Silk Road forums
Discussion => Security => Topic started by: BitShuffle on July 04, 2011, 07:12 pm
-
While I have been a longtime fan of TrueCrypt and Eraser, I discovered a "gotcha" that perhaps others should know.
If you have a TrueCrypt volume with "plausible deniability", don't ever use Eraser on the "deniable" version of the drive.
I moved a few things from my deniable volume to my secret volume, using my C:/ drive in between mounts and dismounts.
I was certainly clever enough to use Eraser on anything that hit my C:/ drive during the transfer.
Then I thought I would be clever enough to use Eraser on my deniable volume, thinking that if I ever had to give up the pw, there would be nothing left behind if it was Eraser'd.
The problem is that when one uses Eraser on the deniable volume, the contents of the secret volume gets disappeared. That is, after doing an Eraser on the deniable volume, the secret volume shows up as "unformatted" and all data is lost.
For me, I was lucky. I only lost $0.008 Bitcoin in a wallet.dat file and $0.008 BTC is not enough to whine about.
But I share this because its a mistake that could be easily repeated, and I would hate for someone to lose a phat wallet.dat of Bitcoin.
- Bit
-
Just out of curiosity, did you Erase files or free space on the TrueCrypt volume?
-
Just out of curiosity, did you Erase files or free space on the TrueCrypt volume?
I did a free-space erase on the deniable volume... It wiped out the secret stuff.
Like I said, the only thing I'm really bummed about losing is a Bitcoin wallet.dat file.
-
> I did a free-space erase on the deniable volume...
That's sort of what I figured. I've inadvertently used Erase's "secure move" function on individual files in a TC encrypted partition before, seemingly without incident.
-
Wow thanks for the tip. Eraser and TrueCrypt are my favorite two programs. I just lost a encrypted flash drive full of info . I feel your pain.
-
You didn't follow the correct procedure when you mounted the drive you ran Eraser on. If you had followed the correct procedure, it would not be possible to damage the hidden volume.
When you mount your 'encrypted volume' (as opposed to what is referred to as a 'hidden volume' which resides undectably within an encrypted volume), click on [Mount Options] and in the window that pops up, check the option [Protect hidden volume against damage caused by writing to outer volume] and enter the passphrase for the hidden volume - it needs this to determine the boundaries of the hidden volume.
If an attempt is made to write to the protected portion of the disk, the complete disk is automatically write-protected to safeguard the hidden volume and ensure plausible deniability.
This is why you MUST ALWAYS select the option to protect the hidden drive when mounting your encrypted drive. If you don't, a random system file write anywhere on the disk could wipe out some data, or your complete hidden volume if it overwrites the hidden volume header. Go through the docs at trucrypt until you understand them completely, starting with www.truecrypt.org/docs/?s=hidden-volume-protection
In the future rather than moving files and then erasing the free space, copy the files to the new location, and then securly delete the old files AFTER you have confirmed the integrity of the new copies. If you make a habit of always doing this, all the free space on your disk will never have any leftover data on it, and you will never lose valuable data if your computer has a hiccup during a 'secure move'.
Everyone who has played with TrueCrypt and/or PGP has either deleted stuff they were trying to keep, or encrypted stuff so that nobody, including themselves, could ever recover it. It's all part of the learning process, and it sounds like you got off lightly this time.
-
Thnx for the 411, Shabang.
I seldom mount my plausibly deniable volume, but will keep that in mind for future reference.
- Bit