|
 |
Warp wrote:
> That may give them a hint that you might have encrypted files in your
> system, but they have no way of knowing which ones they are. TrueCrypt
> itself leaves no history anywhere.
They will depending on how you use it. The command line way of doing
things is:
truecrypt /path/to/file
That path will show up in the history. Of course, perhaps that's poor
usage - but last time I checked, the docs didn't mention the potential
problem.
In any case, fine: Let's say he doesn't use the command line.
If he navigated to the directory where it was mounted recently, that'll
show up in the history, and may give clues to its content. This will
give them a strong indication that there is a TC volume somewhere, and
they could ask him about it.
>> Or they could look to see if you have truecrypt installed.
>
> Still doesn't prove that you have encrypted files. You could simply say
> that you installed it a long time ago just to see how it works, or whatever.
Won't work if you navigated into it recently (command history).
>> Or they could look to see if you have unmounted truecrypt directories.
>> I tried it and at least on my computer, truecrypt doesn't automatically
>> delete those directories.
>
> You can choose whatever directory names you want to mount a TrueCrypt
> file system. Just use /tmp/tmp/ or whatever. Nothing suspicious about that.
Will have to look into that - been a while. I *do* recall that
initially TC wasn't working as expected, and *did* leave stuff around in
/tmp. Perhaps nothing too important, other than showing that TC did
exist and was being used. It doesn't anymore (don't remember what the
problem was).
>> As for hidden partition, I don't know the details. I believe an
>> analysis was done and they only guaranteed true hiddenness if you used
>> FAT as the filesystem of the hidden partition. More precisely, it was
>> shown that if you use ext3, there will likely be data elsewhere on the
>> HD that will hint that there is a hidden partition somewhere.
>
> Then use FAT? What's the problem?
Not obvious to folks on Linux that they shouldn't use ext3 on a TC
volume. Last I checked, the docs didn't imply additional security if you
use FAT.
>> There are other analyses. Let's say you make your "outer" TC partition
>> 30 GB. And inside it you make your hidden partition 10 GB. I read
>> somewhere that TC makes that 10 GB block contiguous. So when you give
>> the password to your outer TC, if they look they'll see that your data
>> (if you have enough of it), will be all over that 30 GB except for this
>> big block of 10 GB which has random data (which, to the FS, appears to
>> be free space). Now you could say that you just deleted a 10 GB file,
>> explaining that big unused contiguous block, but...
>
> AFAIK TrueCrypt puts random garbage at every free block for the precise
> reason that it's impossible to tell whether it's just that, random garbage,
> or a hidden partition.
Yes, but I think you miss my point. Or I don't understand how things
are stored on the HD.
The area occupied by the hidden partition will have random stuff in
it, but will appear to be "free" space by the FS (as in space available
for writing). A contiguous block of 10 GB, especially with actual data
around it, will look suspicious. Regardless of whether that space has
random data.
It's as if you just deleted 10 GB worth of contiguous material.
Possible, but not likely.
Of course, they can't *prove* anything with what I'm saying. And if you
think you could get into real trouble, it is of course better to just
deny. However, there is a risk in lying, and if you really don't have
much to hide, that risk can be quite high (at least in the US - say when
you're crossing the border).
--
"I think not," said Descartes, and promptly disappeared.
/\ /\ /\ /
/ \/ \ u e e n / \/ a w a z
>>>>>>mue### [at] nawaz org<<<<<<
anl
Post a reply to this message
|
|
