Silk Road forums

Discussion => Security => Topic started by: bennybenzo on May 16, 2012, 08:41 am

Title: Truecrypt info
Post by: bennybenzo on May 16, 2012, 08:41 am
Hello silkroad anybody here know anything about encrypting your entire harddrive so no one can get to your files? i was also really wondering if once you encrypt your entire computer is there any negative effects from this will your computer act diffrently can it be undone or what is the whole sha -bang with this?
Title: Re: Truecrypt info
Post by: utopia on May 16, 2012, 09:36 am
Yeh read this for instructions: http://2po5jdzeffv2kyv3.onion/polyfront/wintruefield.html

Ideally you want a 'clean' os with a dirty installation you use for anything of legal uncertainty. You would need to use the clean os as much  as possible for plausible deniability. However, this might not be practicle due to hd size or the amount you want to use the dirty os. In this case you can encrypt the os hd without a hidden os. Use a password 20+ characters which are random (no words), contains capitals, numbers and preferably symbols. Keep this password in your head and NOWHERE ELSE - don't even write it down once.

Yes this can be  undone fairly easily using truecrypt. Your computer will take longer to boot from hibernation (it has to decrypt a large file). It may cause a slight slowing of performance but in my experience that's not too bad. You should also work out whether it's illegal to withhold encryption keys in your local jurisdiction - it will not keep you out of jail if it is but it will probably protect other people (by not revealing their details - crucial if you are vendor) and make it harder to prosecute you on the crime which they think you are guilty of.
Title: Re: Truecrypt info
Post by: danknugsdun on May 16, 2012, 09:46 am
Not revealing your encryption keys to LE in the UK is illegal and punishable under the Regulations of Investigatory Powers Act 2000 which carries a maximum sentence of 2 years. Which is probably a lot shorter than if you was to give them your keys and find out that you have been; drug dealing, money laundering, arms trader etc....
Title: Re: Truecrypt info
Post by: Banjo on May 16, 2012, 03:51 pm
Quote
Not revealing your encryption keys to LE in the UK is illegal and punishable under the Regulations of Investigatory Powers Act 2000

In those cases, you should set up something as described here: (taken from documentation found on truecrypt.org)
Quote
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

See http://www.truecrypt.org/docs/?s=hidden-volume for more details. Basically, you create two volumes: one that you actually want to protect, and the other that you use if someone is forcing you to reveal your password.
Title: Re: Truecrypt info
Post by: danknugsdun on May 16, 2012, 04:02 pm
The thing is Banjo you can clearly differentiate between the two volumes.

I wouldn't like to say how but it is probably the most simplest thing ever.

Dank
Title: Re: Truecrypt info
Post by: Banjo on May 16, 2012, 04:11 pm
Quote
The thing is Banjo you can clearly differentiate between the two volumes.

I wouldn't like to say how but it is probably the most simplest thing ever.
Actually, it's nearly impossible.

Again, directly from their documentation:
Quote
The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

When you create a truecrypt volume, (even if you encrypt your entire HD, truecrypt considers this a volume) it encrypts the entire volume, including free space. When you create another hidden volume within a truecrypt volume, it's just more random data. Truecrypt volumes do not have any sort of signature. It's completely random data from start to end. Therefore, it is impossible to distinguish the random data that is a hidden truecrypt volume from random data that's just free space.
Title: Re: Truecrypt info
Post by: kmfkewm on May 16, 2012, 04:13 pm
you wouldn't like to say how = you don't have a clue how

there are some ways to make a good guess though

http://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html
www.zdnet.co.uk/news/security/0,1000000189,39448526,00.htm

poor mans deniable encryption may be the best after all...boot loader on a USB full drive encrypted and argue that you shredded it so there is nothing to decrypt and the keys you have up don't work anymore but are the most recent keys...

In a pure cryptanalysis sense Truecrypts deniability may be near perfect, but when you add an OS and applications etc on top of that you have issues that start to come up.
Title: Re: Truecrypt info
Post by: CaptainSensible on May 16, 2012, 07:12 pm
Since the fact that Truecrypt can create a hidden volume within an outer volume is well known, it concerns me that LE may eventually come to demand two passwords to your Truecrypt volume.  If you reveal the password to the outer volume and LE doesn't find what they're looking for, what's to keep them from detaining you on the charge that you have not fully complied when asked to reveal a password? 

It's common knowledge that a Truecrypt volume can have two passwords, and given this fact I wonder how well the concept of "plausible deniability" would hold up.

There are many cases of people being convicted for failure to reveal their Truecrypt password.  As LE encounters more Truecrypt volumes I wouldn't be surprised if we see people charged, and perhaps convicted, on the claim that there was a second password that the accused would not reveal.
Title: Re: Truecrypt info
Post by: frank-butcher24 on May 16, 2012, 07:18 pm

It's common knowledge that a Truecrypt volume can have two passwords, and given this fact I wonder how well the concept of "plausible deniability" would hold up.



As long as it is possible to create a Truecrypt volume with EITHER one OR two passwords, your deniability is plausible. Is it likely you created a volume with only one password? No. Is it plausible? Yes.
Title: Re: Truecrypt info
Post by: Banjo on May 16, 2012, 07:28 pm
Quote
There are many cases of people being convicted for failure to reveal their Truecrypt password

I'll send you .5btc if you can provide links to at least three such cases. I'm completely serious, as if there are such cases, I'd like to know about them.

In the US at least, in the case of United States of America vs. John Doe, 25-Mar-2011 the 11th Circuit Court of Appeals ruled that forcing a user to reveal his encryption password violates his 5th Amendment right against self-incrimination.
[WARNING: clearnet government site PDF]
http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf
[/WARNING]
Title: Re: Truecrypt info
Post by: frank-butcher24 on May 16, 2012, 07:51 pm
I believe Vladimir said in another thread recently that he knows of 3 cases where people have been convicted for a year. This is in the UK, where our last government made it a crime not to reveal your passwords when asked to do so.

People shouldn't forget that plausible deniability is pretty much your last tool in the toolbox. Think about it. If you're in a situation where you have to use it, you're already pretty fucked. I mean, you've been arrested. You may have been under surveillance for some time. They've seized your hardware and located an encrypted file, and are threatening to convict you of a crime unless you reveal the password.

It's a dire situation to be in for sure... being able to provide a key which "unlocks" the encrypted file may, just may, save your skin though.

Plausible deniability is something I'd hate to be without, but damn, you want to be sure you're never in a situation to have to use it.
Title: Re: Truecrypt info
Post by: vlad1m1r on May 16, 2012, 08:38 pm
An excellent point Frank,

Plausible deniability needs to be seen as a final "layer" of your security.

Obviously your first defence lies in your discretion and anonymity. You're not ostentatious and don't visibly break the law.

Your online activities are (hopefully) Torified and I would hope you all encrypt any personally identifying information with GPG.

The Police would obviously need to arrest you for a chargeable offence or obtain a search warrant from a J.P in order to discover you had a machine containing encrypted data before they can require you to hand over your keys.

If you do employ Plausible denial encryption, I would suggest you refuse to comment during interview and ask to see your Solicitor privately. Give them the "safe" password and have them prepare a written statement saying that you wish to surrender it to the Police and that you refuse to answer any further questions. Your Legal Adviser can read this out for you.

 If they start trying to press you about a second password, your Solicitor will then remind them that you have already entered a statement into the record. If the case comes to trial it will be much more difficult for adverse inferences to be drawn from your silence as you'll be able to present a defence entirely consistent with your original statement.

I saw comments earlier saying it was easy to tell the difference between a Truecrypt container with a hidden volume and one without.

While it is possible that a hidden Operating System can leak information, the same is not true of a Truecrypt container. As far as I know, short of bruteforcing a container on the offchance there's a hidden volume there is no way to prove its existence.

News articles of people who have been found guilty of breaching RIPA by refusing to hand a password to the Police:

http://www.bbc.co.uk/news/uk-england-11479831

https://blog.ironkey.com/?p=842

http://www.indymedia.org.uk/en/2007/11/385589.html

V.

I believe Vladimir said in another thread recently that he knows of 3 cases where people have been convicted for a year. This is in the UK, where our last government made it a crime not to reveal your passwords when asked to do so.

People shouldn't forget that plausible deniability is pretty much your last tool in the toolbox. Think about it. If you're in a situation where you have to use it, you're already pretty fucked. I mean, you've been arrested. You may have been under surveillance for some time. They've seized your hardware and located an encrypted file, and are threatening to convict you of a crime unless you reveal the password.

It's a dire situation to be in for sure... being able to provide a key which "unlocks" the encrypted file may, just may, save your skin though.

Plausible deniability is something I'd hate to be without, but damn, you want to be sure you're never in a situation to have to use it.
Title: Re: Truecrypt info
Post by: danknugsdun on May 16, 2012, 08:49 pm
I was just about to earn myself .5 btc until vlad beat me too it.

Going back to the case of being able to differentiate between the two volumes;

When mounting your drive in TrueCrypt you have the option to load the bogus volume or the hidden volume dependent on your password credentials.

Mounting bogus comes up as 'Normal' under the Type column in TrueCrypt.
Mounting the hidden drive comes up as 'Hidden' under the Type column in TrueCrypt.

I understand the plausible dependability situation although I'm sure most LE know by now how to use TrueCrypt FFS. I'm also pretty sure there will come a time where what Captain Sensible stated two passwords will need to be revealed if they have substantial belief you may be holding a hidden volume.

Banjo quit it with your fucking condescending attitude, you came here with a question and then your bitching and whining about peoples answers.
Title: Re: Truecrypt info
Post by: Banjo on May 16, 2012, 08:59 pm
Quote
Banjo quit it with your fucking condescending attitude, you came here with a question and then your bitching and whining about peoples answers.

I didn't come here with a question... I'm not even the OP. What are you talking about? I'm bitching about other people's incorrect answers and/or clear misunderstanding of how entire volume with hidden volume encryption works. Telling people that there is no reasonable way for an attacker to know that you're using a hidden volume isn't condescending. It's helping people with one part of a secure system.

Vladimir: thank you sir. PM me the address where you'd like your coins.
Title: Re: Truecrypt info
Post by: vlad1m1r on May 16, 2012, 09:01 pm
Hi Dankungsdun,

Feel free to take the half Bitcoin on me, my pleasure.

V.

I was just about to earn myself .5 btc until vlad beat me too it.

Going back to the case of being able to differentiate between the two volumes;

When mounting your drive in TrueCrypt you have the option to load the bogus volume or the hidden volume dependent on your password credentials.

Mounting bogus comes up as 'Normal' under the Type column in TrueCrypt.
Mounting the hidden drive comes up as 'Hidden' under the Type column in TrueCrypt.

I understand the plausible dependability situation although I'm sure most LE know by now how to use TrueCrypt FFS. I'm also pretty sure there will come a time where what Captain Sensible stated two passwords will need to be revealed if they have substantial belief you may be holding a hidden volume.

Banjo quit it with your fucking condescending attitude, you came here with a question and then your bitching and whining about peoples answers.
Title: Re: Truecrypt info
Post by: frank-butcher24 on May 16, 2012, 09:02 pm
Yes but creating a single layer volume, then mounting it comes up as 'Normal' too.

So there is no visible difference between having a real single layer volume and mounting it, and having a dual layer volume and mounting the outer volume.

Both look precisely the same, so you are able to mount the outer volume, and deny there is an inner one.

You are correct that they won't believe you, because they will indeed know all about dual layer encryption! But plausible deniability isn't about what they believe. It is about giving you one final chance of possibly getting out of what they're trying to pin on you.
Title: Re: Truecrypt info
Post by: vlad1m1r on May 16, 2012, 09:03 pm
Correct on all counts Frank. +1.

V.

Yes but creating a single layer volume, then mounting it comes up as 'Normal' too.

So there is no visible difference between having a real single layer volume and mounting it, and having a dual layer volume and mounting the outer volume.

Both look precisely the same, so you are able to mount the outer volume, and deny there is an inner one.

You are correct that they won't believe you, because they will indeed know all about dual layer encryption! But plausible deniability isn't about what they believe. It is about giving you one final chance of possibly getting out of what they're trying to pin on you.
Title: Re: Truecrypt info
Post by: danknugsdun on May 16, 2012, 09:21 pm
Hi Dankungsdun,

Feel free to take the half Bitcoin on me, my pleasure.

V.

I was just about to earn myself .5 btc until vlad beat me too it.

Going back to the case of being able to differentiate between the two volumes;

When mounting your drive in TrueCrypt you have the option to load the bogus volume or the hidden volume dependent on your password credentials.

Mounting bogus comes up as 'Normal' under the Type column in TrueCrypt.
Mounting the hidden drive comes up as 'Hidden' under the Type column in TrueCrypt.

I understand the plausible dependability situation although I'm sure most LE know by now how to use TrueCrypt FFS. I'm also pretty sure there will come a time where what Captain Sensible stated two passwords will need to be revealed if they have substantial belief you may be holding a hidden volume.

Banjo quit it with your fucking condescending attitude, you came here with a question and then your bitching and whining about peoples answers.

Haha I was just kidding donate it to Limetless, he's so helpful around the community.

Also apologies if my answers were construed as 'you can go to prison for denying you can have a hidden volume'
Title: Re: Truecrypt info
Post by: Banjo on May 16, 2012, 09:28 pm
Quote
Haha I was just kidding donate it to Limetless, he's so helpful around the community.
Hahaha, "Here Limitless, you get .5 btc because Vladimir gave Banjo three links he'd asked for". While I agree Limitless does a lot for the community, I decided to send it to Erowid.