Thread: Truecrypt 4.3 Released
View Single Post
  #6 (permalink)  
Old 03-21-2007, 03:19 PM
nemo_outis
Guest
  
Posts: n/a
Default Re: Truecrypt 4.3 Released
<cemeqi> wrote in news:1300vdhs59hfaa5@news.supernews.com:

> "nemo_outis" <abc@xyz.com> wrote in message
> news:Xns98F8CFF119F5Dabcxyzcom@204.153.245.131...
>> http://www.truecrypt.org/
>>
>> Regards,
>>
>>
>> PS Main change: Vista ready
>
> While we are at it I would like to clear up as to whether the volume
> is recognized or not.
>
>
>
> On the Security and Encryption FAQ - Revision 21.1.1 of Dr Who to be
> found at
> https://www.panta-rhei.eu.org/pantaw...dEncryptionFaq, it
> says:
>
>
>
> "[TrueCrypt] does not display any file header info to help a snooper
> identify the file's purpose. The header is encrypted and shows as
> random garbage. But it will identify which type of format was used to
> create the Truecrypt volume. Despite Windows and other programs
> claiming the partition is not formatted, Truecrypt will itself rather
> unhelpfully tell the world that it is obviously a Truecrypt created
> volume. I am at a loss to understand the logic of this, but there it
> is."
>
>
>
> But on the Truecrypt page at http://www.truecrypt.org/, it says:
>
>
>
> "2) No TrueCrypt volume can be identified (volumes cannot be
> distinguished from random data)."
>
>
>
> Does this mean that the Security and Encryption FAQ is not up-to-date
> or that the TrueCrypt page is not entirely correct? Or, alternatively,
> that there is something I am missing?



It means that there is an apparent discrepancy between the two sources.
You may resolve that discrepancy in a number of ways, trading off
convenience versus comprehensiveness. I suggest the best way, assuming
you have the skills, is to check for yourself.

Personally, I see this as a matter of little consequence one way or the
other. A partition full of random data - with or without telltale
headers, partition signatures, etc. - is a dead giveaway that encryption
is being used. Couple that with the existence of Truecrypt drivers and
corresponding registry entries (I assume a Windows OS) and the conviction
that encryption is being used rises to a near certainty.


Remember, truecrypt does not attempt to hide (other than superficially)
the fact that it is being used - it is NOT a form of steganography.

Regards,

PS You could, I suppose, thoroughly scrub the registry, remove drivers,
and diddle with the Truecrypt header (restoring it from external media
before use and overwriting it afterwards) but this seems rather tiresome
and likely to be neglected by all but the most fanatic.




Reply With Quote