Thread: What is a good Windows XP file to store encrypted volumes
View Single Post
  #8 (permalink)  
Old 01-19-2007, 07:25 PM
nemo_outis
Guest
  
Posts: n/a
Default Re: What is a good Windows XP file to store encrypted volumes
David Eather <eather@tpg.com.au> wrote in
news:45b10117@dnews.tpgi.com.au:

> nemo_outis wrote:
....
>> The following will not fool a sysadmin (well, not a good one) but it
>> works very well against casual or inept snoops.
>>
>> Hide the Truecrypt file as an "alternate file stream" attached to
>> some other file (which could itself be perfectly functional, such as
>> an Excel file). The hidden stream will not show in any normal system
>> operation (directory listings, etc.) although some (by no means all)
>> antivirus software may report it.
>>
>> If the ordinary file you wish to use is, say,
>> C:\directorypath\somefile.xls then create (and subsequently mount
>> and use) the Truecrypt file as, say, C:
>> \directorypath\somefile.xls:tc (i.e., the alternate file name -
>> extent, really - is defined as prefixed by the regular file name and
>> a colon)
>>
>> Regards,
>>
>>
>>
> So, your saying it is OK that your security is not based on a
> mathematical proof or a conjecture of the computational bounds of an
> adversary, but rather based on the hope that the adversary is
> incompetent.
>
> Do you see anything wrong with that?


Short answer: No, I see nothing wrong with that.

Longer answer:

The OP framed her question in terms of using nothing stronger than an
inconspicuous file. Compared to that, an alternate data stream is
leagues ahead.

Going further, the OP's threat model is coworkers who casually snoop,
folks who are, if not outright incompetent, clearly without special
resources or competence.

Against a sufficiently competent, well-funded, and motivated adversary -
especially one who has repeated unobserved direct access to the machine
as could happen in a work environment - I fell confident in saying there
is NO satisfactory method of disguising the use of Truecrypt.

So, the task is not to overdesign the system inordinately in a misguided
attempt to thwart the NSA. Instead, as with most security questions, the
real task is to implement a scheme appropriate to the specified threat
model.

And this is exactly what my suggested use of ADS in these circumstances
does. It is a convenient, readily implemented method that is entirely
suitable and appropriate for the described threat model.

Regards,



Reply With Quote