What is a good Windows XP file to store encrypted volumes

What is a good Windows XP file to store encrypted volumes
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
What is a good Windows XP file to store encrypted volumes Jane_G 01-19-2007
Posted by Jane_G on January 19, 2007, 2:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
What is a good filespec to hold an encrypted volume on WinXP?

Based on extensive googling, I installed the TrueCrypt freeware disk
encryption to safeguard my private files on a rather public computer.

TrueCrypt requires a file name to contain the rather large encrypted volume
file even if a hidden volume is used inside the regular encrypted volume.
For example, the file name containing the encrypted volume could be
C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin

To contain the TrueCrypt encrypted volume, I can choose any file name and
location that doesn't already exist. But, my question is what file name and
location would arouse the least suspicion were a coworker to be snooping
around looking for my personal data on my WinXP computer?

Specifically what binary file could reasonable be expected to be a few
megabytes in size, yet have a normal sounding name in a normal sounding
location containing "gibberish" (ie encrypted data) that would not arouse
suspicions that it is actually a TrueCrypt encrypted volume?

Posted by Sebastian Gottschalk on January 19, 2007, 4:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Jane_G wrote:

> TrueCrypt requires a file name to contain the rather large encrypted volume

No, it doesn't. You can also encrypt an entire partition.

> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?

Wild.Girls.swallow.everything.III.DVDRip.[PrOPer].Xvid.AC3.640x480.[3AC74AB].avi

> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?

Compressed movie files. In fact, for sufficient bad parameters, you can't
differ between a part of a broken video file, encrypted data and random
data.

If you want to go any further, there are steganographic file systems.
Seemingly not implemented yet, they'd simply split up the data in
sufficient small chunks, add MPEG headers and a main header at the front to
make it a genuine MPEG movie containing either garbage or encrypted data.

Posted by nemo_outis on January 19, 2007, 10:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted
> volume file even if a hidden volume is used inside the regular
> encrypted volume. For example, the file name containing the encrypted
> volume could be C:\Documents and Settings\Administrator\My TrueCrypt
> Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name
> and location that doesn't already exist. But, my question is what file
> name and location would arouse the least suspicion were a coworker to
> be snooping around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal
> sounding location containing "gibberish" (ie encrypted data) that
> would not arouse suspicions that it is actually a TrueCrypt encrypted
> volume?
>



The following will not fool a sysadmin (well, not a good one) but it works
very well against casual or inept snoops.

Hide the Truecrypt file as an "alternate file stream" attached to some
other file (which could itself be perfectly functional, such as an Excel
file). The hidden stream will not show in any normal system operation
(directory listings, etc.) although some (by no means all) antivirus
software may report it.

If the ordinary file you wish to use is, say, C:\directorypath\somefile.xls
then create (and subsequently mount and use) the Truecrypt file as, say, C:
\directorypath\somefile.xls:tc (i.e., the alternate file name - extent,
really - is defined as prefixed by the regular file name and a colon)

Regards,




Posted by David Eather on January 19, 2007, 12:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
nemo_outis wrote:
>
>> What is a good filespec to hold an encrypted volume on WinXP?
>>
>> Based on extensive googling, I installed the TrueCrypt freeware disk
>> encryption to safeguard my private files on a rather public computer.
>>
>> TrueCrypt requires a file name to contain the rather large encrypted
>> volume file even if a hidden volume is used inside the regular
>> encrypted volume. For example, the file name containing the encrypted
>> volume could be C:\Documents and Settings\Administrator\My TrueCrypt
>> Encrypted Volume.bin
>>
>> To contain the TrueCrypt encrypted volume, I can choose any file name
>> and location that doesn't already exist. But, my question is what file
>> name and location would arouse the least suspicion were a coworker to
>> be snooping around looking for my personal data on my WinXP computer?
>>
>> Specifically what binary file could reasonable be expected to be a few
>> megabytes in size, yet have a normal sounding name in a normal
>> sounding location containing "gibberish" (ie encrypted data) that
>> would not arouse suspicions that it is actually a TrueCrypt encrypted
>> volume?
>>
>
>
>
> The following will not fool a sysadmin (well, not a good one) but it works
> very well against casual or inept snoops.
>
> Hide the Truecrypt file as an "alternate file stream" attached to some
> other file (which could itself be perfectly functional, such as an Excel
> file). The hidden stream will not show in any normal system operation
> (directory listings, etc.) although some (by no means all) antivirus
> software may report it.
>
> If the ordinary file you wish to use is, say, C:\directorypath\somefile.xls
> then create (and subsequently mount and use) the Truecrypt file as, say, C:
> \directorypath\somefile.xls:tc (i.e., the alternate file name - extent,
> really - is defined as prefixed by the regular file name and a colon)
>
> Regards,
>
>
>
So, your saying it is OK that your security is not based on a
mathematical proof or a conjecture of the computational bounds of an
adversary, but rather based on the hope that the adversary is incompetent.

Do you see anything wrong with that?

Posted by nemo_outis on January 19, 2007, 2:25 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> nemo_outis wrote:
...
>> The following will not fool a sysadmin (well, not a good one) but it
>> works very well against casual or inept snoops.
>>
>> Hide the Truecrypt file as an "alternate file stream" attached to
>> some other file (which could itself be perfectly functional, such as
>> an Excel file). The hidden stream will not show in any normal system
>> operation (directory listings, etc.) although some (by no means all)
>> antivirus software may report it.
>>
>> If the ordinary file you wish to use is, say,
>> C:\directorypath\somefile.xls then create (and subsequently mount
>> and use) the Truecrypt file as, say, C:
>> \directorypath\somefile.xls:tc (i.e., the alternate file name -
>> extent, really - is defined as prefixed by the regular file name and
>> a colon)
>>
>> Regards,
>>
>>
>>
> So, your saying it is OK that your security is not based on a
> mathematical proof or a conjecture of the computational bounds of an
> adversary, but rather based on the hope that the adversary is
> incompetent.
>
> Do you see anything wrong with that?


Short answer: No, I see nothing wrong with that.

Longer answer:

The OP framed her question in terms of using nothing stronger than an
inconspicuous file. Compared to that, an alternate data stream is
leagues ahead.

Going further, the OP's threat model is coworkers who casually snoop,
folks who are, if not outright incompetent, clearly without special
resources or competence.

Against a sufficiently competent, well-funded, and motivated adversary -
especially one who has repeated unobserved direct access to the machine
as could happen in a work environment - I fell confident in saying there
is NO satisfactory method of disguising the use of Truecrypt.

So, the task is not to overdesign the system inordinately in a misguided
attempt to thwart the NSA. Instead, as with most security questions, the
real task is to implement a scheme appropriate to the specified threat
model.

And this is exactly what my suggested use of ADS in these circumstances
does. It is a convenient, readily implemented method that is entirely
suitable and appropriate for the described threat model.

Regards,



Similar ThreadsPosted
Any good free spyware scan that I can run in bat file so I can schedule it daily June 21, 2007, 10:32 am
Index.btr file in Windows XP Help please January 20, 2006, 12:56 pm
HELP. Windows file names changed September 29, 2006, 11:01 am
Evidence of file copy to external device on Windows 2000 / FAT 32 April 19, 2006, 4:05 am
Re: portably encrypting a file system's partition, directory and/or file November 25, 2005, 6:10 pm
Encrypted Anonymous Surfing January 1, 2006, 10:52 pm
Can you keep a secret? This encrypted drive can... October 30, 2006, 11:25 pm
Secure encrypted data backup? January 31, 2008, 3:10 pm
Encrypted backup of whole-disk encryption March 13, 2008, 11:50 am
Webmasterslookup launches Encrypted Messaging Service. March 10, 2008, 4:21 pm

The site map in XML format XML site map

Contact Us | Privacy Policy