Truecrypt 5.0 Released (now with system partition encryption)

Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > You see, the space on a HD, as conventionally set up, consists entirely of
> > the following: the boot track and one or more partitions. (This excludes
> > the rare cases where there is unallocated unpartitioned space on the drive,
> > and arcana such as the HPA and manufacturer's reserved space).
> >
> > So, if you encrypt all partitions on such a drive (as Truecrypt v5 now
> > allows you to do, even if it is the boot/system drive) you have encrypted
> > the **whole drive** - with the exception, of course, of the small
> > unencrypted bootstub info on track 0 - just as with ALL other whole-disk HD
> > OTFE encryption programs.
>
>
> If you're not using the pre-boot stuff, then TrueCrypt can encrypt the
> entire volume including the MBR with its partition table.

It "can", but that's a destructive process and there's absolutely no
way to bootstrap any operating system that you might install after the
fact.

You guys aren't thinking this through.

Anonymous wrote:
> nospamatall wrote:
>
>> Casper wrote:
>>>> No, it's not. With a two partition setup and both encrypted
>>>> you can still see partition information booting from a LiveCD
>>>>
>>>> It's NOT whole disk encryption. It was never advertised as
>>>> such.
>>> Thank you for the info, I am glad you understand the difference
>>> between asking for a password on boot up and having the whole
>>> thing encrypted, too many people confuse these terms.
>>>
>>>
>> I can see that there is a difference, but why would it be
>> important? If the entire disk is encrypted, how could you do
>> anything with it?
>
> We were just discussing the issue of plausible deniability, and
> determining if individual encrypted devices/volumes existed at all.
> If you need to hide the fact that certain volumes exist then it
> becomes an issue.

I would have thought that this is not an issue with TrueCrypt, because
the hidden partition is within the free space of another encrypted
partition and thus doesn't show up anywhere else?

Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> writes:
> Sebastian G. wrote:
>
> > nemo_outis wrote:
> >
> >
> > > You see, the space on a HD, as conventionally set up, consists entirely of
> > > the following: the boot track and one or more partitions. (This excludes
> > > the rare cases where there is unallocated unpartitioned space on the drive,
> > > and arcana such as the HPA and manufacturer's reserved space).
> > >
> > > So, if you encrypt all partitions on such a drive (as Truecrypt v5 now
> > > allows you to do, even if it is the boot/system drive) you have encrypted
> > > the **whole drive** - with the exception, of course, of the small
> > > unencrypted bootstub info on track 0 - just as with ALL other whole-disk HD
> > > OTFE encryption programs.
> >
> >
> > If you're not using the pre-boot stuff, then TrueCrypt can encrypt the
> > entire volume including the MBR with its partition table.
>
> It "can", but that's a destructive process and there's absolutely no
> way to bootstrap any operating system that you might install after the
> fact.
>
> You guys aren't thinking this through.

Au contraire. Sebastian's thought this through in its
entirety, it's just that you're all taking a long time
to catch up.

Your "that's a destructive process" is either meaningless
or wrong. Your "there's absolutely no way to bootstrap any
operating system" is completely false. Boot of another
medium. Trivial.

_Any_ container for an encrypted file system will break
the contained file system if tampered with. That applies
exactly equally to an entire disk as it does to a single
file sitting within an arbitrary other file system.

Please try to keep up.

Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration

Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> writes:
> It "can", but that's a destructive process and there's absolutely no
> way to bootstrap any operating system that you might install after the
> fact.
>
> You guys aren't thinking this through.

I don't know anything about truecrypt and haven't been following this
discussion, but I've often wanted to encrypt my laptop's internal hard
drive like that. The only way to boot would be from another drive,
and I'd use a usb pen drive for that purpose.

Casper wrote:
>> I can see that there is a difference, but why would it be important? If
>> the entire disk is encrypted, how could you do anything with it?
>>
>> Andy
>
> Then if you see a difference, can you explain what the difference is?
> That would answer your question at the same time.
>
>
The difference is that the partition info and some other stuff may not
be encrypted. This doesn't answer my question though. Do any data leak
into the non-user partitions? I had heard that some shyster companies
use these partitions for their nefarious 'DRM' so I spose it is
possible, but not if Truecrypt is in control of where all the data are
going?

Something has to be unencrypted somewhere, otherwise the disk will be
unusable. Some programs might overcome this by taking care of that
business themselves, but surely that is just moving the same risk elsewhere?

Andy

Cyberiade.it Anonymous Remailer wrote:

> Sebastian G. wrote:
>
>> nemo_outis wrote:
>>
>>
>>> You see, the space on a HD, as conventionally set up, consists entirely of
>>> the following: the boot track and one or more partitions. (This excludes
>>> the rare cases where there is unallocated unpartitioned space on the drive,
>>> and arcana such as the HPA and manufacturer's reserved space).
>>>
>>> So, if you encrypt all partitions on such a drive (as Truecrypt v5 now
>>> allows you to do, even if it is the boot/system drive) you have encrypted
>>> the **whole drive** - with the exception, of course, of the small
>>> unencrypted bootstub info on track 0 - just as with ALL other whole-disk HD
>>> OTFE encryption programs.
>>
>> If you're not using the pre-boot stuff, then TrueCrypt can encrypt the
>> entire volume including the MBR with its partition table.
>
> It "can", but that's a destructive process and there's absolutely no
> way to bootstrap any operating system that you might install after the
> fact.
>
> You guys aren't thinking this through.


Maybe you're just stupid. Why do you narrow your views to one drive? You can
have two or more. One contains the operating system, does the pre-boot stuff
and has an identifyable partition table. The second drive is meant to store
data, and is fully encrypted, including the partition table.

On 7 Feb 2008 16:00:31 +0100, Cyberiade.it Anonymous Remailer wrote:

> Ari wrote:
>
>> On Thu, 07 Feb 2008 00:53:41 +0100, Sebastian G. wrote:
>>
>>> However, I found a privilege escalation vulnerability from version 4.3a
>>> being carried over, so I heavily recommend to avoid using TrueCrypt until
>>> it's fixed.
>>
>> Not to look a gift horse but why have they not fixed this?
>
> In a similar vein, the Linux version sucks. ;)
>
> OS encryption (it's not wholedisk) isn't even implemented. That's not a
> huge problem because Linux has native counterparts, but it would have
> been nice.
>
> There's also a cute new GUI, but you can't get around it as far as I can
> tell. So if you're running Truecrypt on a remote machine via ssh or
> what not, you'd better have GTK installed and X forwarding enabled or
> you're screwed until you downgrade. Reminds me of that damned GnuPG2
> pinentry crap. <grrrrrr>
>
> They also changed the sequence of passwords, at least on my Debian box
> (the only place I've tried it so far). Threw me off the first time. I
> thought my volumes were no longer compatible. ;)

Hell, let's hope this is one step back which proceeds several forward. I
admire those guys, I hope they haven't fallen over a cliff.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

nemo_outis wrote:

> Are you usually this thick? Yes, even though you have a whole-disk
> encryption program you can choose not to encrypt some partitions - or any
> of them for that matter. However, choosing not to use the program's
> capability for whole-disk encryption doesn't make it one whit less a
> whole-disk encryption program.
>
> As for a boot drive's partition table, some full HD OTFE programs may
> encrypt it, while others may not - just as I said. For instance,
> Bestcrypt Volume Encryption (one of the better commercial full-HD OTFE
> programs) does NOT encrypt the partiton table on a fully encrypted hard
> drive - I have just confirmed this with a number of partition managers
> (using Hiren v9.3).

Talk about thick... you don't even have the slightest clue what whole
disk encryption really is. Got some more bad news for you sonny.
Bestcrypt ain't on that list. That's right, it's not whole disk either.

*snicker*

You've been making a supreme fool of yourself all this time, puffing
your chest and calling other people stupid in your usual self
aggrandizing way, so just to rub your nose in it here's the current
contenders as of 11/09/2007.

http://www.full-disc-encryption.com/...ncryption.html

Read'm and weep, bitch. Maybe some day you'll learn to not be
such an arrogant jackass. :)


Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell <nobody@mixmaster.it> wrote in
news:a6b52b3f53d8d9e5e5666d21fd185ed6@mixmaster.it :

> Talk about thick... you don't even have the slightest clue what whole
> disk encryption really is. Got some more bad news for you sonny.
> Bestcrypt ain't on that list. That's right, it's not whole disk
> either.

Another bit of stupidity from you, you mouthbreathing twit.

Bestcrypt Volume Encryption for Windows is among the most advanced full-HD
OTFE encryption systems. Not only can it encrypt all HD partitions on all
HDs (including the boot/system one) it supports complete encyption of
spanned, mirrored, and striped volumes, as well as RAID 5 volumes. It also
supports physical tokens in addition to a password/passphrase for
additional security.

http://www.jetico.com/bcve.htm

Now do be a good little moron and fuck off.

Regards,

George Orwell <nobody@mixmaster.it> wrote in
news:a6b52b3f53d8d9e5e5666d21fd185ed6@mixmaster.it :

> Talk about thick... you don't even have the slightest clue what whole
> disk encryption really is. Got some more bad news for you sonny.
> Bestcrypt ain't on that list. That's right, it's not whole disk
> either.

Another bit of stupidity from you, you mouthbreathing twit.

Bestcrypt Volume Encryption for Windows is among the most advanced full-HD
OTFE encryption systems. Not only can it encrypt all HD partitions on all
HDs (including the boot/system one) it supports complete encryption of
spanned, mirrored, and striped volumes, as well as RAID 5 volumes. It also
supports physical tokens in addition to a password/passphrase for
additional security.

http://www.jetico.com/bcve.htm

Now do be a good little moron and fuck off.

Regards,

Sebastian G. wrote:

> Cyberiade.it Anonymous Remailer wrote:
>
> > Sebastian G. wrote:
> >
> >> nemo_outis wrote:
> >>
> >>
> >>> You see, the space on a HD, as conventionally set up,
> >>> consists entirely of the following: the boot track and one or
> >>> more partitions. (This excludes the rare cases where there
> >>> is unallocated unpartitioned space on the drive, and arcana
> >>> such as the HPA and manufacturer's reserved space).
> >>>
> >>> So, if you encrypt all partitions on such a drive (as
> >>> Truecrypt v5 now allows you to do, even if it is the
> >>> boot/system drive) you have encrypted the **whole drive** -
> >>> with the exception, of course, of the small unencrypted
> >>> bootstub info on track 0 - just as with ALL other whole-disk
> >>> HD OTFE encryption programs.
> >>
> >> If you're not using the pre-boot stuff, then TrueCrypt can
> >> encrypt the entire volume including the MBR with its partition
> >> table.
> >
> > It "can", but that's a destructive process and there's
> > absolutely no way to bootstrap any operating system that you
> > might install after the fact.
> >
> > You guys aren't thinking this through.
>
>
> Maybe you're just stupid. Why do you narrow your views to one
> drive? You can have two or more. One contains the operating
> system, does the pre-boot stuff and has an identifyable partition
> table. The second drive is meant to store data, and is fully
> encrypted, including the partition table.

Maybe you're just a lying sack, desperately trying to change the
rules to try and win a point.

Can you install an OS to ANY device that's been encrypted by
Truecrypt? No.

Case closed. Have a nice day.

Next!

nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:d7ac7fb60c39b076fbe85e54bf4ba496@mixmaster.it :
>
> Ah, the first of the whiners and cavillers has arrived. ...with
> a farrago of nonsense. ...just as I predicted.
>
>
> > nemo_outis wrote:
> >
> >> The entire disk IS encrypted, with the exception of the boot
> >> stub on track 0.
> >
> > No, it's not. If you have two partitions and encrypt only the
> > "system" partition the other isn't touched.
>
> Are you usually this thick? Yes, even though you have a
> whole-disk encryption program you can choose not to encrypt some
> partitions - or any of them for that matter. However, choosing
> not to use the program's capability for whole-disk encryption
> doesn't make it one whit less a whole-disk encryption program.

Problem is, with Truecrypt you don't have that choice.

Go ahead and try it. Encrypt an entire drive and see if you can
install an OS to it.

Whole disk my ass. LOL!

>
> As for a boot drive's partition table, some full HD OTFE programs
> may encrypt it, while others may not - just as I said. For
> instance, Bestcrypt Volume Encryption (one of the better
> commercial full-HD OTFE programs) does NOT encrypt the partiton
> table on a fully encrypted hard drive - I have just confirmed
> this with a number of partition managers (using Hiren v9.3).
>
> Why? Because encrypted partition tables are just asking for
> trouble from some program that doesn't recognize that the disk is
> not trashed (i.e., one that misinterprets an encrypted partition
> table as a corrupted one).
>
> Just as I said.
>
> The benefit from encrypting the partition table? None!
>
> It does not hide the fact that you are using encryption - that's
> already instantly discernible by the presence of the encryption
> programs's unencrypted executable stub code on track 0.
>
> As for an unencrypted partition table disclosing info, that
> trivial info is useless for decrypting the contents of the
> partitions or even inferring the nature of what is contained in
> them.
>
> As for Truecrypt supposedly not being a whole-disk encryption
> program, that's just plain wrong. With the release of Version 5
> Truecrypt is now a full-fledged whole-disk encryption program,
> capable of encrypting any or all of the partitions on any of the
> hard drives in a system, including the boot/system one. Of
> course, Truecrypt does have an unencrypted stub on track zero -
> as do ALL other whole-disk OTFE encryption programs.
>
> Just as I said.
>
> ...additional rambling nonsense mercifully snipped...
>
> Regards,

After all this constructive and philosophical debate, I have decided to
download Truecrypt5 myself and test it on my system. I will try an
encrypt the whole OS see what happen, of course everything is backed up.

On Fri, 8 Feb 2008 08:04:27 +0100 (CET),

> nemo_outis wrote:
> <shit>


> George Orwell wrote:

> <Crap>

STOP!/STOP!/ *STOP*

Natalie, the popcorn, and hurry up, the games have begun!!

Anonymous wrote:


>> Maybe you're just stupid. Why do you narrow your views to one
>> drive? You can have two or more. One contains the operating
>> system, does the pre-boot stuff and has an identifyable partition
>> table. The second drive is meant to store data, and is fully
>> encrypted, including the partition table.
>
> Maybe you're just a lying sack, desperately trying to change the
> rules to try and win a point.
>
> Can you install an OS to ANY device that's been encrypted by
> Truecrypt? No.


That has never been a requirement.

Cyberiade.it Anonymous Remailer wrote:


>> Are you usually this thick? Yes, even though you have a
>> whole-disk encryption program you can choose not to encrypt some
>> partitions - or any of them for that matter. However, choosing
>> not to use the program's capability for whole-disk encryption
>> doesn't make it one whit less a whole-disk encryption program.
>
> Problem is, with Truecrypt you don't have that choice.


So then my fully encrypted harddisk with even an encrypted partition table
is pure imagination?

> Go ahead and try it. Encrypt an entire drive and see if you can
> install an OS to it.


Who cares for installing an OS? This drive only contains data, the OS is on
another media.

>
> Who cares for installing an OS? This drive only contains data, the OS is on
> another media.

LOL LOL LOL >:|

You will never understand what we are talking about.
Maybe your posts should not appear in alt.privacy at all
I am putting up a filter.

And who the f*** wants a clear OS to hide all the communist
propaganda we have been downloading from the internet?

The day the CIA kicks your door in you are done for, have a
nice trip to Guantanamo! lol

Casper <spam@spam.spam> writes:
> >
> > Who cares for installing an OS? This drive only contains data, the
> > OS is on another media.
>
> LOL LOL LOL >:|
>
> You will never understand what we are talking about.
> Maybe your posts should not appear in alt.privacy at all
> I am putting up a filter.

Anything which separates alt.privacy from sci.crypt is
a good thing. Keeping your ill-thought-out gibberings
off sci.crypt would in particular be appreciated.

Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration

Casper wrote:

>> Who cares for installing an OS? This drive only contains data, the OS is on
>> another media.
>
> LOL LOL LOL >:|
>
> You will never understand what we are talking about.


We were talking about full disc encryption. This is totally unrelated to
pre-boot authentication, in fact it is mutually exclusive.

> And who the f*** wants a clear OS to hide all the communist
> propaganda we have been downloading from the internet?


The OS can be easily encrypted with a partition-wise encryption with
pre-boot authentication.


But well, why should I discuss with someone who is even too stupid to create
a technically valid posting?

"Sebastian G." <seppi@seppig.de> wrote in
news:612qppF1tk96tU4@mid.dfncis.de:

> Cyberiade.it Anonymous Remailer wrote:
>
>
>>> Are you usually this thick? Yes, even though you have a
>>> whole-disk encryption program you can choose not to encrypt some
>>> partitions - or any of them for that matter. However, choosing
>>> not to use the program's capability for whole-disk encryption
>>> doesn't make it one whit less a whole-disk encryption program.
>>
>> Problem is, with Truecrypt you don't have that choice.
>
>
> So then my fully encrypted harddisk with even an encrypted partition
> table is pure imagination?
>
>> Go ahead and try it. Encrypt an entire drive and see if you can
>> install an OS to it.
>
>
> Who cares for installing an OS? This drive only contains data, the OS
> is on another media.


Yep, Sebastian, you've got it entirely right.

Yes, Truecrypt in addition to file-based and partition-based encrypted
storage, also supports device-based OTFE storage. The device-based
versions do not have a partition table and are essentially
"floppy/superfloppy-ish." Device-based encrypted storage is primarily
useful for floppy disks, USB pendrives, and such but the Truecrypt docs
say a HD can also be be used this way.

Superfloppyish-based encrypted storage is only suitable for data storage,
not for a bootable Windows system. In fact, independent of any
encryption aspects, Windows has been deliberately crippled so it can NOT
boot/run from removable media such as superfloppies (Microsoft says it's
a licencing issue). (Some folks have crafted end-runs around this
limitation of Windows, using tricks such as RAM drives.)

But all this is beside the point. With Truecrypt 5 one can now encrypt
*any and all partitions* on any drive, including the boot/system
partition. This is all that is needed for complete OTFE protected
storage for both the Windows system itself and all data on it.

Regards,

Phil Carmody <thefatphil_demunged@yahoo.co.uk> wrote in
news:87hcgjd7c2.fsf@nonospaz.fatphil.org:

> Anything which separates alt.privacy from sci.crypt is
> a good thing. Keeping your ill-thought-out gibberings
> off sci.crypt would in particular be appreciated.
>
> Phil

Let me suggest that you start a moderated group to protect your delicate
sensibilites. Or, as an alternative, that you go fuck yourself.

Regards,

nemo_outis wrote:


> Superfloppyish-based encrypted storage is only suitable for data storage,
> not for a bootable Windows system. In fact, independent of any
> encryption aspects, Windows has been deliberately crippled so it can NOT
> boot/run from removable media such as superfloppies (Microsoft says it's
> a licencing issue).


Nonsense. Microsoft has only disabled this option by default, since they
don't want to support such configurations.

> (Some folks have crafted end-runs around this
> limitation of Windows, using tricks such as RAM drives.)


.... or by simple setting the required options.

> But all this is beside the point. With Truecrypt 5 one can now encrypt
> *any and all partitions* on any drive, including the boot/system
> partition. This is all that is needed for complete OTFE protected
> storage for both the Windows system itself and all data on it.


There are still some limitations. For example, in a dual boot configuration
the system partition must be identical to the boot partition and only the
original MBR works. For non-dual boot, you can have one and only one of
these options.

"Sebastian G." <seppi@seppig.de> wrote in
news:613aivF1ti8nnU1@mid.dfncis.de:

> nemo_outis wrote:
>> Superfloppyish-based encrypted storage is only suitable for data
>> storage, not for a bootable Windows system. In fact, independent of
>> any encryption aspects, Windows has been deliberately crippled so it
>> can NOT boot/run from removable media such as superfloppies
>> (Microsoft says it's a licencing issue).

> Nonsense. Microsoft has only disabled this option by default, since
> they don't want to support such configurations.

Ahh, that's more like it. I feel much better when Sebastian reverts to
his old self and spouts bullshit. The world is running as expected.

No, Sebastian, it''s not nonsense. Windows XP has no such "option." To
boot XP from removable media you must resort to hacks such as using bits
& pieces from the embedded version - which is clearly a licence
violation.

>> But all this is beside the point. With Truecrypt 5 one can now
>> encrypt *any and all partitions* on any drive, including the
>> boot/system partition. This is all that is needed for complete OTFE
>> protected storage for both the Windows system itself and all data on
>> it.

> There are still some limitations. For example, in a dual boot
> configuration the system partition must be identical to the boot
> partition and only the original MBR works. For non-dual boot, you can
> have one and only one of these options.

There is no doubt that Truecrypt can go on adding additional features,
bells, and whistles for a very long time. However, Truecrypt v5, as it
now stands, provides ALL the core functionality necessary for complete
OTFE protection of both the Windows OS and all data on all drives.

Regards,

nospamatall wrote:

> Casper wrote:
> >> I can see that there is a difference, but why would it be important? If
> >> the entire disk is encrypted, how could you do anything with it?
> >>
> >> Andy
> >
> > Then if you see a difference, can you explain what the difference is?
> > That would answer your question at the same time.
> >
> >
> The difference is that the partition info and some other stuff may not
> be encrypted. This doesn't answer my question though. Do any data leak
> into the non-user partitions? I had heard that some shyster companies
> use these partitions for their nefarious 'DRM' so I spose it is
> possible, but not if Truecrypt is in control of where all the data are
> going?

I don't think it's ever going to be 100% possible to guarantee that any
software running atop and operating system can successfully keep that
host from storing information about what that program does, somewhere
the program isn't aware of. It is, after all, the operating system
that's running the show.

Protected memory schemes and such go a good distance towards limiting
this sort of information "sharing", but they're as far from perfect as
can be and still be workable. Virtualization and other "sandbox" schemes
of that type are a lot better. Dual booting can be trivially configured
to minimalize that sharing, and "live" environments like CD's generally
come configured that way by default. Then at the end of the spectrum you
have physical swapping of storage devices which makes it an
impossibility.

The interesting thing about Truecrypt's hidden volume feature is that
one may be able to simulate physical swapping of devices in software.
I'd consider strong encryption every bit as secure as disconnecting a
drive for any practical purpose. ;)

nemo_outis wrote:


> No, Sebastian, it''s not nonsense. Windows XP has no such "option." To
> boot XP from removable media you must resort to hacks such as using bits
> & pieces from the embedded version - which is clearly a licence
> violation.


Nonsense. You can either use the preinstall kit or manually configure an
unattended installation. Making Windows boot from USB requires nothing but
moving the USB bus driver entry from the list of general I/O extenders to
the boot bus extender list, and changing the startup type of the usb mass
storage driver to make it load at boot time. This can be done for FireWire,
SD Card and iSCSI targets as well, and requires exactly no data from Windows CE.

> There is no doubt that Truecrypt can go on adding additional features,
> bells, and whistles for a very long time. However, Truecrypt v5, as it
> now stands, provides ALL the core functionality necessary for complete
> OTFE protection of both the Windows OS and all data on all drives.

However, not on all setups. And "protection" is a quite funny term,
considering that just some hours ago I had reported my full analysis on a
privilege escalation vulnerability that has been carried over from version
4.3a without any changes.

nemo_outis wrote:

Did you think nobody would check this "cite", ya' pathetic lying worm?

> Bestcrypt Volume Encryption for Windows is among the most advanced full-HD
> OTFE encryption systems. Not only can it encrypt all HD partitions on all
> HDs (including the boot/system one) it supports complete encyption of
> spanned, mirrored, and striped volumes, as well as RAID 5 volumes. It also
> supports physical tokens in addition to a password/passphrase for
> additional security.
>
> http://www.jetico.com/bcve.htm

That paragraph doesn't exist at all on that page. Or anywhere else on
Jetico's site that I can find. You even misspelled "encryption" in one
of the two posts where you tried to pass off your obvious lie as a
cite. No kidding dumbass, check line 3 in each.

What a bumbling buffoon!

*snicker*

Here's what's actually on Jetico's own pages, just to rub your nose in
it a little longer...

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

http://www.jetico.com/bcve_web_help/...what_is_ve.htm

*snicker*

>
> Now do be a good little moron and fuck off.

Begging won't work, bitch. I've got you under my heel again, and to
tell the truth I'm just enjoying the crunching sound way too much.

Have a nice day. :-p

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Cyberiade.it Anonymous Remailer wrote:

> Ari wrote:
>
> > On Thu, 07 Feb 2008 00:53:41 +0100, Sebastian G. wrote:
> >
> > > However, I found a privilege escalation vulnerability from
> > > version 4.3a being carried over, so I heavily recommend to
> > > avoid using TrueCrypt until it's fixed.
> >
> > Not to look a gift horse but why have they not fixed this?
>
> In a similar vein, the Linux version sucks. ;)
>
> OS encryption (it's not wholedisk) isn't even implemented. That's
> not a huge problem because Linux has native counterparts, but it
> would have been nice.
>
> There's also a cute new GUI, but you can't get around it as far
> as I can tell. So if you're running Truecrypt on a remote machine
> via ssh or what not, you'd better have GTK installed and X
> forwarding enabled or you're screwed until you downgrade. Reminds
> me of that damned GnuPG2 pinentry crap. <grrrrrr>
>
> They also changed the sequence of passwords, at least on my
> Debian box (the only place I've tried it so far). Threw me off
> the first time. I thought my volumes were no longer compatible. ;)

ROTFL!

I did the EXACT same thing. ;-)

>

Sebastian G. wrote:

> Casper wrote:
>
> >> Who cares for installing an OS? This drive only contains data, the OS is on
> >> another media.
> >
> > LOL LOL LOL >:|
> >
> > You will never understand what we are talking about.
>
>
> We were talking about full disc encryption. This is totally unrelated to
> pre-boot authentication, in fact it is mutually exclusive.

On the contrary. FDE can't possibly exist without some sort of pre-boot
authentication. The very definition of "full disk" precludes any access
at all without it.

>
> > And who the f*** wants a clear OS to hide all the communist
> > propaganda we have been downloading from the internet?
>
>
> The OS can be easily encrypted with a partition-wise encryption with
> pre-boot authentication.

Yes, and that's what Truecrypt is.

> But well, why should I discuss with someone who is even too stupid to create
> a technically valid posting?

Says you, whose entire arsenal consists of calling everyone else stupid
and spewing made up nonsense.

"Sebastian G." <seppi@seppig.de> wrote in
news:613dm4F1ff4uuU1@mid.dfncis.de:

> nemo_outis wrote:
>
>
>> No, Sebastian, it''s not nonsense. Windows XP has no such "option."
>> To boot XP from removable media you must resort to hacks such as
>> using bits & pieces from the embedded version - which is clearly a
>> licence violation.
>
>
> Nonsense. You can either use the preinstall kit or manually configure
> an unattended installation. Making Windows boot from USB requires
> nothing but moving the USB bus driver entry from the list of general
> I/O extenders to the boot bus extender list, and changing the startup
> type of the usb mass storage driver to make it load at boot time. This
> can be done for FireWire, SD Card and iSCSI targets as well, and
> requires exactly no data from Windows CE.

Yes, Sebastian, exactly as I said: you can only do it if you hack
Windows.

You have already repeatedly demonstrated that you can make errors faster
than I can correct them. Accordingly, I'm not going to further pursue
this latest error of yours since it has nothing to do with the matter at
hand: Truecrypt and full-HD OTFE encryption.


>> There is no doubt that Truecrypt can go on adding additional
>> features, bells, and whistles for a very long time. However,
>> Truecrypt v5, as it now stands, provides ALL the core functionality
>> necessary for complete OTFE protection of both the Windows OS and all
>> data on all drives.

> However, not on all setups. And "protection" is a quite funny term,
> considering that just some hours ago I had reported my full analysis
> on a privilege escalation vulnerability that has been carried over
> from version 4.3a without any changes.

Like all software, Truecrypt may contain bugs. The alleged bug you
mention does not affect its OTFE protection of the OS and data which only
truly comes into not play when the machine is off. Nor does Truecrypt
support every non-standard variant configuration, such as dual-booting.

However, what I said above is irrefragably true: Truecrypt v5, as it now
stands, provides ALL the core functionality necessary for complete OTFE
protection of both the Windows OS and all data on all drives.

Regards,

Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > Superfloppyish-based encrypted storage is only suitable for data
> > storage, not for a bootable Windows system. In fact, independent
> > of any encryption aspects, Windows has been deliberately crippled
> > so it can NOT boot/run from removable media such as superfloppies
> > (Microsoft says it's a licencing issue).
>
>
> Nonsense. Microsoft has only disabled this option by default, since
> they don't want to support such configurations.

Maybe you can explain teh difference between "crippled" and "disabled"?

Argue for the sake of argument much? <sheesh!>