A Truecrypt Trick

Discussion in 'Computer Security' started by nemo_outis, Sep 8, 2006.

  1. nemo_outis

    nemo_outis Guest

    This may be old hat to some of you, but it may be new to others: it is
    possible to create and/or mount an ADS (alternate data stream) as an
    encrypted Truecrypt container file.

    For instance, if the file C:\somepath\sometext.txt already exists on your
    system (or create it and fill it with some text) then you would create a
    ADS Truecrypt volume invisibly "attached" to it (called "hidden" for
    illustration but you may wish to call it something more bland, perhaps a
    Kaspersky antivirus ADS name) by doing the following:

    Invoke Truecrypt and, when prompted for the name of the file to create as a
    Truecrypt container file, enter:

    C:\somepath\sometext.txt:hidden

    That is, append a colon and then the name of your-soon-to-be-created-ADS
    Truecrypt file to the existing visible file name.

    Same for mounting.

    Incidentally, do not use the file explorer dialog box (which will choke);
    instead type the name directly into the Truecrypt file name entry box.

    Regards,

    PS Obviously, the visible host file could be other than a text file - any
    file type will do. For instance, the devious may use a not-easily-deleted
    system file. Or the even more devious can use a directory rather than a
    file. (Yes, directories and not just files can have ADSs; those attached to
    the root directory of a drive are especially hard to detect - or get rid
    of!)

    PPS For manipulating ADS additional extents (the proper name for the
    hidden piggyback files) the best program I've come across is NTFS Streams
    Info. Nothing to do with encryption, just revealing, creating, deleting,
    etc.

    PPPS ADS streams are becoming better known but are still not well-known -
    even to some sysadmins. Their day is passing as a useful trick. Passing,
    but not yet past :)
     
    nemo_outis, Sep 8, 2006
    #1
    1. Advertising

  2. nemo_outis

    Redwood Guest

    "nemo_outis" <> wrote in
    news:Xns9837B47BD70FCabcxyzcom@127.0.0.1:

    > This may be old hat to some of you, but it may be new to others:
    > it is possible to create and/or mount an ADS (alternate data
    > stream) as an encrypted Truecrypt container file.
    >
    > For instance, if the file C:\somepath\sometext.txt already
    > exists on your system (or create it and fill it with some text)
    > then you would create a ADS Truecrypt volume invisibly
    > "attached" to it (called "hidden" for illustration but you may
    > wish to call it something more bland, perhaps a Kaspersky
    > antivirus ADS name) by doing the following:
    >
    > Invoke Truecrypt and, when prompted for the name of the file to
    > create as a Truecrypt container file, enter:
    >
    > C:\somepath\sometext.txt:hidden
    >
    > That is, append a colon and then the name of
    > your-soon-to-be-created-ADS Truecrypt file to the existing
    > visible file name.
    >
    > Same for mounting.
    >
    > Incidentally, do not use the file explorer dialog box (which
    > will choke); instead type the name directly into the Truecrypt
    > file name entry box.
    >
    > Regards,
    >
    > PS Obviously, the visible host file could be other than a text
    > file - any file type will do. For instance, the devious may use
    > a not-easily-deleted system file. Or the even more devious can
    > use a directory rather than a file. (Yes, directories and not
    > just files can have ADSs; those attached to the root directory
    > of a drive are especially hard to detect - or get rid of!)
    >
    > PPS For manipulating ADS additional extents (the proper name
    > for the hidden piggyback files) the best program I've come
    > across is NTFS Streams Info. Nothing to do with encryption,
    > just revealing, creating, deleting, etc.
    >
    > PPPS ADS streams are becoming better known but are still not
    > well-known - even to some sysadmins. Their day is passing as a
    > useful trick. Passing, but not yet past :)
    >
    >


    This does nothing but hide it from the casual observer. That type
    of observer can be fooled by just naming it to look like a system
    file. If your computer is seized, the stream will be found. Any
    forensics specialist worth his salt will find it very easily as
    well as any admin even slightly knowledgable. It stands out like a
    red flag with the tools available. I'd have to say that you make
    it even easier to find by hiding it in a stream.
     
    Redwood, Sep 8, 2006
    #2
    1. Advertising

  3. nemo_outis

    Guest

    Redwood <> wrote in news:QM3KT5C738967.8576851852
    @twistycreek.com:

    > "nemo_outis" <> wrote in
    > news:Xns9837B47BD70FCabcxyzcom@127.0.0.1:
    >
    >> This may be old hat to some of you, but it may be new to others:
    >> it is possible to create and/or mount an ADS (alternate data
    >> stream) a

    [snip]
    >>

    ADS streams are becoming better known but are still not
    >> well-known - even to some sysadmins. Their day is passing as a
    >> useful trick. Passing, but not yet past :)

    >
    > This does nothing but hide it from the casual observer. That type
    > of observer can be fooled by just naming it to look like a system
    > file. If your computer is seized, the stream will be found. Any
    > forensics specialist worth his salt will find it very easily as
    > well as any admin even slightly knowledgable. It stands out like a
    > red flag with the tools available. I'd have to say that you make
    > it even easier to find by hiding it in a stream.


    I agree, it's protection against your kid sister only - security through
    obscurity, and we all know what that means! (Yuck!)

    Incidently, this isn't a truecrypt "feature"; practically any OTFE system
    will most likely allow this - not to mention conventional encryption
    systems.
     
    , Sep 8, 2006
    #3
  4. nemo_outis

    nemo_outis Guest

    Redwood <> wrote in news:QM3KT5C738967.8576851852
    @twistycreek.com:

    > "nemo_outis" <> wrote in
    > news:Xns9837B47BD70FCabcxyzcom@127.0.0.1:
    >
    >> This may be old hat to some of you, but it may be new to others:
    >> it is possible to create and/or mount an ADS (alternate data
    >> stream) as an encrypted Truecrypt container file.
    >>
    >> For instance, if the file C:\somepath\sometext.txt already
    >> exists on your system (or create it and fill it with some text)
    >> then you would create a ADS Truecrypt volume invisibly
    >> "attached" to it (called "hidden" for illustration but you may
    >> wish to call it something more bland, perhaps a Kaspersky
    >> antivirus ADS name) by doing the following:
    >>
    >> Invoke Truecrypt and, when prompted for the name of the file to
    >> create as a Truecrypt container file, enter:
    >>
    >> C:\somepath\sometext.txt:hidden
    >>
    >> That is, append a colon and then the name of
    >> your-soon-to-be-created-ADS Truecrypt file to the existing
    >> visible file name.
    >>
    >> Same for mounting.
    >>
    >> Incidentally, do not use the file explorer dialog box (which
    >> will choke); instead type the name directly into the Truecrypt
    >> file name entry box.
    >>
    >> Regards,
    >>
    >> PS Obviously, the visible host file could be other than a text
    >> file - any file type will do. For instance, the devious may use
    >> a not-easily-deleted system file. Or the even more devious can
    >> use a directory rather than a file. (Yes, directories and not
    >> just files can have ADSs; those attached to the root directory
    >> of a drive are especially hard to detect - or get rid of!)
    >>
    >> PPS For manipulating ADS additional extents (the proper name
    >> for the hidden piggyback files) the best program I've come
    >> across is NTFS Streams Info. Nothing to do with encryption,
    >> just revealing, creating, deleting, etc.
    >>
    >> PPPS ADS streams are becoming better known but are still not
    >> well-known - even to some sysadmins. Their day is passing as a
    >> useful trick. Passing, but not yet past :)
    >>
    >>

    >
    > This does nothing but hide it from the casual observer. That type
    > of observer can be fooled by just naming it to look like a system
    > file. If your computer is seized, the stream will be found. Any
    > forensics specialist worth his salt will find it very easily as
    > well as any admin even slightly knowledgable. It stands out like a
    > red flag with the tools available. I'd have to say that you make
    > it even easier to find by hiding it in a stream.



    The use of ADS is not intended to hide the Truecrypt file from a thorough
    search; it is intended to not obtrude the existence of a multi-gigabyte
    file to casual inspection (including casual *automated* inspection of the
    sort of simplistic "HD inventory" done in many corporate environments, or
    the quicky scan done by customs at many border points). It is a
    complement, for instance, to using the Traveller mode of Truecrypt which
    also has a similar goal: not of being absolutely undetectable but of
    being unobvious. The goal of not coming to someone's attention in the
    first place, rather than resisting disclosure afterwards, is not one to
    be sneered at.

    And, no, nothing is lost by using this method. And, of course, there is
    no detriment to the actual security of the file's encrypted contents,
    should its existence be detected. The method doesn't try to do
    Truecrypt's job of encryption; it is instead a complement to it.

    I say, without fear of contradiction, that there is NO method of
    unsuspiciously hiding a multi-gigabyte encrypted file from a *thorough*
    search - this just makes it easier to pass undetected through a less than
    thorough search (or, better yet, to avoid a search in the first place).
    In fact, I strongly suspect that, until I disclosed this approach, you
    would not have looked for it. It, like most conjurer's tricks, is one of
    subterfuge and misdirection. And, like a conjurer's trick, it is totally
    simple and obvious - but only AFTER it has been explained!

    Used judiciously, the method lends itself to other tricks as well. For
    instance, use of ADS escapes the Windows disk quota system. This, for
    instance, permits one to stash a multi-gigabyte file on a network drive
    where one supposedly only has, say, 5 meg allotted. Chances are high (in
    many environments) that such a drive is not even checked for such things
    - I say this from experience in a large number of clients' environments,
    including several that flattered themselves that they ran tight ships.

    Regards,

    PS While many virus and trojan checkers now look for ADS (they didn't
    until just a few years ago even though ADS has been around since about
    1990) there are still several which cannot detect an ADS attached to the
    *root* directory of a drive (attached, not to a file *in* the root
    directory, but to the root directory itself).

    PPS Personally, I have now moved away from this method to using the
    still-not-widely-known method of hiding files in the HPA. Most ordinary
    tools, including even some of the lesser forensic ones, will only look
    for hidden partitions and the like in the accessible part of the HD,
    cheerfully accepting the hardware-level under-reporting of the HD's true
    capacity.

    (Phoenix and some others are now screwing this up for hackers by using
    such partitions for backup/recovery, which is widening the appreciatioon
    of the HPA. Sic transeunt hacks :)

    Cascading methods can also be helpful. Would you like to guess how many
    tools currently support looking for an ADS attached to a file in the HPA?
    That's right: none!
     
    nemo_outis, Sep 8, 2006
    #4
  5. nemo_outis

    Redwood Guest

    "nemo_outis" <> wrote in
    news:Xns9837E1A9AD038abcxyzcom@204.153.244.170:

    > Cascading methods can also be helpful. Would you like to guess
    > how many tools currently support looking for an ADS attached to
    > a file in the HPA? That's right: none!
    >


    http://www.md5.uk.com/prodiscover_incidentresponse.htm
    http://www.winhex.com/forensics/
    http://vidstrom.net/stools/taft/
    http://www.guidancesoftware.com/products/ef_AddOn.asp

    Are a few that will do this. As you mentioned now even AV detect
    and flag streams due to their utilization by viruses and older
    rootkits, soon they'll be scanning the HPA as well. This may have
    been useful years ago but now you are effectively tying a huge red
    flag to the file. As you mentioned, it's basically impossible to
    hide a file, better to disguise it than cause a second closer look
    because it was flagged for being an ADS (yes, even in the HPA, it's
    not immune anymore).
     
    Redwood, Sep 8, 2006
    #5
  6. nemo_outis

    nemo_outis Guest

    Redwood <> wrote in news:2615EJ3J38968.1544097222
    @twistycreek.com:

    > "nemo_outis" <> wrote in
    > news:Xns9837E1A9AD038abcxyzcom@204.153.244.170:
    >
    >> Cascading methods can also be helpful. Would you like to guess
    >> how many tools currently support looking for an ADS attached to
    >> a file in the HPA? That's right: none!
    >>

    >
    > http://www.md5.uk.com/prodiscover_incidentresponse.htm
    > http://www.winhex.com/forensics/
    > http://vidstrom.net/stools/taft/
    > http://www.guidancesoftware.com/products/ef_AddOn.asp
    >
    > Are a few that will do this. As you mentioned now even AV detect
    > and flag streams due to their utilization by viruses and older
    > rootkits, soon they'll be scanning the HPA as well. This may have
    > been useful years ago but now you are effectively tying a huge red
    > flag to the file. As you mentioned, it's basically impossible to
    > hide a file, better to disguise it than cause a second closer look
    > because it was flagged for being an ADS (yes, even in the HPA, it's
    > not immune anymore).



    I think you will find you have overstated your case. Yes, many forensic
    tools can locate ADS and, yes, some now will access the HPA, but they do
    not look for ADS in the HPA (commonly, but not universally, the HPA is
    set up as a Linux ext2 - or variant - file system rather than NTFS and
    the question of ADS does not even arise).

    Moreover, even within the conventionally accessible area of a hard disk,
    some of the forensic tools have trouble picking up some ADSs (such as my
    trick of attaching an ADS to the root directory rather than a file). The
    X-ways page you refer to above itself notes this very point (while gently
    slagging off their competitors) in the following bullet:

    "Easy detection of and access to NTFS alternate data streams (ADS), even
    where Encase 5.05 and ILook fail"

    As for anti-virus programs, many now look for viruses within ADSs but
    few, in standard configuration, report the ADS if the ADS is (ostensibly)
    benign. That's because thare are a few (just a few, but that's enough)
    entirely legitmate uses of ADS. Examples include thumbnails, extended
    document properties, and Kaspersky antivirus scan markings (yes, an
    antivirus program itself uses ADS!). A (Truecrypt) ADS named and
    attached to an appropriate host file as one of these legitimate types
    will almost certainly not be reported by an antivirus program. (I say
    this as a corporate version of TrendMicro has passed over my ADS
    collection - for the umpteenth time - without reporting anything amiss.)

    But I'm not here to "sell" you on the method (I get no commission :)
    I'm not pretending this is the whole toolbox, merely one tool in it -
    that's why I labelled it a trick in the first place. I impart the
    information to be added to the toolbox of hackers and sysadmins alike to
    increase the defensive or offensive repertoire of both.

    Regards,
     
    nemo_outis, Sep 8, 2006
    #6
  7. nemo_outis

    Vanguard Guest

    "nemo_outis" <> wrote in message
    news:Xns9837B47BD70FCabcxyzcom@127.0.0.1...
    > This may be old hat to some of you, but it may be new to others: it
    > is
    > possible to create and/or mount an ADS (alternate data stream) as an
    > encrypted Truecrypt container file.
    >
    > For instance, if the file C:\somepath\sometext.txt already exists on
    > your
    > system (or create it and fill it with some text) then you would
    > create a
    > ADS Truecrypt volume invisibly "attached" to it (called "hidden" for
    > illustration but you may wish to call it something more bland,
    > perhaps a
    > Kaspersky antivirus ADS name) by doing the following:
    >
    > Invoke Truecrypt and, when prompted for the name of the file to
    > create as a
    > Truecrypt container file, enter:
    >
    > C:\somepath\sometext.txt:hidden
    >
    > That is, append a colon and then the name of
    > your-soon-to-be-created-ADS
    > Truecrypt file to the existing visible file name.
    >
    > Same for mounting.
    >
    > Incidentally, do not use the file explorer dialog box (which will
    > choke);
    > instead type the name directly into the Truecrypt file name entry
    > box.
    >
    > Regards,
    >
    > PS Obviously, the visible host file could be other than a text
    > file - any
    > file type will do. For instance, the devious may use a
    > not-easily-deleted
    > system file. Or the even more devious can use a directory rather
    > than a
    > file. (Yes, directories and not just files can have ADSs; those
    > attached to
    > the root directory of a drive are especially hard to detect - or get
    > rid
    > of!)
    >
    > PPS For manipulating ADS additional extents (the proper name for
    > the
    > hidden piggyback files) the best program I've come across is NTFS
    > Streams
    > Info. Nothing to do with encryption, just revealing, creating,
    > deleting,
    > etc.
    >
    > PPPS ADS streams are becoming better known but are still not
    > well-known -
    > even to some sysadmins. Their day is passing as a useful trick.
    > Passing,
    > but not yet past :)
    >


    Data streams is a feature of the NT file system (NTFS), not of
    TrueCrypt. Data streams have been around since NTFS was invented. It
    is sometimes used but not often. In fact, Kaspersky used it as a
    means of speeding up their on-demand scans by saving a hash code of
    the file in a data stream which it would compare when scanning the
    file. If the file hadn't changed, the hash was the same so they could
    skip scanning that file for viruses. Unfortunately that meant when
    you uninstalled KAV that you ended up with lots of files with remnant
    data streams.

    Unless you are the only user of the host, and if you are willing to
    ignore warnings from malware scanners that check for ADS, it could
    easily disappear, especially if seen as a junk file or something no
    longer wanted. Hiding the .tc file in a data stream is not going to
    hide it from anyone except neophytes since anyone interrogating your
    system will find it, especially due to the disk space usage.

    If you wanted to hide what is in the TrueCrypt volume, why not use
    their hidden volume trick. You use a password for the unhidden part
    which you divulge under pressure or threat but the hidden stuff uses a
    different password. You could use steganography to hide content
    within files so users would just see the pretty picture but hidden
    within is your secret data but if you save a huge amount of data in
    the picture file than its size makes it suspect.
     
    Vanguard, Sep 11, 2006
    #7
  8. nemo_outis

    nemo_outis Guest

    "Vanguard" <> wrote in
    news::


    > Data streams is a feature of the NT file system (NTFS), not of
    > TrueCrypt. Data streams have been around since NTFS was invented. It
    > is sometimes used but not often. In fact, Kaspersky used it...



    You're coming a little late to the party - I have already noted these
    points.

    As for steganography, it is readily detectable unless the payload is less
    than a few percent (i.e., the ratio of hidden to host data). While now
    rather long in the tooth, you could start with reading the history of such
    things as OutGuess and stegdetect. Then move on to the Crypto conferences
    (published by Springer).

    Regards,
     
    nemo_outis, Sep 11, 2006
    #8
  9. nemo_outis

    null Guest

    nemo_outis wrote:

    > Or the even more devious can use a
    > directory rather than a file. (Yes, directories and not just files
    > can have ADSs


    Dr. Pedantic says: Directories ARE files.
     
    null, Sep 11, 2006
    #9
  10. nemo_outis

    null Guest

    wrote:

    > I agree, it's protection against your kid sister only - security
    > through obscurity, and we all know what that means! (Yuck!)


    Here we go... Can you name some type of security that ISN'T making use
    of obscurity? The lock to your car and house require an
    obscurely-patterned key to fit. Every one of your passwords works
    because it is obscure. And on and on... And your anonymous remailer
    adds privacy and security by using obscurity.
     
    null, Sep 11, 2006
    #10
  11. nemo_outis

    null Guest

    nemo_outis wrote:

    > I say, without fear of contradiction, that there is NO method of
    > unsuspiciously hiding a multi-gigabyte encrypted file from a
    > *thorough* search


    A guy I know who is much more hardcore than me sometimes takes his OTFE
    file and writes it to a disk that is offline. The file ends up in
    perfect form on the disk, but the file system (i.e. the MFT, if using
    NTFS) contains absolutely no reference to this file. Since
    crypto-strong pseudorandom algorithms are used on each and every one of
    his disks, that file blends in perfectly with free space. He stores the
    offset and length of the file, and nothing else. Let me know how this
    method would be "suspicious" to you.
     
    null, Sep 11, 2006
    #11
  12. null wrote:

    > wrote:
    >
    > > I agree, it's protection against your kid sister only - security
    > > through obscurity, and we all know what that means! (Yuck!)

    >
    > Here we go... Can you name some type of security that ISN'T making use
    > of obscurity? The lock to your car and house require an
    > obscurely-patterned key to fit. Every one of your passwords works
    > because it is obscure. And on and on... And your anonymous remailer
    > adds privacy and security by using obscurity.


    None of those things use obscurity in any significant way to provide
    security. Even your car key relies on provable mathematical formula and
    the probability that a thief can't try all possible keys in any
    practical span of time. Passwords and encryption (remailers) rely on
    hard mathematics even more so than your auto's locks, and are
    consequently even harder to "crack". Assuming passwords of sufficient
    strength of course, which is a contradiction to passwords that are
    merely obscure.
     
    George Orwell, Sep 11, 2006
    #12
  13. nemo_outis

    nemo_outis Guest

    "null" <> wrote in news:MG5Ng.9253$xV.2946
    @twister.nyroc.rr.com:

    > nemo_outis wrote:
    >
    >> Or the even more devious can use a
    >> directory rather than a file. (Yes, directories and not just files
    >> can have ADSs

    >
    > Dr. Pedantic says: Directories ARE files.




    If that is what he says then Dr. Pedantic is somewhat more sloppy than he
    should be.

    In the NTFS system all files consist of one or more entries in the MFT and
    zero or more extents. A directory, like a data storage compartment (or
    other info like metadata) is generally implemented as an extent. In short,
    a directory is *a part of* a file (more specifically, an extent).

    While not conventionally implemented this way, a single file could consist
    of multiple directories, multiple data storage areas, and multiple other
    unspecified types of compartment (possibly containing metadata, for
    instance) with each implemented as an extent.

    Regards,
     
    nemo_outis, Sep 11, 2006
    #13
  14. nemo_outis

    nemo_outis Guest

    "null" <> wrote in news:CN5Ng.9255$xV.7519
    @twister.nyroc.rr.com:

    > nemo_outis wrote:
    >
    >> I say, without fear of contradiction, that there is NO method of
    >> unsuspiciously hiding a multi-gigabyte encrypted file from a
    >> *thorough* search

    >
    > A guy I know who is much more hardcore than me sometimes takes his OTFE
    > file and writes it to a disk that is offline. The file ends up in
    > perfect form on the disk, but the file system (i.e. the MFT, if using
    > NTFS) contains absolutely no reference to this file. Since
    > crypto-strong pseudorandom algorithms are used on each and every one of
    > his disks, that file blends in perfectly with free space. He stores the
    > offset and length of the file, and nothing else. Let me know how this
    > method would be "suspicious" to you.



    I'm eager to learn how one writes to an offline disk.

    Regards,
     
    nemo_outis, Sep 11, 2006
    #14
  15. nemo_outis

    nemo_outis Guest

    "nemo_outis" <> wrote in
    news:Xns983B5CC2112AEabcxyzcom@127.0.0.1:

    > "null" <> wrote in news:MG5Ng.9253$xV.2946



    In fact, if Dr. Pedantic had wanted to be even more precise, he would have
    noted that directories are subcomponents of one particular file ($MFT) and
    that they are implemented as "index attributes" based on a B+ structure.
    Large directories have their entries spill over into one or more instances
    of "index buffers" with the index allocation attribute header specifying
    the location(s) of those index buffers.

    By now, I think Dr. Pedantic may regret his rather rash interjection and
    wish he had not taken it upon himself to introduce his pointless correction
    in the first place.

    Regards,

    ..
     
    nemo_outis, Sep 11, 2006
    #15
  16. On Mon, 11 Sep 2006, George Orwell wrote:

    > null wrote:
    >
    > > wrote:
    > >
    > > > I agree, it's protection against your kid sister only - security
    > > > through obscurity, and we all know what that means! (Yuck!)

    > >
    > > Here we go... Can you name some type of security that ISN'T making use
    > > of obscurity? The lock to your car and house require an
    > > obscurely-patterned key to fit. Every one of your passwords works
    > > because it is obscure. And on and on... And your anonymous remailer
    > > adds privacy and security by using obscurity.

    >
    > None of those things use obscurity in any significant way to provide
    > security. Even your car key relies on provable mathematical formula and
    > the probability that a thief can't try all possible keys in any
    > practical span of time. Passwords and encryption (remailers) rely on
    > hard mathematics even more so than your auto's locks, and are
    > consequently even harder to "crack". Assuming passwords of sufficient
    > strength of course, which is a contradiction to passwords that are
    > merely obscure.


    The point is that the keys and passwords protect the car and the files.
    Obscurity protects the keys and the passwords. That's what he was
    saying. Ultimately your car and files are safe because you hide your
    keys and passwords from strangers.

    --
    Chris
     
    Chris Lawrence, Sep 11, 2006
    #16
  17. Chris Lawrence wrote:

    > On Mon, 11 Sep 2006, George Orwell wrote:
    >
    > > null wrote:
    > >
    > > > wrote:
    > > >
    > > > > I agree, it's protection against your kid sister only - security
    > > > > through obscurity, and we all know what that means! (Yuck!)
    > > >
    > > > Here we go... Can you name some type of security that ISN'T making use
    > > > of obscurity? The lock to your car and house require an
    > > > obscurely-patterned key to fit. Every one of your passwords works
    > > > because it is obscure. And on and on... And your anonymous remailer
    > > > adds privacy and security by using obscurity.

    > >
    > > None of those things use obscurity in any significant way to provide
    > > security. Even your car key relies on provable mathematical formula and
    > > the probability that a thief can't try all possible keys in any
    > > practical span of time. Passwords and encryption (remailers) rely on
    > > hard mathematics even more so than your auto's locks, and are
    > > consequently even harder to "crack". Assuming passwords of sufficient
    > > strength of course, which is a contradiction to passwords that are
    > > merely obscure.

    >
    > The point is that the keys and passwords protect the car and the files.
    > Obscurity protects the keys and the passwords.


    Obviously not. Keys and passwords aren't secure because they're
    obscure, they're secure because they're made physically so.

    > That's what he was
    > saying. Ultimately your car and files are safe because you hide your
    > keys and passwords from strangers.


    False. There's a huge difference between obscurity and physical
    security.
     
    Non scrivetemi, Sep 11, 2006
    #17
  18. On Mon, 11 Sep 2006, Non scrivetemi wrote:

    > > > None of those things use obscurity in any significant way to provide
    > > > security. Even your car key relies on provable mathematical formula and
    > > > the probability that a thief can't try all possible keys in any
    > > > practical span of time. Passwords and encryption (remailers) rely on
    > > > hard mathematics even more so than your auto's locks, and are
    > > > consequently even harder to "crack". Assuming passwords of sufficient
    > > > strength of course, which is a contradiction to passwords that are
    > > > merely obscure.

    > >
    > > The point is that the keys and passwords protect the car and the files.
    > > Obscurity protects the keys and the passwords.

    >
    > Obviously not. Keys and passwords aren't secure because they're
    > obscure, they're secure because they're made physically so.


    I'm not talking about security of keys and passwords, I'm talking about
    the security of the protection of keys and passwords. Car keys are
    quite intrinsically secure but you still have to hide them from
    strangers. Ultimately the security of your vehicle comes down to how
    well you hide your keys (given that the ignition can't be defeated due
    to its intrinsic security). In otherwords the ignition is safe because
    the key system is strong. The key is safe because you don't know how to
    get it.

    > > That's what he was
    > > saying. Ultimately your car and files are safe because you hide your
    > > keys and passwords from strangers.

    >
    > False. There's a huge difference between obscurity and physical
    > security.


    You need to make the separation between the intrinsic security of the
    key and the security in managing the key. If I choose a strong password
    for a well protected service that is good, but it's only safe because a)
    you can't guess it, by definition and b) you can't access mine. And you
    can't access mine because I hide it from you. Ultimately it comes down
    to something I know that you don't know. That's security through
    obscurity.

    Trouble is people chant the "security by obscurity never works" mantra
    so blithely, seemingly trying to look good by association with their
    equally noisy peers.

    --
    Chris
     
    Chris Lawrence, Sep 11, 2006
    #18
  19. nemo_outis

    nemo_outis Guest


    > Trouble is people chant the "security by obscurity never works" mantra
    > so blithely, seemingly trying to look good by association with their
    > equally noisy peers.




    "Security by obscurity never works" is a bumper-sticker version of Auguste
    Kerckhoff's principle that, while catchy, sacrifices precision. Kerckhoff's
    principle is presented better in the Wikipedia as: a cryptosystem should be
    secure even if everything about the system, except the key, is public
    knowledge. Kerckhoff's principle recognizes that every secret is a
    potential point of failure, and such points of failure should therefore be
    minimized by "concentrating" all secrecy at one point, the key, which can
    then be guarded without diffusing one's resources. A case of accepting the
    violation of another principle - no single point of failure - but
    compensating by guarding the one secret (i.e., the potential point of
    failure) well.

    Regards,
     
    nemo_outis, Sep 11, 2006
    #19
  20. On Mon, 11 Sep 2006, nemo_outis wrote:

    > > Trouble is people chant the "security by obscurity never works" mantra
    > > so blithely, seemingly trying to look good by association with their
    > > equally noisy peers.

    >
    > "Security by obscurity never works" is a bumper-sticker version of Auguste
    > Kerckhoff's principle that, while catchy, sacrifices precision. Kerckhoff's
    > principle is presented better in the Wikipedia as: a cryptosystem should be
    > secure even if everything about the system, except the key, is public
    > knowledge.


    Yup, I agree. There are two cryptosystems in existence though.
    Secret1 is protected by Key1 as part of CryptoSystem1. However Key1 is
    also Secret2 and is protected by Key2 as part of CryptoSystem2. In the
    case where Key1 is a car key or a password, Key2 is nothing more than
    privileged knowledge, and CryptoSystem2 is security by obscurity.

    You're reminding me that CryptoSystem1 ought to be strong through Key1
    alone. I'm not disagreeing. I'm talking about the fact that Key1 is
    Secret2 and how it is kept that way.

    > Kerckhoff's principle recognizes that every secret is a potential
    > point of failure, and such points of failure should therefore be
    > minimized by "concentrating" all secrecy at one point, the key, which
    > can then be guarded without diffusing one's resources. A case of
    > accepting the violation of another principle - no single point of
    > failure - but compensating by guarding the one secret (i.e., the
    > potential point of failure) well.


    Exactly, "guarding" being the operative word, almost always coming down
    to a case of hiding something, for example a sequence of characters in
    your head, or keeping a car key separate from the car.

    --
    Chris
     
    Chris Lawrence, Sep 11, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nemo outis

    Truecrypt 3.0 has been released

    nemo outis, Dec 10, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    619
    Anonymous
    Dec 11, 2004
  2. Ari Silversteinn

    Re: Truecrypt 4 Released!

    Ari Silversteinn, Nov 2, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    565
    traveler
    Nov 2, 2005
  3. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 26, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    483
    nemo_outis
    Nov 26, 2005
  4. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 27, 2005, in forum: Computer Security
    Replies:
    8
    Views:
    743
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
  5. Borked Pseudo Mailed

    Re: Truecrypt 4.1

    Borked Pseudo Mailed, Nov 27, 2005, in forum: Computer Security
    Replies:
    11
    Views:
    1,299
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
Loading...

Share This Page