Sebastian Gottschalk <seppi@seppig.de> wrote in
news:51e1inF1iic3oU1@mid.dfncis.de:

> nemo_outis wrote:
>
>> No, Sebastian, it was NOT I who specified the type of adversaries but
>> rather the OP


> And I told you that your misunderstood this specification. Now, what
> about reading comprehension? Go figure!



Here, you thick-as-a-brick moron, is a verbatim quote from the OP's post:
___

But, my question is what file name and location would arouse the least
suspicion were a coworker to be snooping around looking for my personal
data on my WinXP computer?"
___

"Snooping coworker," Sebastian! That's the specific threat model POSED
BY THE OP just as I said. It was the OP, not I, who specified the threat
model (and who additionally even confined the "solution space" only to
recommending the most inconspicuous file type and location).


>> If the adversaries suspecting use of Truecrypt had even minimal
>> competence they would first try, NOT to pore through the HD looking
>> for oversized mislabelled nonfunctional files
>
> Right. He would use Google to find a program which does that for him.


No ordinary "snooping coworker" would be installing and launching
forensic tools. Moreover, this hypothetical NSA-geek snooping coworker
would not know if there were mislabelled files, alternate data streams, a
hidden partition, an even-more-hidden partition in the HPA, files or
directories hidden by a rootkit, or even whether Truecrypt or some other
program was being used.

Nor does the snooper know what method is used to hide the OP's personal
info or even if any such hiding is being done. He's just snooping
around.

And, in the absence of specific info, the NSA-geek snooping coworker
would have no basis for limiting himself to searching for only one of
these stratagems but would either have to use a full-blown forensic tool
(e.g., Encase) to look for any and all of them or deploy a quiver of more
specific search tools. That isn't casual snooping, Sebastian!

No, a casual snoop will do just that: snoop around hoping to stumble upon
unsecured personal data or, failing that, to spot some anomaly that
catches his eye as a possible attempt to hide personal info. A slightly
less casual snoop may use some of the tools native to the environment
(e.g., regedit) but anything beyond that (e.g., installing and using
forensic ttools) is no longer casual snooping.

That's it, Sebastian. That's all the OP asked for: light-duty
camouflage. Nothing more.

But I'll go further, Sebastian, you doofus, in explaining that there is
NO satisfactory way of hiding Truecrypt from a skilled adversary, only
makeshift methods of hiding it from unskilled ones (such as the ones
asked for and given to the OP).

If you're of a mathematical bent call it a mini "existence proof" from
the makers of Truecrypt themselves. Perhaps it will even satisfy David
Eather's pretentious twaddle calling for "mathematical proof or a
conjecture of the computational bounds of an adversary."

You see, Sebastian, Truecrypt goes to great lengths to provide "plausible
deniability," even adding a nesting feature. But obviously "plausible
deniability: is a far weaker status that "undetectability of hidden data
in the first place." If the makers of Truecrypt thought there was an
effective way of providing undetectability they would not have futzed
around adding plausible deniability. QED

Regards,