Silk Road forums
Discussion => Security => Topic started by: HardHustle on May 21, 2012, 01:51 am
-
Say I have the truecrypt files in my public records. Is it better to/Can I even move them to the encrypted disk? Is this advisable and more secure?
-
Pretty sure you need truecrypt to open your encrypted discs. Having truecrypt on your computer is not incriminating. If your stuff is encrypted, nobody can prove you have more than one encrypted volume because all the empty space is overwritten with random data. Don't hate me if that's not the exact way it works, I'm no computer science major, but with some help from some friendly members and some guides I've been able to encrypt my stuff.
-
You can put the truecrypt software on your removable USB. Go to tools and select "create traveller disc" you can then remove truecrypt from your computer. You can then use this portable truecrypt to create an encrypted volume alongside it on the disc to keep TOR and GPG4USB in. Ideally you should create a hidden volume within a decoy outer volume so that if forced to give up password you just reveal the password for outer volume.
The advantage of this is a) nothing on your computer ( although they may still be able to tell truecrypt has been used if they seize the box)
b) portability: you can run your encrypted stuff anywhere as you have truecrypt on the device.
Some people recommend encrypting their whole HD. however if you are going to only be ordering small amounts I prefer my system as anyone looking at your computer will think you have nothing to hide. I think in the UK refusing to reveal your password can be taken as evidence of guilt?
-
Hi Hungry Ghost,
Failing to provide encryption keys e.g a password is indeed a crime in the UK under RIPA (Regulation of Investigatory Powers Act) - you can face up to two years in jail for this.
Having said this, it is possible to use Plausible Denial in encryption whereby you can have two passwords for a computer, one for your "hidden" operating system and one for your every day one.
The principle also applies to Truecrypt containers - you can have a hidden part of the container with your personal info accessed using one password and then have another password which will lead the user to some other dummy files you can create.
It's quite easy to tell a computer has been encrypted using Truecrypt as the program installs a special bootloader which is necessary to prompt you for your password and actually decrypt the machine when you switch the computer on.
In theory it's not possible to prove a file contains Truecrypt data but in practice this is quite simple. However it is not currently possible to tell if a container has a hidden volume or not from analysis of the raw data alone.
USB sticks which have been entirely encrypted using Truecrypt also strongly resemble USB sticks which have been wiped using specialist software and as such if the Police do seize a flash drive encrypted in this way, it will be for them to prove that it is indeed encrypted. You may want to install a program like Heidi's Eraser on your hard drive to make this seem plausible.
V.
You can put the truecrypt software on your removable USB. Go to tools and select "create traveller disc" you can then remove truecrypt from your computer. You can then use this portable truecrypt to create an encrypted volume alongside it on the disc to keep TOR and GPG4USB in. Ideally you should create a hidden volume within a decoy outer volume so that if forced to give up password you just reveal the password for outer volume.
The advantage of this is a) nothing on your computer ( although they may still be able to tell truecrypt has been used if they seize the box)
b) portability: you can run your encrypted stuff anywhere as you have truecrypt on the device.
Some people recommend encrypting their whole HD. however if you are going to only be ordering small amounts I prefer my system as anyone looking at your computer will think you have nothing to hide. I think in the UK refusing to reveal your password can be taken as evidence of guilt?
-
Some people recommend encrypting their whole HD. however if you are going to only be ordering small amounts I prefer my system as anyone looking at your computer will think you have nothing to hide. I think in the UK refusing to reveal your password can be taken as evidence of guilt?
"The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to supply decrypted information and/or keys to government representatives. Failure to disclose carries a maximum penalty of two years in jail"
hxxp://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom
-
+1 to RandomOVDB for citing the exact law, please excuse my laziness everyone else!
V.
Some people recommend encrypting their whole HD. however if you are going to only be ordering small amounts I prefer my system as anyone looking at your computer will think you have nothing to hide. I think in the UK refusing to reveal your password can be taken as evidence of guilt?
"The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to supply decrypted information and/or keys to government representatives. Failure to disclose carries a maximum penalty of two years in jail"
hxxp://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom