
> very well against casual or inept snoops.
>
> Hide the Truecrypt file as an "alternate file stream" attached to some
> other file (which could itself be perfectly functional, such as an Excel
> file). The hidden stream will not show in any normal system operation
> (directory listings, etc.) although some (by no means all) antivirus
> software may report it.
>
> If the ordinary file you wish to use is, say, C:\directorypath\somefile.xls
> then create (and subsequently mount and use) the Truecrypt file as, say, C:
> \directorypath\somefile.xls:tc (i.e., the alternate file name - extent,
> really - is defined as prefixed by the regular file name and a colon)
>
> Regards,
>
>
>

So, your saying it is OK that your security is not based on a
mathematical proof or a conjecture of the computational bounds of an
adversary, but rather based on the hope that the adversary is incompetent.

Do you see anything wrong with that?
 
Reply With Quote
 
Someone Else
Guest
Posts: n/a
 
      01-19-2007
In Message-ID:<(E-Mail Removed)>,
Jane_G <(E-Mail Removed)> wrote:

>To contain the TrueCrypt encrypted volume, I can choose any file name and
>location that doesn't already exist. But, my question is what file name and
>location would arouse the least suspicion were a coworker to be snooping
>around looking for my personal data on my WinXP computer?
>
>Specifically what binary file could reasonable be expected to be a few
>megabytes in size, yet have a normal sounding name in a normal sounding
>location containing "gibberish" (ie encrypted data) that would not arouse
>suspicions that it is actually a TrueCrypt encrypted volume?


Do a search on your own computer for all files larger than <some
value>. On mine, I found some 50MB CAB files and a gigabyte swap
file.

You could put another CAB file into the same directory or create
an "orphaned" swap file.

But, these are examples from *my* system. You should find what's
not unusual on your own. (Have you considered a thumb drive,
instead?)

Of course, this is the practical side. There are also the legal
and ethical sides: The computer is owned by your company, and
they might believe they have some say in what goes on it. They
might even have a written policy about installing unauthorized
software or about keeping personal files on work computers.
 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      01-19-2007
David Eather <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> nemo_outis wrote:

....
>> The following will not fool a sysadmin (well, not a good one) but it
>> works very well against casual or inept snoops.
>>
>> Hide the Truecrypt file as an "alternate file stream" attached to
>> some other file (which could itself be perfectly functional, such as
>> an Excel file). The hidden stream will not show in any normal system
>> operation (directory listings, etc.) although some (by no means all)
>> antivirus software may report it.
>>
>> If the ordinary file you wish to use is, say,
>> C:\directorypath\somefile.xls then create (and subsequently mount
>> and use) the Truecrypt file as, say, C:
>> \directorypath\somefile.xls:tc (i.e., the alternate file name -
>> extent, really - is defined as prefixed by the regular file name and
>> a colon)
>>
>> Regards,
>>
>>
>>

> So, your saying it is OK that your security is not based on a
> mathematical proof or a conjecture of the computational bounds of an
> adversary, but rather based on the hope that the adversary is
> incompetent.
>
> Do you see anything wrong with that?



Short answer: No, I see nothing wrong with that.

Longer answer:

The OP framed her question in terms of using nothing stronger than an
inconspicuous file. Compared to that, an alternate data stream is
leagues ahead.

Going further, the OP's threat model is coworkers who casually snoop,
folks who are, if not outright incompetent, clearly without special
resources or competence.

Against a sufficiently competent, well-funded, and motivated adversary -
especially one who has repeated unobserved direct access to the machine
as could happen in a work environment - I fell confident in saying there
is NO satisfactory method of disguising the use of Truecrypt.

So, the task is not to overdesign the system inordinately in a misguided
attempt to thwart the NSA. Instead, as with most security questions, the
real task is to implement a scheme appropriate to the specified threat
model.

And this is exactly what my suggested use of ADS in these circumstances
does. It is a convenient, readily implemented method that is entirely
suitable and appropriate for the described threat model.

Regards,


 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      01-19-2007
nemo_outis wrote:

>> So, your saying it is OK that your security is not based on a
>> mathematical proof or a conjecture of the computational bounds of an
>> adversary, but rather based on the hope that the adversary is
>> incompetent.
>>
>> Do you see anything wrong with that?

>
> Short answer: No, I see nothing wrong with that.


Then I pity you for not understanding what security is, but still posting
in a.c.s . Security requires reliability, at least to a certain point,
which is the pure contrary of unjustified hope.

> And this is exactly what my suggested use of ADS in these circumstances
> does. It is a convenient, readily implemented method that is entirely
> suitable and appropriate for the described threat model.


It isn't. Just run LADS, Streams or one of those many many other utilities
and you'll easily see a very suspicious ADS.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic volumes and dynamic volumes Turtle Windows 64bit 6 08-06-2010 06:18 PM
store encrypted data in sqlite ? Stef Mientki Python 1 10-02-2009 08:37 PM
How to split a huge zip file into multiple volumes with the smallersize each? DD Java 3 11-28-2007 12:28 PM
Store encrypted password in database kebabkongen@hotmail.com Java 4 03-22-2006 06:29 AM
store encrypted images and view them easily and securely free MP Digital Photography 0 05-31-2005 12:10 PM



Advertisments