Truecrypt 5.0 Released (now with system partition encryption)

Discussion in 'Computer Security' started by nemo_outis, Feb 6, 2008.

  1. nemo_outis

    nemo_outis Guest

    nemo_outis, Feb 6, 2008
    #1
    1. Advertising

  2. nemo_outis

    Merk Guest

    nemo_outis wrote:
    > http://www.truecrypt.org/
    >
    > Regards,


    Anyone tried it? Is it whole disk encryption like PGP whole disk encryption?
     
    Merk, Feb 6, 2008
    #2
    1. Advertising

  3. nemo_outis

    nemo_outis Guest

    Merk <> wrote in
    news:47aa3faf$0$47180$:

    > nemo_outis wrote:
    >> http://www.truecrypt.org/
    >>
    >> Regards,

    >
    > Anyone tried it? Is it whole disk encryption like PGP whole disk
    > encryption?


    I haven't tried it yet but the description suggests it is functionally
    equivalent to PGP Wholedisk, etc.

    Regards,
     
    nemo_outis, Feb 6, 2008
    #3
  4. nemo_outis

    nospamatall Guest

    Merk wrote:
    > nemo_outis wrote:
    >> http://www.truecrypt.org/
    >>
    >> Regards,

    >
    > Anyone tried it? Is it whole disk encryption like PGP whole disk
    > encryption?

    Yes, everything not is ram is encrypted.
     
    nospamatall, Feb 6, 2008
    #4
  5. nemo_outis

    Sebastian G. Guest

    Merk wrote:

    > nemo_outis wrote:
    >> http://www.truecrypt.org/
    >>
    >> Regards,

    >
    > Anyone tried it?



    I tried it, and, unlike most other pre-boot stuff, actually worked on my
    trivial test machine.

    However, I found a privilege escalation vulnerability from version 4.3a
    being carried over, so I heavily recommend to avoid using TrueCrypt until
    it's fixed.

    > Is it whole disk encryption like PGP whole disk encryption?



    Nah, it also allows for some kinds of dual boot configurations. And it
    compiles with much less changes. And it's far more lightweight.
     
    Sebastian G., Feb 6, 2008
    #5
  6. nemo_outis

    Sebastian G. Guest

    nospamatall wrote:

    > Merk wrote:
    >> nemo_outis wrote:
    >>> http://www.truecrypt.org/
    >>>
    >>> Regards,

    >> Anyone tried it? Is it whole disk encryption like PGP whole disk
    >> encryption?

    > Yes, everything not is ram is encrypted.



    Everything except the boot loader.
     
    Sebastian G., Feb 6, 2008
    #6
  7. nospamatall wrote:

    > Merk wrote:
    > > nemo_outis wrote:
    > >> http://www.truecrypt.org/
    > >>
    > >> Regards,

    > >
    > > Anyone tried it? Is it whole disk encryption like PGP whole disk
    > > encryption?

    > Yes, everything not is ram is encrypted.


    No, it's not. With a two partition setup and both encrypted you can
    still see partition information booting from a LiveCD

    It's NOT whole disk encryption. It was never advertised as such.
     
    Cyberiade.it Anonymous Remailer, Feb 7, 2008
    #7
  8. nemo_outis

    Casper Guest

    > No, it's not. With a two partition setup and both encrypted you can
    > still see partition information booting from a LiveCD
    >
    > It's NOT whole disk encryption. It was never advertised as such.


    Thank you for the info, I am glad you understand the difference between
    asking for a password on boot up and having the whole thing encrypted,
    too many people confuse these terms.
     
    Casper, Feb 7, 2008
    #8
  9. nemo_outis

    nospamatall Guest

    Casper wrote:
    >> No, it's not. With a two partition setup and both encrypted you can
    >> still see partition information booting from a LiveCD
    >>
    >> It's NOT whole disk encryption. It was never advertised as such.

    >
    > Thank you for the info, I am glad you understand the difference between
    > asking for a password on boot up and having the whole thing encrypted,
    > too many people confuse these terms.
    >
    >

    I can see that there is a difference, but why would it be important? If
    the entire disk is encrypted, how could you do anything with it?

    Andy
     
    nospamatall, Feb 7, 2008
    #9
  10. nemo_outis

    Casper Guest

    > I can see that there is a difference, but why would it be important? If
    > the entire disk is encrypted, how could you do anything with it?
    >
    > Andy


    Then if you see a difference, can you explain what the difference is?
    That would answer your question at the same time.
     
    Casper, Feb 7, 2008
    #10
  11. nemo_outis

    nemo_outis Guest

    nospamatall <> wrote in news:foe450$6bv$:

    > Casper wrote:
    >>> No, it's not. With a two partition setup and both encrypted you can
    >>> still see partition information booting from a LiveCD
    >>>
    >>> It's NOT whole disk encryption. It was never advertised as such.

    >>
    >> Thank you for the info, I am glad you understand the difference
    >> between asking for a password on boot up and having the whole thing
    >> encrypted, too many people confuse these terms.
    >>
    >>

    > I can see that there is a difference, but why would it be important?
    > If the entire disk is encrypted, how could you do anything with it?
    >
    > Andy



    The entire disk IS encrypted, with the exception of the boot stub on
    track 0.

    All full HD OTFE encryption schemes need a small amount of unencrypted
    code to initialize themselves, etc. and this is normally stored on track
    0, with the BIOS doing handoff to the first sector on that track (the
    MBR) during bootup from the HD (assuming it has the system partition).

    Usually only the first sector on that (notionally 63-sector) track is
    non-empty (although there are exceptions) so usually there is no problem
    with the encryption software arrogating the whole track to itself. Most
    do. (Their arrogation of track 0 can cause problems with some
    multi-loaders, etc. which also wish to grab track 0)

    The conventional partition table is also normally stored as part of the
    first sector of track zero (there are some subtle differences for newer
    schemes such as GPT/GUID partitions). While this table could be
    encrypted by full HD OTFE software it is, IMNSHO, bad practice to do so.
    The reason is that other software (as might be used, for instance, by
    someone who does not know that the disk is encrypted) often reads the
    partition table to discern how the disk is used and even whether it is
    trashed and available for (re-)formatting. An encryped partition table
    is just begging for trouble from any use of such software.

    The only information leaked by using an unencrypted (conventional)
    partition table is the start, end, size, type/signature, and "active"
    bit/(drive #) of the (up to) 4 partitions . This is not a serious
    leakage of information and leaving the partition table in plaintext
    (plaintext for a partition table, that is) minimizes the risks noted
    above.

    In short, ALL full HD OTFE encryption programs have an unencrypted stub
    on the boot hard drive. Some of them may encrypt the partition table,
    some may not - but the security risks in not encrypting are negligible
    and it minimizes risks from other sources.

    It is generally good practice to back up the entire first track (which
    includes the MBR). In fact, most "emergency recovery disks" for full HD
    OTFE programs do exactly this (and often a bit more as well).

    Regards,

    PS There will be all sorts of wailing and moaning over this post from
    various quibblers, cavillers, and whiners - have many large grains of
    salt handy to deal with their responses.
     
    nemo_outis, Feb 7, 2008
    #11
  12. nemo_outis

    Ari Guest

    On Thu, 07 Feb 2008 00:53:41 +0100, Sebastian G. wrote:

    > However, I found a privilege escalation vulnerability from version 4.3a
    > being carried over, so I heavily recommend to avoid using TrueCrypt until
    > it's fixed.


    Not to look a gift horse but why have they not fixed this?
    --
    An Explanation Of The Need To Be "Anonymous"
    http://www.penny-arcade.com/comic/2004/03/19
     
    Ari, Feb 7, 2008
    #12
  13. nemo_outis

    Anonymous Guest

    nospamatall wrote:

    > Casper wrote:
    > >> No, it's not. With a two partition setup and both encrypted
    > >> you can still see partition information booting from a LiveCD
    > >>
    > >> It's NOT whole disk encryption. It was never advertised as
    > >> such.

    > >
    > > Thank you for the info, I am glad you understand the difference
    > > between asking for a password on boot up and having the whole
    > > thing encrypted, too many people confuse these terms.
    > >
    > >

    > I can see that there is a difference, but why would it be
    > important? If the entire disk is encrypted, how could you do
    > anything with it?


    We were just discussing the issue of plausible deniability, and
    determining if individual encrypted devices/volumes existed at all.
    If you need to hide the fact that certain volumes exist then it
    becomes an issue.

    I haven't tried it out yet, but the nice thing about system
    partition encryption is that you should be able to create a hidden
    volume on a system partition which would be truly invisible to the
    host partition and any OS you have installed there. In theory, the
    choice of passwords at boot time could switch back and forth
    between two completely different and independent operating
    environments. That's an even better alternative to running guest
    operating systems under VMWare for some of us, if it's actually
    possible.

    Has anyone played with this yet? I may have to hook a monitor up to
    an old machine. ;)


    >
    > Andy
     
    Anonymous, Feb 7, 2008
    #13
  14. nemo_outis

    nemo_outis Guest

    Anonymous <> wrote in
    news::

    > nospamatall wrote:
    >
    >> Casper wrote:
    >> >> No, it's not. With a two partition setup and both encrypted
    >> >> you can still see partition information booting from a LiveCD
    >> >>
    >> >> It's NOT whole disk encryption. It was never advertised as
    >> >> such.
    >> >
    >> > Thank you for the info, I am glad you understand the difference
    >> > between asking for a password on boot up and having the whole
    >> > thing encrypted, too many people confuse these terms.
    >> >
    >> >

    >> I can see that there is a difference, but why would it be
    >> important? If the entire disk is encrypted, how could you do
    >> anything with it?

    >
    > We were just discussing the issue of plausible deniability, and
    > determining if individual encrypted devices/volumes existed at all.
    > If you need to hide the fact that certain volumes exist then it
    > becomes an issue.
    >
    > I haven't tried it out yet, but the nice thing about system
    > partition encryption is that you should be able to create a hidden
    > volume on a system partition which would be truly invisible to the
    > host partition and any OS you have installed there. In theory, the
    > choice of passwords at boot time could switch back and forth
    > between two completely different and independent operating
    > environments. That's an even better alternative to running guest
    > operating systems under VMWare for some of us, if it's actually
    > possible.
    >
    > Has anyone played with this yet? I may have to hook a monitor up to
    > an old machine. ;)
    >
    >
    >>
    >> Andy


    If you use any current scheme of full HD OTFE encryption then the fact
    that you use encryption is necessarily given away. The code in the
    "bootable stub" of the encryption program on track zero will disclose to
    any knowledgeable investigator, not only that you are using full HD
    encryption, but which vendor's. In fact, often just the "signature
    byte" of an (unencrypted) partition table is enough to reveal the
    encryption vendor.

    You could, I suppose overwrite track zero (and the rest of the plaintext
    "bootstub" if it goes beyond track zero) with random garbage between user
    sessions (using a reboot from CD/floppy/USB to run the random overwriting
    program) and then use the "recovery disk" to restore the bootstub info
    when starting another session hours, days, or weeks later. Such a dual
    boot approach (once with floppy/CD/USB to use the restore function of the
    full HD encryption software, and then a second time to invoke it) would
    not be too onerous for the paranoid since the restoration typically only
    involves a few megs.

    I would not do this for plausible deniability reasons (I don't think the
    game is worth the candle) but it could be worthwhile to ensure that no
    one has tampered with the only plaintext code on the drive: the bootstub
    of the full HD encryption program. (Restoration of the few megs would
    presumably take only slightly longer than hash verification, although
    that is an alternative.)

    Overwriting the patrtition table with junk could, however, expose one to
    the risks I discussed in a previous post. But if the partition data is
    preserved (and not overwritten with random junk) then at least the
    "signature byte" of each partition should be changed from any that reveal
    that an encryption scheme was used.

    Regards,
     
    nemo_outis, Feb 7, 2008
    #14
  15. nemo_outis wrote:

    > The entire disk IS encrypted, with the exception of the boot stub
    > on track 0.


    No, it's not. If you have two partitions and encrypt only the
    "system" partition the other isn't touched. If you encrypt both,
    they still exist as independent partitions. Some amount of data
    about each will be stored in the MBR depending on operating system,
    and all the "gotchas" with respect to an OS stashing away
    information about partition/file access and such still exist, even
    for "hidden" volumes on non-system partitions.

    We were just discussing the hows and whys of hiding the fact that
    volumes exist can be significant guy, I'm surprised you can't see
    why to some people this subtle difference would be important.

    As to your "encrypted partition tables are asking for trouble"
    guesswork, that's just pure bunk. All true WD encryption products
    I'm aware of do exactly that, and a lot of other utilities like
    whole disk compressors and certain boot managers perform similar
    functions. So far the net hasn't been flooded with reports of all
    the disasters you seem to think should be occurring.

    *shrug*

    Exposed partition tables absolutely are less secure than their
    encrypted cousins, too. One of the first things any cryptanalyst
    who isn't just plodding along doing brute force attacks asks is
    *what* is being encrypted. That's an easy question to answer if
    partition information is laid out at his feet[1].

    > PS There will be all sorts of wailing and moaning over this post
    > from various quibblers, cavillers, and whiners - have many large
    > grains of salt handy to deal with their responses.


    It's not quibbling and whining, it's called being accurate. The two
    types of encryption being discussed here don't even function at the
    same layer. Whole disk is "storage layer"[2] encryption and
    Ttruecrypt obviously does business at the file system layer.

    I'm sure you'd like people to think that difference is just mindless
    nit picking because you can't stand being wrong about something,
    but the fact remains that Truecrypt is not, and isn't even marketed
    as, a whole disk encryption product. In fact the only person I've
    seen call it that, is you.

    [1] http://www.linux.com/base/ldp/howto/Disk-Encryption-HOWTO/introduction.html

    [2] http://en.wikipedia.org/wiki/Encryption_layer_in_storage_stack

    Il mittente di questo messaggio|The sender address of this
    non corrisponde ad un utente |message is not related to a real
    reale ma all'indirizzo fittizio|person but to a fake address of an
    di un sistema anonimizzatore |anonymous system
    Per maggiori informazioni |For more info
    https://www.mixmaster.it
     
    George Orwell, Feb 7, 2008
    #15
  16. nemo_outis

    Sebastian G. Guest

    Cyberiade.it Anonymous Remailer wrote:

    > nospamatall wrote:
    >
    >> Merk wrote:
    >>> nemo_outis wrote:
    >>>> http://www.truecrypt.org/
    >>>>
    >>>> Regards,
    >>> Anyone tried it? Is it whole disk encryption like PGP whole disk
    >>> encryption?

    >> Yes, everything not is ram is encrypted.

    >
    > No, it's not. With a two partition setup and both encrypted you can
    > still see partition information booting from a LiveCD
    >
    > It's NOT whole disk encryption. It was never advertised as such.


    Bullshit. You can encrypt the whole disc as well as single partitions.
     
    Sebastian G., Feb 7, 2008
    #16
  17. nemo_outis

    Sebastian G. Guest

    Ari wrote:

    > On Thu, 07 Feb 2008 00:53:41 +0100, Sebastian G. wrote:
    >
    >> However, I found a privilege escalation vulnerability from version 4.3a
    >> being carried over, so I heavily recommend to avoid using TrueCrypt until
    >> it's fixed.

    >
    > Not to look a gift horse but why have they not fixed this?



    Good question. The last bug is reported about two month ago got only fixed
    in version 5.0.
     
    Sebastian G., Feb 7, 2008
    #17
  18. Ari wrote:

    > On Thu, 07 Feb 2008 00:53:41 +0100, Sebastian G. wrote:
    >
    > > However, I found a privilege escalation vulnerability from version 4.3a
    > > being carried over, so I heavily recommend to avoid using TrueCrypt until
    > > it's fixed.

    >
    > Not to look a gift horse but why have they not fixed this?


    In a similar vein, the Linux version sucks. ;)

    OS encryption (it's not wholedisk) isn't even implemented. That's not a
    huge problem because Linux has native counterparts, but it would have
    been nice.

    There's also a cute new GUI, but you can't get around it as far as I can
    tell. So if you're running Truecrypt on a remote machine via ssh or
    what not, you'd better have GTK installed and X forwarding enabled or
    you're screwed until you downgrade. Reminds me of that damned GnuPG2
    pinentry crap. <grrrrrr>

    They also changed the sequence of passwords, at least on my Debian box
    (the only place I've tried it so far). Threw me off the first time. I
    thought my volumes were no longer compatible. ;)
     
    Cyberiade.it Anonymous Remailer, Feb 7, 2008
    #18
  19. nemo_outis

    Nomen Nescio Guest

    Sebastian G. wrote:

    > Cyberiade.it Anonymous Remailer wrote:
    >
    > > nospamatall wrote:
    > >
    > >> Merk wrote:
    > >>> nemo_outis wrote:
    > >>>> http://www.truecrypt.org/
    > >>>>
    > >>>> Regards,
    > >>> Anyone tried it? Is it whole disk encryption like PGP whole
    > >>> disk encryption?
    > >> Yes, everything not is ram is encrypted.

    > >
    > > No, it's not. With a two partition setup and both encrypted you
    > > can still see partition information booting from a LiveCD
    > >
    > > It's NOT whole disk encryption. It was never advertised as such.

    >
    > Bullshit. You can encrypt the whole disc as well as single
    > partitions.


    You should try things before running your mouth. Might save you the
    embarrassment of finding out later that if you do "device level"
    encrypt your system partition it's bye bye system and any other
    partitions you have on that drive. And you can't reinstall without
    blowing away Truecrypt. Your "boot drive" is a brick until you do.

    That's not whole disk encryption by anybody's definition. Even a
    loud mouth know-it-all wannabe's like you I suspect, but acute
    narcissism will prevent you from admitting it.
     
    Nomen Nescio, Feb 7, 2008
    #19
  20. On Feb 7, 1:45 am, Anonymous <> wrote:
    > nospamatall wrote:
    > > Casper wrote:
    > > >> No, it's not. With a two partition setup and both encrypted
    > > >> you can still see partition information booting from a LiveCD

    >
    > > >> It's NOT whole disk encryption. It was never advertised as
    > > >> such.

    >
    > > > Thank you for the info, I am glad you understand the difference
    > > > between asking for a password on boot up and having the whole
    > > > thing encrypted, too many people confuse these terms.

    >
    > > I can see that there is a difference, but why would it be
    > > important? If the entire disk is encrypted, how could you do
    > > anything with it?

    >
    > We were just discussing the issue of plausible deniability, and
    > determining if individual encrypted devices/volumes existed at all.
    > If you need to hide the fact that certain volumes exist then it
    > becomes an issue.
    >
    > I haven't tried it out yet, but the nice thing about system
    > partition encryption is that you should be able to create a hidden
    > volume on a system partition which would be truly invisible to the
    > host partition and any OS you have installed there. In theory, the
    > choice of passwords at boot time could switch back and forth
    > between two completely different and independent operating
    > environments. That's an even better alternative to running guest
    > operating systems under VMWare for some of us, if it's actually
    > possible.
    >
    > Has anyone played with this yet? I may have to hook a monitor up to
    > an old machine. ;)
    >
    >
    >
    >
    >
    > > Andy- Hide quoted text -

    >
    > - Show quoted text -- Hide quoted text -
    >
    > - Show quoted text -


    http://www.geocities.com/moparholick/index.html
     
    moparhoLICK is responsible for ALL the kb9rqz, gav, Feb 7, 2008
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nemo outis

    Truecrypt 3.0 has been released

    nemo outis, Dec 10, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    601
    Anonymous
    Dec 11, 2004
  2. Ari Silversteinn

    Re: Truecrypt 4 Released!

    Ari Silversteinn, Nov 2, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    553
    traveler
    Nov 2, 2005
  3. rinmanb70
    Replies:
    11
    Views:
    106,104
  4. nemo_outis

    Truecrypt 4.3 Released

    nemo_outis, Mar 20, 2007, in forum: Computer Security
    Replies:
    16
    Views:
    906
    Rick Merrill
    Mar 27, 2007
  5. nemo_outis

    Truecrypt 6.0 Released

    nemo_outis, Jul 6, 2008, in forum: Computer Security
    Replies:
    3
    Views:
    495
    Sparky
    Jul 6, 2008
Loading...

Share This Page