OnPoint by Keith Ng

Read Post

OnPoint: The Big Guns: Truecrypt and Tails

68 Responses

First ←Older Page 1 2 3 Newer→ Last

  • Rich of Observationz, in reply to Chris Waugh,

    The European Court of Human Rights and indeed the English Supreme Court do a reasonable job. As indeed does our supreme court, when it gets a chance, see R v Morse, for instance.

    The problem is that we have a Buckley's bill of rights that is free to be ignored by politicians - if we made it supreme law (and added social rights and the Treaty to the mix) we'd be a lot better off.

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Ian Dalziel,

    Here's mud in your eye...
    Adobe seems to be made of straw and dirt and water...

    If you have Adobe Flash on your computer, and most of you do, you are probably being spied on and Adobe does their best not to let you know or do anything about it. Fundamentally, rich video content is only the drug Adobe wants you to get hooked on, but make no mistake, one of the main purposes of Flash is apparently to secretly compromise your privacy. Flash cookies allow online advertising networks to covertly and uniquely track your internet use. This is not only a PC problem, but affects Linux, Mac, and mobile devices that support Flash.

    source

    Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.

    source

    Christchurch • Since Dec 2006 • 7950 posts Report Reply

  • Gareth Swain,

    I've followed this series of posts with great interest. Thanks Keith.

    I have a question.

    What does all this mean for someone who:
    (a) Is not a journalist or a journalist's source; but
    (b) Has non-disclosure agreements with clients and wants to keep data secure, but is highly unlikely to be the target of any snoopery; and
    (c) Supports online privacy?

    Should I be looking into public/private keys, Truecrypt and the like? Would I get any practical benefit out of them?

    Japan • Since Apr 2013 • 45 posts Report Reply

  • Michael Homer, in reply to Gareth Swain,

    Public-key encryption isn't generally useful for data at rest. Ordinary ("symmetric") encryption with a passphrase does just as well in that case. The practical benefit of encrypting your stored data then is mostly that it will be inaccessible if your machines are lost or stolen. Truecrypt is one way of doing that.

    It doesn't actually hurt to encrypt anything you're sending over a public network, but the tradeoff of effort probably isn't worthwhile most of the time. The most bang for your buck is using SSL connections wherever possible, particularly if you're using a public wifi access point or the like.

    Wellington • Since Nov 2006 • 85 posts Report Reply

  • Paul Campbell,

    One thing that I think is important to understand about public key encryption is that it doesn't just encrypt your data, it also helps you prove your identity, because only you have the private key, only you can encrypt your message in a way that can be decrypted using your public key. In fact a lot of people use PKE to sign their email without actually encrypting the content.

    If say the NSA gets hold of Lavabit's private key then they can encrypt messages pretending to be from them (or create keys signed by them).

    Dunedin • Since Nov 2006 • 2622 posts Report Reply

  • Andrew C, in reply to Keith Ng,

    it should be impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created

    And this addresses Duane's concern from one of the opening comments. The outer truecrypt volume is viewed by the OS as one big file, so the innards of it (which contain the hidden volume) it would never be used for spare sectors.

    If you have access you can read the crypto keys out of memory

    True. But if someone has managed to get something like that into your system already you can consider yourself hosed, it's game over. Truecrypt etc are still useful for the situations where that hasn't happened, which I would hope would be the normal situation (?).

    Auckland • Since May 2008 • 169 posts Report Reply

  • Andrew C, in reply to Ian Dalziel,

    Flash cookies allow online advertising networks to covertly and uniquely track your internet use.

    Yeah, and as they are not "normal" cookies you cannot flush them like you do others. You can get rid of them, but its not an easy or intuitive thing to do.

    A big issue for Adobe is the massive number of security flaws it contains which can be (and are) exploited to allow baddies to get into your computer. Adobe software is constantly being updated to fix security glitches. It's probably the case that it has the same number of flaws as other things out on the net, however it's market penetration has meant it was heavily targeted.

    But who needs cookies for tracking your internet travels, when you can simply figure out who's visiting by their fingerprint (audio version here)

    Auckland • Since May 2008 • 169 posts Report Reply

  • Richard Love, in reply to BenWilson,

    Keith Ng:

    For journalists, obscurity is not an option.

    Ben Wilson:

    Why not? You can hide a memory stick somewhere, same as anyone else. Or put it "somewhere on the internet"...

    Because eventually a journalist publishes an article. Once this happens the fact that there might be additional (unpublished) information about sources etc ceases to be obscure. And motivated parties may try to look for this information, within the bounds of their technical and legal (joke!) capability.

    Since Jun 2009 • 25 posts Report Reply

  • Matthew Poole, in reply to BenWilson,

    The true OTP is actually safe from infinite computing power and storage.

    One of Clancy's novels (IIRC it's The Sum of All Fears) has an OTP system where the keying is based on transcription of atmospheric noise. Unless the SETI project has missed something, an OTP on that basis is rendered vulnerable only by someone doing something idiotic like reusing a pad.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • Matthew Poole, in reply to Stephen R,

    What the cops do then is say that your actions are evidence that you were up to no good, probably something criminal, and therefore they should be able to confiscate all your stuff under the proceeds of crime act, (which Labour proposed and National passed when they got in) which does not require conviction on a criminal charge, merely convincing [a judge?/ a jury?] that on the balance of probability, you were doing something naughty, and that although they can’t prove what it was, it was probably for making money, and therefore they want your house/car/goldfish as proceeds of a crime.

    Not quite. "They" have to convince a judge that, on the balance of probabilities, your stuff was bought with the proceeds of crime, hence the title of the Act. If you can point to a legitimate source of income that would have covered the purchase cost, the balance of probabilities says that you used that income to buy the computer; unless "they" can point to something like a cash transaction using marked bills that they paid to an informant who claims that you then sold them drugs, at which point you're kinda fucked.
    The PoCA is not really the fishing expedition you seem to think. It's there to get stuff off people who can't prove they had a legal means of getting the money to make the purchases. It's not there to allow seizure of stuff just because it might have been used for doing dodgy things. There are other criminal law provisions that allow for seizure of evidence (and just ask Mr Schmitz how broad-ranging and abusive the use of those particular powers can be!), but the standard required to get the necessary search warrant to make those seizures isn't even as high as balance of probabilities because there's only the police side of the case being presented. They don't get to keep your stuff, though, if you're acquitted, and even if you're convicted they still don't get to sell it unless they can meet the balance-of-probabilities test on the PoCA that the money used for purchase was not earned legitimately.

    If your only declared income is part-time crew at McDonald's but you just bought a Ferrari, and there's no sign of a family inheritance or Lotto win, you're probably not going to win the PoCA case. If the cops are trying to claim your beat-up seventh-hand 1987 Corolla, though, your income is more than adequate for it to be more likely than not that you earned the money through legal means. Both cases, of course, being based entirely on a police claim that the car was bought with the proceeds of crime, and there being no other evidence that points unequivocally one way or the other.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • Keith Ng, in reply to Gareth Swain,

    Should I be looking into public/private keys, Truecrypt and the like? Would I get any practical benefit out of them?

    Pretty much what Michael said. Your biggest risks are from accidental loss/opportunistic theft. Encrypting your hard drive (especially on your laptop) and USB drives is something you should definitely do.

    (c) Supports online privacy?

    Using VPN as a matter of course would be helpful - it doesn't help you much against a serious adversary, but it offers you a pretty decent level of privacy. Also, it's helpful for online privacy, because it creates more locked doors, which creates cover for everyone who actually needs it.

    Auckland • Since Nov 2006 • 543 posts Report Reply

  • Duane Griffin, in reply to Andrew C,

    And this addresses Duane’s concern from one of the opening comments. The outer truecrypt volume is viewed by the OS as one big file, so the innards of it (which contain the hidden volume) it would never be used for spare sectors.

    Not really.

    The scenario is that you've provided the adversary with the outer key and they are forensically examining the outer volume's decrypted filesystem image. Depending on various things, they may be able to look at the low-level pattern of activity and determine there is a space that it is avoiding, for no apparent reason. Given they know you are using TrueCrypt, and thus are aware of the possibility of hidden inner volumes, that anomalous behaviour is basically giving away the game.

    Now, this is a very narrow objection, and all very theoretical. In practice whether it is possible will depend on the size of the inner volume, how old and heavily used the outer filesystem is, how full it has ever got, and the precise implementation details of the filesystem in question.

    It would also need attention from very specialised and expensive experts (at least until those experts write software to automate the process). So, you know, probably not a real practical concern for most people. But then, most people won't be using this sort of technology in the first place.

    This brings us back to the more fundamental issue, that Jarno van der Linden raises, too: who is this technology actually useful for?

    It doesn't help if you are under continuous surveillance, as the adversary will just capture your keystrokes.

    It doesn't help against adversaries willing to use violence. They'll just break out the thumbscrews as soon as they see the encrypted partition, and you're in an even worse position if you don't actually have a secret to give them.

    It also wont help if they suspect it is being used, and care enough/have sufficient resources to convincingly argue that case.

    Actually Keith's case of a journalist protecting sources from the NZ government is possibly one of the very few times it might be useful. Just make sure the inner volume isn't too big, keep the outer volume mostly empty and, whatever you do, don't say anything to suggest you might use it!

    Palmerston North • Since Nov 2006 • 21 posts Report Reply

  • Matthew Poole, in reply to Matthew Poole,

    Also, a PoCA application isn't "balance of probabilities because the police say so". The person whose stuff is up for grabs is entitled to present evidence in support of their assertion that they had legal means of making the money, y'ronner.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • Jarno van der Linden, in reply to Matthew Poole,

    an OTP system where the keying is based on transcription of atmospheric noise

    Which works until the adversary finds out that is how the OTP is generated and starts to record the same data and match the ciphertext against it.

    Nelson • Since Oct 2007 • 82 posts Report Reply

  • Matthew Poole, in reply to Jarno van der Linden,

    Which works until the adversary finds out that is how the OTP is generated and starts to record the same data and match the ciphertext against it.

    Atmospheric noise is geographically distinct, so the attacker would need to be recording the same noise in the same three-dimensional space as well as achieving precise precise synchronisation down to fractions of a second.
    Knowing that it's keyed off atmospheric noise is actually not any help whatsoever, particularly if there are other things being done like XOR'ing against other input - say from a second listening station in another location.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • SteveH, in reply to Duane Griffin,

    The scenario is that you’ve provided the adversary with the outer key and they are forensically examining the outer volume’s decrypted filesystem image. Depending on various things, they may be able to look at the low-level pattern of activity and determine there is a space that it is avoiding, for no apparent reason.

    Most filesystems and devices don't provide any way to tell if a particular part of the storage has or hasn't been changed over time short of being able to compare two snapshots of the filesystem. However you must avoid creating accidental copies of the hidden volume's data as the same set of "random" data appearing in multiple places would be suspicious. So things like keeping image style backups or defragmenting the outer volume are not recommended. You must select the outer filesystem carefully - journaled filesystems (such as NTFS) can be a problem. Even what physical device hosts the outer volume must be carefully considered - SSDs for example contain wear-leveling algorithms that can copy sectors around and/or reveal information about which parts of the device have been modified.

    There are higher level attacks too - something as simple as a recent files list could reveal the presence of hidden volume. Or an outer volume that has been accessed recently but not modified could raise suspicions that the outer volume is a dummy.

    If you are careful in your use of the outer volume it is probably impossible to prove the existence of the inner volume unless the adversary has had access to the outer volume at more than one distinct point in time. But it's actually pretty difficult to use a hidden volume securely. See the Truecrypt documentation for a more complete list.

    Since Sep 2009 • 444 posts Report Reply

  • SteveH, in reply to BenWilson,

    "BTW the music industry already runs a world wide OTP distribution system – let’s both buy the same CD and use the LSBs of the waveforms"

    That's not an OTP. The OT being the part by which you can tell. When you use a segment of the OTP's key, you delete it. In the old days the key pieces were on small notepads so that the pages could be burned as they were used, which is where the name comes from. If there's other copies out there, it's a dreadfully insecure system.

    A OTP has certain requirements one of which is that it must be kept secret forever. Destroying it after use is one way to ensure secrecy, but it is not a requirement. Data retrieved from a commercial CD could be fine provided you do not reveal which CD you are using (better yet, don't reveal you're using a CD). However I don't know if using the least significant bit of each word on a CD would be sufficiently random.

    Since Sep 2009 • 444 posts Report Reply

  • BenWilson, in reply to SteveH,

    Destroying it after use is one way to ensure secrecy, but it is not a requirement

    No, but it's the least you can do. It's of no further use, and can only damage the security of the system.

    A OTP has certain requirements one of which is that it must be kept secret forever.

    Yup, and it's not secret by definition if there are thousands of publicly available copies of it floating around. Hence, that is not a one-time-pad. That's a thousands of times pad, and really insecure.

    However I don’t know if using the least significant bit of each word on a CD would be sufficiently random.

    It's definitely not what I'd use, even if I was using a OTP, which I probably wouldn't.

    Auckland • Since Nov 2006 • 10657 posts Report Reply

  • BenWilson, in reply to Richard Love,

    Because eventually a journalist publishes an article. Once this happens the fact that there might be additional (unpublished) information about sources etc ceases to be obscure. And motivated parties may try to look for this information, within the bounds of their technical and legal (joke!) capability.

    Yes, but if it's hidden obscurely it's no easier to find once they know it exists, than it was before they knew. It's a possibility for journalists. Not as secure, but within the bounds given (the attacker will not be the NSA and coercion is off the table), the difference is not practically a great deal. However, the difficulty of using TrueCrypt is not high so I think "why not?" is a pretty strong argument for using it if there's the least paranoia.

    Auckland • Since Nov 2006 • 10657 posts Report Reply

  • BenWilson, in reply to Matthew Poole,

    Depending on various things, they may be able to look at the low-level pattern of activity and determine there is a space that it is avoiding, for no apparent reason.

    I don’t think it works like that. If it doesn’t get the password of the hidden volume, it doesn’t know anything about it, and won’t necessarily avoid it. Presumably you have to mount the hidden volume when you’re using the system a lot, or you risk overwriting some of it. If I were designing it, I’d make the hidden volume data go from the end of the data space backwards, and all the other data go from the front, forwards, so that such overwriting would be unlikely until both volumes together were nearing the partition capacity, in case you wanted to work for extended periods without mounting the hidden volume (say you thought you were being observed). In that case, the avoidance of the end would be automatic and normal for the system anyway, and no proof of anything.

    ETA: This is @Duane, not Matthew. Don't know how that happened.

    Auckland • Since Nov 2006 • 10657 posts Report Reply

  • Richard Love, in reply to BenWilson,

    Yes, but if it's hidden obscurely it's no easier to find once they know it exists, than it was before they knew...

    Did you never play hide and seek as a child?

    The logic behind a search warrant, for example, is that it is much easier to find stuff once you start looking. There is certainly no guarrantee that a searcher will find something, but it is certainly much easier for him to do so once he starts looking for it.

    Since Jun 2009 • 25 posts Report Reply

  • BenWilson, in reply to Richard Love,

    My suggestions were not places that a search warrant makes any easier. A USB stick given to a friend, a file stored in an anonymous internet storage area, etc.

    Auckland • Since Nov 2006 • 10657 posts Report Reply

  • Richard Love, in reply to BenWilson,

    A USB stick given to a friend...

    See David Miranda.

    ...a file stored in an anonymous internet storage area, etc.

    See Lavabit.

    Since Jun 2009 • 25 posts Report Reply

  • Stephen R, in reply to BenWilson,

    a file stored in an anonymous internet storage area, etc.

    Assuming that the government is interested in you, if you upload the file from your home network, they probably know exactly where you stored the file. If you upload it from an internet cafe using a laptop that you use for other purposes, and you say, check your gmail from the same internet cafe using the same laptop, then they can probably find out where you stored the file.

    When David Petraeus was caught, it was because his lover checked her personal email from the same cafe wireless network that she'd checked their shared gmail account, and the FBI(?) checked all the places that that machine had browsed to, and identified her that way.

    Wellington • Since Jul 2009 • 259 posts Report Reply

  • Matthew Poole, in reply to BenWilson,

    even if I was using a OTP, which I probably wouldn’t.

    The problem with OTPs is that their use requires an initial secure distribution channel, which really limits their use for communications between people who have never met. The intelligence services make use of diplomatic conventions and spycraft, but most people don't have that option which means they've already got a highly secure communications conduit that negates the need for an OTP.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

First ←Older Page 1 2 3 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.