|
Posted by Sebastian Gottschalk on January 19, 2007, 3:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
nemo_outis wrote:
>> So, your saying it is OK that your security is not based on a
>> mathematical proof or a conjecture of the computational bounds of an
>> adversary, but rather based on the hope that the adversary is
>> incompetent.
>>
>> Do you see anything wrong with that?
>
> Short answer: No, I see nothing wrong with that.
Then I pity you for not understanding what security is, but still posting
in a.c.s . Security requires reliability, at least to a certain point,
which is the pure contrary of unjustified hope.
> And this is exactly what my suggested use of ADS in these circumstances
> does. It is a convenient, readily implemented method that is entirely
> suitable and appropriate for the described threat model.
It isn't. Just run LADS, Streams or one of those many many other utilities
and you'll easily see a very suspicious ADS.
|
|
Posted by nemo_outis on January 19, 2007, 4:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> nemo_outis wrote:
>
>>> So, your saying it is OK that your security is not based on a
>>> mathematical proof or a conjecture of the computational bounds of an
>>> adversary, but rather based on the hope that the adversary is
>>> incompetent.
>>>
>>> Do you see anything wrong with that?
>>
>> Short answer: No, I see nothing wrong with that.
>
> Then I pity you for not understanding what security is, but still
> posting in a.c.s . Security requires reliability, at least to a
> certain point, which is the pure contrary of unjustified hope.
>
>> And this is exactly what my suggested use of ADS in these
>> circumstances does. It is a convenient, readily implemented method
>> that is entirely suitable and appropriate for the described threat
>> model.
>
> It isn't. Just run LADS, Streams or one of those many many other
> utilities and you'll easily see a very suspicious ADS.
>
Thank you for your response. My confidence in the accuracy of my answer
is now greatly increased.
You see, Sebastian, you are what can be characterized as an "intelligent
fool." While not actually stupid, you are nonetheless so reliably and
consistenly wrong that sensible folks treat you as an amazingly accurate
"contrary indicator" and regard your condemnation instead as rock-solid
validation of their views.
You invariably want to use a sledgehammer to crack a peanut, and this
produces solutions that are so tiresome and onerous that no one would
ever be bothered implementing and using them (assuming, that is, that
they would work at all in spite of their needless complication and
intricacy). Your grandiose and overworked "solutions" are never suitable
to the problem. No, you propose them only in a puerile - and failed! -
attempt to seem knowledgeable.
So, yes, Sebastian, of course streams can be detected! Any hiding or
mislabelling technique is only suitable against casual adversaries. But,
of course, those were precisely the type of adversaries that were
specified!
However, as a variant of the "hiding" genre, using ADS is vastly superior
to using grossly oversized mislabelled file types. It is a highly
effective technique against casual (and some not-so-casual) snoops.
Regards,
|
|
Posted by Sebastian Gottschalk on January 19, 2007, 5:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> of course streams can be detected! Any hiding or
> mislabelling technique is only suitable against casual adversaries. But,
> of course, those were precisely the type of adversaries that were
> specified!
Then you just got the specification wrong.
> However, as a variant of the "hiding" genre, using ADS is vastly superior
> to using grossly oversized mislabelled file types.
Nonsense, since using such a bogus but well-known feature makes it way more
suspicious.
> It is a highly effective technique against casual (and some not-so-casual)
snoops.
As if those wouldn't know how to Google.
|
|
Posted by nemo_outis on January 19, 2007, 6:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> nemo_outis wrote:
>
>> of course streams can be detected! Any hiding or
>> mislabelling technique is only suitable against casual adversaries.
>> But, of course, those were precisely the type of adversaries that
>> were specified!
>
> Then you just got the specification wrong.
Congratulations, Sebastian! Your perfect record as a "contrary
indicator" who always gets it wrong has been extended.
No, Sebastian, it was NOT I who specified the type of adversaries but
rather the OP - to whom I then responded with an appropriate solution.
>> However, as a variant of the "hiding" genre, using ADS is vastly
>> superior to using grossly oversized mislabelled file types.
>
> Nonsense, since using such a bogus but well-known feature makes it way
> more suspicious.
Goddammit, you're thick, Sebastian! The original question posed was how
to make Truecrypt files less obvious to casual snoops at the OP's
workplace, not thwart the NSA.
If the adversaries suspecting use of Truecrypt had even minimal
competence they would first try, NOT to pore through the HD looking for
oversized mislabelled nonfunctional files (and, of course, far less for
ADS) but rather look for the presence of the Truecrypt driver and its
registry fingerprint which is blatantly there for anyone of non-casual
competence to see and which is awkward for an unskilled person, such as
the OP apparently is, to remove and replace regularly (sitting as it does
as a legacy driver in currentcontrolset).
We are, as the OP originally posed the problem, looking at adversaries
whose investigative repertoire does not even extend that far. And so I
guarantee that ADS will be far beyond the ability of such adversaries to
discover.
In short, Sebastian, the matter is settled; now all that remains is to
see how long you foolishly persist in your truculent stupidity.
Regards,
|
|
Posted by Sebastian Gottschalk on January 20, 2007, 3:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
> No, Sebastian, it was NOT I who specified the type of adversaries but
> rather the OP
And I told you that your misunderstood this specification. Now, what about
reading comprehension? Go figure!
> If the adversaries suspecting use of Truecrypt had even minimal
> competence they would first try, NOT to pore through the HD looking for
> oversized mislabelled nonfunctional files
Right. He would use Google to find a program which does that for him.
|
| Similar Threads | Posted | | Any good free spyware scan that I can run in bat file so I can schedule it daily | June 21, 2007, 10:32 am |
| Index.btr file in Windows XP Help please | January 20, 2006, 12:56 pm |
| HELP. Windows file names changed | September 29, 2006, 11:01 am |
| Evidence of file copy to external device on Windows 2000 / FAT 32 | April 19, 2006, 4:05 am |
| Re: portably encrypting a file system's partition, directory and/or file | November 25, 2005, 6:10 pm |
| Encrypted Anonymous Surfing | January 1, 2006, 10:52 pm |
| Can you keep a secret? This encrypted drive can... | October 30, 2006, 11:25 pm |
| Secure encrypted data backup? | January 31, 2008, 3:10 pm |
| Encrypted backup of whole-disk encryption | March 13, 2008, 11:50 am |
| Webmasterslookup launches Encrypted Messaging Service. | March 10, 2008, 4:21 pm |
|
XML site map