Re: disk encryption; hidden containers
On Thu, 24 Jul 2008, Greg Larkin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duane Hill wrote: | On Fri, 18 Jul 2008, Greg Larkin wrote: | |> -BEGIN PGP SIGNED MESSAGE- |> Hash: SHA1 |> |> Chad Perrin wrote: |> | On Fri, Jul 18, 2008 at 10:01:54PM +0100, RW wrote: |> |> On Fri, 18 Jul 2008 21:06:57 +0100 |> |> RW <[EMAIL PROTECTED]> wrote: |> |> |> |>> On Fri, 18 Jul 2008 09:56:24 -0600 |> |>> Chad Perrin <[EMAIL PROTECTED]> wrote: |> |>> |> |>>> My preliminary searches on the subject suggest that neither GBDE nor |> |>>> GELI encryption offers hidden volume/container capabilities. |> |>> Are you talking about steganography? |> |> Sorry, I guess you're talking about volumes hidden in the unused space |> |> on a filesystem. I don't think there's anything. I'm not sure |> |> what the status of truecrypt is, I've heard some talk about it running |> |> on freebsd eventually. |> |> |> |> It would be a start for geli to be able to encrypt its metadata. |> | |> | So, are those basically my choices -- either wait for GBDE or GELI to |> | acquire that capability, or write it myself (which is not something I'm |> | prepared to do right now)? Bummer. |> | |> | Well . . . or wait for something else like TrueCrypt to get ported to |> | FreeBSD, I suppose. |> | |> |> Hi Chad, |> |> There is a beta version of the TrueCrypt 5.1a port out there. See: |> http://lists.freebsd.org/pipermail/freebsd-ports/2008-May/048432.html. |> |> I tried it in a VMware virtual machine a couple of months ago and it |> hung pretty consistently when copying files into the container. It's |> entirely possible that the problem was related to the virtual |> environment, so YMMV. | | What VMWare version were you using and what OS and version hosted the VM? | | I only ask as I have been searching for this myself. | | Currently, I am using a commercial product under Linux and Windoes | called BestCrypt by Jetico (http://www.jetico.com). | | I have VMware installed currently under Windoes Vista. VMware version is | 6.0.4-93057. I haven't had any issues thus far running a number of | FreeBSD guest OSes. | | If your version is less than what I'm running, I would be willing to | install and test. | Hi Duane, I originally tested the TC port inside of VMware Player 1.0.5 running on Win XP SP2. Do you think the hang could be caused by the version of VMware software that hosts the VM? I've been thinking about purchasing VMware Workstation, and if I do that, I'll test there as well. That could be. You could download the free VMware Server and try that first before purchasing VMware Workstation. It runs much the same. -d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duane Hill wrote: | On Fri, 18 Jul 2008, Greg Larkin wrote: | |> -BEGIN PGP SIGNED MESSAGE- |> Hash: SHA1 |> |> Chad Perrin wrote: |> | On Fri, Jul 18, 2008 at 10:01:54PM +0100, RW wrote: |> |> On Fri, 18 Jul 2008 21:06:57 +0100 |> |> RW <[EMAIL PROTECTED]> wrote: |> |> |> |>> On Fri, 18 Jul 2008 09:56:24 -0600 |> |>> Chad Perrin <[EMAIL PROTECTED]> wrote: |> |>> |> |>>> My preliminary searches on the subject suggest that neither GBDE nor |> |>>> GELI encryption offers hidden volume/container capabilities. |> |>> Are you talking about steganography? |> |> Sorry, I guess you're talking about volumes hidden in the unused space |> |> on a filesystem. I don't think there's anything. I'm not sure |> |> what the status of truecrypt is, I've heard some talk about it running |> |> on freebsd eventually. |> |> |> |> It would be a start for geli to be able to encrypt its metadata. |> | |> | So, are those basically my choices -- either wait for GBDE or GELI to |> | acquire that capability, or write it myself (which is not something I'm |> | prepared to do right now)? Bummer. |> | |> | Well . . . or wait for something else like TrueCrypt to get ported to |> | FreeBSD, I suppose. |> | |> |> Hi Chad, |> |> There is a beta version of the TrueCrypt 5.1a port out there. See: |> http://lists.freebsd.org/pipermail/freebsd-ports/2008-May/048432.html. |> |> I tried it in a VMware virtual machine a couple of months ago and it |> hung pretty consistently when copying files into the container. It's |> entirely possible that the problem was related to the virtual |> environment, so YMMV. | | What VMWare version were you using and what OS and version hosted the VM? | | I only ask as I have been searching for this myself. | | Currently, I am using a commercial product under Linux and Windoes | called BestCrypt by Jetico (http://www.jetico.com). | | I have VMware installed currently under Windoes Vista. VMware version is | 6.0.4-93057. I haven't had any issues thus far running a number of | FreeBSD guest OSes. | | If your version is less than what I'm running, I would be willing to | install and test. | Hi Duane, I originally tested the TC port inside of VMware Player 1.0.5 running on Win XP SP2. Do you think the hang could be caused by the version of VMware software that hosts the VM? I've been thinking about purchasing VMware Workstation, and if I do that, I'll test there as well. Best regards, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIiJso0sRouByUApARAs5NAJ0bRZ8fy999dI8iNAzTJyyp/suFwQCfTb1c o8LUGif4bOd17yrJzQLAhjU= =bZWc -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
will know that it exist, being unable to read what's inside. It depends where you live. In some places out there, having encrypted ^^ Within few years it won't. now it mostly doesn't. everywhere everyone is treated as criminal... data alone is already suspicious and can put you a risk, physically and for real. well partition looking mostly as random data is suspicious too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Tue, Jul 22, 2008 at 08:49:36PM +0200, Wojciech Puchar wrote: > >> To locate them, all a cyrptanalyst has to do is to look out for > >> regions on the partition with very high entropy, > > > > The trick is to hide the volume somewhere that is legitimately filled > > with random numbers. > > > why hiding the ENCRYPTED partition at all? what's a problem someone else > will know that it exist, being unable to read what's inside. It depends where you live. In some places out there, having encrypted data alone is already suspicious and can put you a risk, physically and for real. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
To locate them, all a cyrptanalyst has to do is to look out for regions on the partition with very high entropy, The trick is to hide the volume somewhere that is legitimately filled with random numbers. why hiding the ENCRYPTED partition at all? what's a problem someone else will know that it exist, being unable to read what's inside. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Tue, 22 Jul 2008 17:47:42 +0200 cpghost <[EMAIL PROTECTED]> wrote: > On Fri, Jul 18, 2008 at 09:56:24AM -0600, Chad Perrin wrote: > > My preliminary searches on the subject suggest that neither GBDE > > nor GELI encryption offers hidden volume/container capabilities. > > Are there any plans for implementing this in the future? What disk > > encryption softoware would you recommend for use with FreeBSD to > > provide hidden containers? > > Unless the containers are spread randomly across the partition > and are small enough, they WILL appear very prominently, because > they will usually have maximun entropy. > > To locate them, all a cyrptanalyst has to do is to look out for > regions on the partition with very high entropy, The trick is to hide the volume somewhere that is legitimately filled with random numbers. One simple way to do this is to simply argue that an encrypted partition was previously an ordinary partition has been securely erased by filling it with random numbers. Since this is a reasonable thing to do, it provides a significant level of plausible deniability. Unfortunately you can't do this with geli, because it's actually designed to be detectable (I'm not sure about gbde). Some encryption software goes much further by allowing one or more levels of nesting within volumes. The way it works is that you create a normal volume, put in some dummy files, and then create a second level container in the freespace. Since it's good practice to prefill freespace with random numbers, and some encryption software does it automatically, it's very had to detect the second level. The advantage of this is that even if someone knows that you are using encryption, and can compel you to give-up the passphase, you can still keep the real secrets hidden. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Fri, Jul 18, 2008 at 09:56:24AM -0600, Chad Perrin wrote: > My preliminary searches on the subject suggest that neither GBDE nor GELI > encryption offers hidden volume/container capabilities. Are there any > plans for implementing this in the future? What disk encryption > softoware would you recommend for use with FreeBSD to provide hidden > containers? Unless the containers are spread randomly across the partition and are small enough, they WILL appear very prominently, because they will usually have maximun entropy. To locate them, all a cyrptanalyst has to do is to look out for regions on the partition with very high entropy, and to proceed by elimination (e.g. by trying to decompress files or looking for specific markers in, say, MPEG files and what not). Hiding encrypted contents is not as easy as it may seem... -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Fri, 18 Jul 2008, Greg Larkin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Perrin wrote: | On Fri, Jul 18, 2008 at 10:01:54PM +0100, RW wrote: |> On Fri, 18 Jul 2008 21:06:57 +0100 |> RW <[EMAIL PROTECTED]> wrote: |> |>> On Fri, 18 Jul 2008 09:56:24 -0600 |>> Chad Perrin <[EMAIL PROTECTED]> wrote: |>> |>>> My preliminary searches on the subject suggest that neither GBDE nor |>>> GELI encryption offers hidden volume/container capabilities. |>> Are you talking about steganography? |> Sorry, I guess you're talking about volumes hidden in the unused space |> on a filesystem. I don't think there's anything. I'm not sure |> what the status of truecrypt is, I've heard some talk about it running |> on freebsd eventually. |> |> It would be a start for geli to be able to encrypt its metadata. | | So, are those basically my choices -- either wait for GBDE or GELI to | acquire that capability, or write it myself (which is not something I'm | prepared to do right now)? Bummer. | | Well . . . or wait for something else like TrueCrypt to get ported to | FreeBSD, I suppose. | Hi Chad, There is a beta version of the TrueCrypt 5.1a port out there. See: http://lists.freebsd.org/pipermail/freebsd-ports/2008-May/048432.html. I tried it in a VMware virtual machine a couple of months ago and it hung pretty consistently when copying files into the container. It's entirely possible that the problem was related to the virtual environment, so YMMV. What VMWare version were you using and what OS and version hosted the VM? I only ask as I have been searching for this myself. Currently, I am using a commercial product under Linux and Windoes called BestCrypt by Jetico (http://www.jetico.com). I have VMware installed currently under Windoes Vista. VMware version is 6.0.4-93057. I haven't had any issues thus far running a number of FreeBSD guest OSes. If your version is less than what I'm running, I would be willing to install and test. -d ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Perrin wrote: | On Fri, Jul 18, 2008 at 10:01:54PM +0100, RW wrote: |> On Fri, 18 Jul 2008 21:06:57 +0100 |> RW <[EMAIL PROTECTED]> wrote: |> |>> On Fri, 18 Jul 2008 09:56:24 -0600 |>> Chad Perrin <[EMAIL PROTECTED]> wrote: |>> |>>> My preliminary searches on the subject suggest that neither GBDE nor |>>> GELI encryption offers hidden volume/container capabilities. |>> Are you talking about steganography? |> Sorry, I guess you're talking about volumes hidden in the unused space |> on a filesystem. I don't think there's anything. I'm not sure |> what the status of truecrypt is, I've heard some talk about it running |> on freebsd eventually. |> |> It would be a start for geli to be able to encrypt its metadata. | | So, are those basically my choices -- either wait for GBDE or GELI to | acquire that capability, or write it myself (which is not something I'm | prepared to do right now)? Bummer. | | Well . . . or wait for something else like TrueCrypt to get ported to | FreeBSD, I suppose. | Hi Chad, There is a beta version of the TrueCrypt 5.1a port out there. See: http://lists.freebsd.org/pipermail/freebsd-ports/2008-May/048432.html. I tried it in a VMware virtual machine a couple of months ago and it hung pretty consistently when copying files into the container. It's entirely possible that the problem was related to the virtual environment, so YMMV. Best regards, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIgRju0sRouByUApARAv+YAJ9tD3AZfXeFjJlwX3jdAu37obGAxQCeMcwL Xo+7frfIpY05QUfrYD1geGw= =ebWS -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Fri, Jul 18, 2008 at 10:01:54PM +0100, RW wrote: > On Fri, 18 Jul 2008 21:06:57 +0100 > RW <[EMAIL PROTECTED]> wrote: > > > On Fri, 18 Jul 2008 09:56:24 -0600 > > Chad Perrin <[EMAIL PROTECTED]> wrote: > > > > > My preliminary searches on the subject suggest that neither GBDE nor > > > GELI encryption offers hidden volume/container capabilities. > > > > Are you talking about steganography? > > Sorry, I guess you're talking about volumes hidden in the unused space > on a filesystem. I don't think there's anything. I'm not sure > what the status of truecrypt is, I've heard some talk about it running > on freebsd eventually. > > It would be a start for geli to be able to encrypt its metadata. So, are those basically my choices -- either wait for GBDE or GELI to acquire that capability, or write it myself (which is not something I'm prepared to do right now)? Bummer. Well . . . or wait for something else like TrueCrypt to get ported to FreeBSD, I suppose. -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Alan Perlis: "LISP programmers know the value of everything and the cost of nothing." pgpzUXl7rG9Ph.pgp Description: PGP signature
Re: disk encryption; hidden containers
On Fri, 18 Jul 2008 21:06:57 +0100 RW <[EMAIL PROTECTED]> wrote: > On Fri, 18 Jul 2008 09:56:24 -0600 > Chad Perrin <[EMAIL PROTECTED]> wrote: > > > My preliminary searches on the subject suggest that neither GBDE nor > > GELI encryption offers hidden volume/container capabilities. > > Are you talking about steganography? Sorry, I guess you're talking about volumes hidden in the unused space on a filesystem. I don't think there's anything. I'm not sure what the status of truecrypt is, I've heard some talk about it running on freebsd eventually. It would be a start for geli to be able to encrypt its metadata. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
On Fri, 18 Jul 2008 09:56:24 -0600 Chad Perrin <[EMAIL PROTECTED]> wrote: > My preliminary searches on the subject suggest that neither GBDE nor > GELI encryption offers hidden volume/container capabilities. Are you talking about steganography? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disk encryption; hidden containers
softoware would you recommend for use with FreeBSD to provide hidden containers? could you please explain what "hidden container" is? AFAIK geli do exactly that - hidden partition, unless you know to run geli and what is the password ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
disk encryption; hidden containers
My preliminary searches on the subject suggest that neither GBDE nor GELI encryption offers hidden volume/container capabilities. Are there any plans for implementing this in the future? What disk encryption softoware would you recommend for use with FreeBSD to provide hidden containers? -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] C. Hoare: "Two ways of constructing software: (1) make it so simple that there are obviously no bugs, (2) make it so complicated that there are no obvious bugs. Making it simple is far more difficult." pgphAUtWgHb8n.pgp Description: PGP signature