Sebastian Gottschalk <seppi@seppig.de> wrote in
news:51ctiuF1jllc1U1@mid.dfncis.de:

> nemo_outis wrote:
>
>> of course streams can be detected! Any hiding or
>> mislabelling technique is only suitable against casual adversaries.
>> But, of course, those were precisely the type of adversaries that
>> were specified!
>
> Then you just got the specification wrong.


Congratulations, Sebastian! Your perfect record as a "contrary
indicator" who always gets it wrong has been extended.

No, Sebastian, it was NOT I who specified the type of adversaries but
rather the OP - to whom I then responded with an appropriate solution.


>> However, as a variant of the "hiding" genre, using ADS is vastly
>> superior to using grossly oversized mislabelled file types.
>
> Nonsense, since using such a bogus but well-known feature makes it way
> more suspicious.


Goddammit, you're thick, Sebastian! The original question posed was how
to make Truecrypt files less obvious to casual snoops at the OP's
workplace, not thwart the NSA.

If the adversaries suspecting use of Truecrypt had even minimal
competence they would first try, NOT to pore through the HD looking for
oversized mislabelled nonfunctional files (and, of course, far less for
ADS) but rather look for the presence of the Truecrypt driver and its
registry fingerprint which is blatantly there for anyone of non-casual
competence to see and which is awkward for an unskilled person, such as
the OP apparently is, to remove and replace regularly (sitting as it does
as a legacy driver in currentcontrolset).

We are, as the OP originally posed the problem, looking at adversaries
whose investigative repertoire does not even extend that far. And so I
guarantee that ADS will be far beyond the ability of such adversaries to
discover.

In short, Sebastian, the matter is settled; now all that remains is to
see how long you foolishly persist in your truculent stupidity.

Regards,