Truecrypt 5.0 Released (now with system partition encryption)

nospamatall wrote:

> Sebastian G. wrote:
> > Anonymous wrote:
> >
> >
> >>> Maybe you're just stupid. Why do you narrow your views to one
> >>> drive? You can have two or more. One contains the operating
> >>> system, does the pre-boot stuff and has an identifyable partition
> >>> table. The second drive is meant to store data, and is fully
> >>> encrypted, including the partition table.
> >>
> >> Maybe you're just a lying sack, desperately trying to change the
> >> rules to try and win a point.
> >>
> >> Can you install an OS to ANY device that's been encrypted by
> >> Truecrypt? No.
> >
> >
> > That has never been a requirement.
>
> You can install an OS and then encrypt the whole drive.

Actually, no you can not. If you do this, you destroy the operating
system and everything else on the drive. Truecrypt has no
non-destructive encrypting tools *except* for the system partition tool.

> Maybe you can do
> the other thing too, but I doubt we would find out anything useful from
> these folks!

Nope. There's no way to bootstrap a Truecrypt encrypted device. They
can't even really be mounted properly. This is one of the key things
that tells you Truecrypt isn't a FD OTFE tool.

If the explanation in their own words isn't enough for you that is. ;)

nemo_outis wrote:

> You still don't understand that Bestcrypt Volume Encryption can provide
> OTFE protection for full HDs? Then go read the site documentation again -
> maybe this time even a moron like you will get it.

WE did read it kiddo, and even quoted it here. In stark contrast to
your made up horse flop as a matter of fact. There's only one moron
not "getting things" here, and that moron is you. The fact that you're
snipping like a coward and pasting like a kindergartner tells us even
you realize this, whether you're man enough to admit it or not.

It's probably comforting to bluster about how you "swat" people all the
time, but reality is a whole different matter. Jetico's own (actual)
words displayed prominently on their official web site plainly delineate
between various types of OTFE, clearly state which one their product
is, and even goes so far as warning readers that it's important to
understand the difference.

The sooner you grow up and come to terms with that latter bit of advice
the better off you'll be. The longer you put it off, the more you'll be
on the receiving end of the swatter. Either way. Up to you. :)

On Sat, 9 Feb 2008 06:05:47 +0000 (UTC), Anonymous wrote:

>> a good thing. Keeping your ill-thought-out gibberings
>> off sci.crypt would in particular be appreciated.
>
> You could always try alt.whining.cunts.moderated.
>
> It's that way ------------------------------------->

I looked over there and all I found was
alt.anonymous.overblownegoswhothinktheyareimportan t and
alt.corp.anonymous-posters.notselfemployed.paychecktakers
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

On Sat, 09 Feb 2008 17:41:28 GMT, nemo_outis wrote:

> No, Sebastian, by far the most plausible reason for every drive on a
> computer being filled with random junk is that encryption is being used.
>
> Regards,

Bullshit, Usenet posts.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:

> That's really funny coming from someone whose idea of "secure" is
> hiding something in a sock drawer.

Depends on where the sock drawer resides. For you, yes, totally insecure.
Since you sleep on your hobo bag in the alley.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

Nomen Nescio <nobody@dizum.com> wrote in
news:58cb2973f6b9fe4344a708161da63134@dizum.com:

You read it again and yet you still don't get it. Then go read the site
documentation again - maybe this time even a moron like you will get it.

Regards,

Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
in news:24250861f8cfd5a440460111e28b78d8@remailer.cyb eriade.it:

Windows cannot boot from a completely encrypted disk because there's
nothing to decrypt those first bytes to even get the process started.

Regards,

Anonymous <xor@hermetix.org> wrote in
news:35c8a5a05a21073fe24f8fe89666ea2b@hermetix.org :

While it is far from the only thing you are confused and in error about,
you seem to have confused and conflated the concept of not being possible
to apoodictically prove that encryption is being used with plausible
deniability.

Regards,

Ari wrote:
> On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
>
>> That's really funny coming from someone whose idea of "secure" is
>> hiding something in a sock drawer.
>
> Depends on where the sock drawer resides. For you, yes, totally insecure.
> Since you sleep on your hobo bag in the alley.

It would be interesting to hear how you know that fact, if it is, in
fact, a fact.

Henrique

nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:82ea57176532ddf0881ca98427937d4a@dizum.com:
>
> You obviously still haven't enrolled in that remedial reading course.

You obviously don't have the guts to do anything but snip entire posts
so you can ignore (actual, not made up) cites, and fling little bits of
your own brand of shit just to try and get a last word in.

Cheer up little Nemo, I'll allow you that small luxury soon enough.

But not just yet.

*snicker*

http://www.jetico.com/bcve_web_help/...what_is_ve.htm

Very first paragraph...

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

Suck that one again, bitch.

Sebastian G. wrote:

> Anonymous wrote:
>
> > Sebastian G. wrote:
> >
> >> Anonymous wrote:
> >>
> >>
> >>>> Nonsense. Microsoft has only disabled this option by default, since
> >>>> they don't want to support such configurations.
> >>> Maybe you can explain teh difference between "crippled" and "disabled"?
> >>
> >> Documentation and partial support.
> >
> > Telling someone their leg is irreparably broken and handing the a set
> > of crutches doesn't make them any less crippled or disabled.
>
>
> Making bad analogies doesn't make your point any less moot.

Denying the obvious and quibbling like a school girl over meaningless
semantics doesn't make YOU appear clever. In spite of what you think.

>
> > You're engaging in a semantics quibble that doesn't even exist, but
> > then you seem to enjoy that sort of thing. Never have to admit you were
> > wrong about something if you just make up the rules as you go, now do
> > you? :(
>
>
> Well, then tell me just one thing: If it was really crippled, then why was I
> able to unleash this functionality with nothing but a text editor and an
> archiver (for unpacking and optionally repacking the CABinet archives)?

Obviously, your text editor and achiever were all the tools needed You
"fixed" something just like a doctor might re-break a leg and set it
properly to correct some crippling disability.

Assuming anything you say is factual of course. *shrug*

Free clue: Disabled and crippled are synonymous, whether you're able to
comprehend that by analogy or not.

nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:615b7tF1sfp4gU3@mid.dfncis.de:
>
> > nemo_outis wrote:
> >
> >
> >>> Additionally, if you do the pre-boot stuff, the MBR
> >>> containing this code would also differ from random data. But
> >>> TrueCrypt does not permit storing the MBR on another media
> >>> and do some redirection.
> >>
> >> Yes, Truecrypt has not COMPLETELY redesigned Windows' boot
> >> process to accomodate a kook like you.
> >
> >
> > Two obvious things:
> >
> > - This is not a limitation of Windows' boot process. Why do you
> > think it is?
> >
> > - storing the initial boot loader on another media to avoid
> > running a potentially modified bootloader from the disk in
> > neither unknown nor unusual, so it's no wonder that some
> > products actually implement this
>
> How can you be this stupid, Sebastian? No matter how easy you
> think it is, no matter how badly you want it, the plain fact of
> the matter is that WINDOWS DOESN'T DO IT!

Not only does Windows "do it", the process is well documented on
the MSDN web sapce and even supported with several different
developer kits depending on what your target is. Not that they're
strictly necessary either from a technical, or a licensing
standpoint.

>
> Regards,
>

nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:9c560c5e4d435ab2734ae2e076739ea3@dizum.com:
>
> Back again with the same bullshit? You get the same answer as
> last time.
>
> If you have some argument to show how an unencrypted partition
> table would permit decrypting the contents of of an encrypted
> partition, then make it. If not, then, as I have repeatedly
> suggested: Do be a good little moron and fuck off.

You've already been given a cite explaining exactly how and why
unencrypted partition tables are a risk. How they can in FACT aid
in the cryptanalysis of an encrypted volume, and you damned well
know it or you wouldn't have made a pathetic attempt to twist
things into some discussion of absolutes.

Your willingness to make fool of yourself through blatant
dishonesty is fast becoming your most defining quality nemo.

Ari wrote:

> On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
>
> > That's really funny coming from someone whose idea of "secure"
> > is hiding something in a sock drawer.
>
> Depends on where the sock drawer resides. For you, yes, totally
> insecure. Since you sleep on your hobo bag in the alley.

but my socks are all bar code encrypted. and everyone knows bar code
encryption is safe enough to secure 40 acre nuclear test facilities.

Henrique Mandalin wrote:

> Ari wrote:
> > On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
> >
> >> That's really funny coming from someone whose idea of "secure"
> >> is hiding something in a sock drawer.
> >
> > Depends on where the sock drawer resides. For you, yes, totally
> > insecure. Since you sleep on your hobo bag in the alley.
>
> It would be interesting to hear how you know that fact, if it is,
> in fact, a fact.

Ari is acutely allergic to facts.

>
> Henrique
>

Henrique Mandalin wrote:

> Ari wrote:
> > On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
> >
> >> That's really funny coming from someone whose idea of "secure" is
> >> hiding something in a sock drawer.
> >
> > Depends on where the sock drawer resides. For you, yes, totally insecure.
> > Since you sleep on your hobo bag in the alley.
>
> It would be interesting to hear how you know that fact, if it is, in
> fact, a fact.

It's a fact Ari's facts and real facts are factually two different
things, in fact.

>
> Henrique
>

nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyb eriade.it:
>
> Windows cannot boot from a completely encrypted disk because there's
> nothing to decrypt those first bytes to even get the process started.

Nope! Sorry, but your anal retentivness is making you miss something so
obvious I'm actually surprised I've strung you along this long. Figured
you'd have stumbled across the answer by now, especially since someone
else already hinted at it.

If you ask really nice I'll clue you in. :)

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:bf6ea79edec361e1aad589185e7d1167@mixmaster.it :
>
> > nemo_outis wrote:
> ...
> >> As for an unencrypted partition table disclosing info, that
> >> trivial info is useless for decrypting the contents of the
> >> partitions or even inferring the nature of what is contained
> >> in them.
>
> > I see. So now you believe you're smarter than all the encryption
> > and cryptanalysis experts that ever lived, combined.
>
>
> You see little and comprehend less.

You snip like a little fucking coward and hope nobody sees any of
it. Isn't working. Here it is again coward:

http://www.jetico.com/bcve_web_help/...what_is_ve.htm

"We call encryption software working with volumes Volume Encryption
software. Note that if Volume Encryption software encrypts a volume
consisting of a single partition, for the user it will give the same
result as Partition Encryption software. If a single partition
occupies the whole hard drive, Volume Encryption will be equal both
to Whole Disk Encryption and Partition Encryption. Encrypting of
basic partition C: on Figure 3 below illustrates that."

"Volume Encryption software works with volume as with a single
portion of data. Volume is always in one of the two definite
states: if password is not entered, the whole volume is not
accessible. If the user enters the proper password and opens the
volume, all its parts, even stored on different hard drives, become
accessible. In our opinion, working with volumes is more native
both for the user and computer, because it is a volume that stores
a complete filesystem structure and a complete tree of the user's
files. As in the modern world single volume stores data scattered
on a number of physical disks, it is more convenient and safe to
manage a volume, rather than work with every physical drive
separately."

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > If you have some argument to show how an unencrypted partition
> > table would permit decrypting the contents of of an encrypted
> > partition, then make it.
>
>
> It doesn't. What it permits is to differ the encrypted disc from
> random data, and it permits knowledge about the partitioning of
> the volume inside the encrypted container.

Which can, potentially, lead to several attack vectors.

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Ari wrote:

> On Sat, 09 Feb 2008 17:41:28 GMT, nemo_outis wrote:
>
> > No, Sebastian, by far the most plausible reason for every drive
> > on a computer being filled with random junk is that encryption
> > is being used.
> >
> > Regards,
>
> Bullshit, Usenet posts.

especially ones by kikes about bar code crypto and 40 acre nuclear
test facilities.

nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:615b23F1sfp4gU2@mid.dfncis.de:
>
>> Such a modification is even explicitly intended by Microsoft, it's
>> called an "unattended setup".
>
> It's not the unintended setup that's unsupported ny Microsoft, but setup to
> a removable drive (e.g., USB)


Unsupported, not crippled.

> Yes, blatantly implausible ones.


Just call them "standard practices" and troll away, please!

nemo_outis wrote:


>> - This is not a limitation of Windows' boot process. Why do you think
>> it is?
>>
>> - storing the initial boot loader on another media to avoid running a
>> potentially modified bootloader from the disk in neither unknown nor
>> unusual, so it's no wonder that some products actually implement this
>
> How can you be this stupid, Sebastian? No matter how easy you think it
> is, no matter how badly you want it, the plain fact of the matter is that
> WINDOWS DOESN'T DO IT!


Windows obviously does it for unencrypted media, and for encrypted media PGP
WholeDisk has been working with this for quite a while. Now will you finally
stop ignoring trivial facts? There's nothing special with that this simply
works, it's so trivial that even the programmers from Microsoft implemented
it. In fact, its hard to implement a boot loader which does not support
being stage 2.

Anonymous wrote:


>> Which is wrong again. For all those FDE products which use CBC
>> mode, the swap file is likely to contain an IV, which leaks the
>
> Which doesn't matter one fucking bit because unless it's mounted,
> it's encrypted.

>

> What an idiot.


The only idiot here is you, because you can't read. The fact that data is
leaked even though the pagefile is on the encrypted volume is exactly the issue!

>> first block of data for every CBC block. For LRW, swapping out an
>> empty page with the LRW tweak key at the beginning or the end
>> will allow an attacker to retrieve the LRW tweak, and therefore
>> distinguishing the encrypted volume from random data. For ESSIV
>> it's the same.

Cyberiade.it Anonymous Remailer wrote:

> nemo_outis wrote:
>
>> George Orwell <nobody@mixmaster.it> wrote in
>> news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it :
>>
>>> nemo_outis wrote:
>>>
>>>> There must - necessarily! - be a small amount of unencrypted code on
>>>> the boot/system volume. This is invariably located on track 0.
>>> Nope! I fact with *true* whole disk encryption there is absolutely no
>>> unencrypted information on a device at all.
>> Uhh, doofus, Windows cannot boot from a completely encrypted disk because
>> there's nothing to decrypt those first bytes to even get the process
>
> Wrong!
>
> Windows can trivially boot from a completely, 100% end to end including
> sector 0, encrypted drive without modifying Windows at all, without
> using any external bootstrapping at all, and without using any stupid
> "boot sector copying" scheme.


OK, now I'm interested: How is this supposed to work? If everything is
encrypted, where's the code for the decryption?

nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyb eriade.it:
>
> Windows cannot boot from a completely encrypted disk because there's
> nothing to decrypt those first bytes to even get the process started.

This decryption can be provided by an additional, removal media. The media
only decrypts the the boot loader mini driver, which is turn will decrypt
the relevant files, boot up the Windows kernel and pass over control to the
actual decryption driver.

TrueCrypt does not support this scheme. PGP Whole Disk Encryption does, and
some other claim to do so as well.


Indeed, in his special limitation where no such external boot loader is
used, it's of course nonsense.

Cyberiade.it Anonymous Remailer wrote:


> Denying the obvious and quibbling like a school girl over meaningless
> semantics doesn't make YOU appear clever. In spite of what you think.


If it's really crippled, then why does Microsoft WinPE toolkit explicitly
support this operation?

>> Well, then tell me just one thing: If it was really crippled, then why was I
>> able to unleash this functionality with nothing but a text editor and an
>> archiver (for unpacking and optionally repacking the CABinet archives)?
>
> Obviously, your text editor and achiever were all the tools needed You
> "fixed" something just like a doctor might re-break a leg and set it
> properly to correct some crippling disability.


No. If it was crippled, then these tools wouldn't have been sufficiet. I'd
have needed a disassembler and a hex editor to alter the code.

The only thing I altered were public configuration options, which do exist
exactly for the purpose of configurability.

nemo_outis wrote:

Good grief! That was such a lexically desperate clusterfuck it's tough
to know for sure, and your testosterone levels have dropped so far
you can't handle quoting anything so htere's no context, but apparently
you're so flustered you're cowering back behind your (HEY LOOK OVER
THERE EVERYONE!) == (good security) crap again.

Once again dullard, "plausible" is a subjective term with no absolutes
that aren't defined on a case by case basis, in a subjective manner.
Even Truecrypt acknowledges this on the own web site.

Wanna be bitch slapped with another cite today grasshopper?

*evil snicker*

Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > If you have some argument to show how an unencrypted partition
> > table would permit decrypting the contents of of an encrypted
> > partition, then make it.
>
>
> It doesn't. What it permits is to differ the encrypted disc from
> random data, and it permits knowledge about the partitioning of
> the volume inside the encrypted container.

Only half right. Knowing what type of data might be contained in an
encrypted volume does in general assist in cryptanalysis. Some
forms of this attack are known as "watermarking". Taken to the
extreme it's called a "known plaintext" attack. You have heard
those terms before, haven't you?

And yes, before we start quibbling about the differences so
you can ignore the obvious similarities, those differences exist.
However not as markedly as you may suspect at first jerk. Knowing
that an encrypted volume contains in fact can lead to an actual
known plaintext attack if you're aware of the encrypted volume's
topography (freely published knowledge in this case), and have
knowledge of where certain things will reside within that volume.
Since Windows places certain things in specific areas of a disk,
knowing what's contained inside that encrypted volume enables an
easier collation, and ultimately, the possibility of a successful
attack.

Not that I'm aware of any sort of exploitable known plaintext
weakness in Truecrypt of course. I believe it to be quite secure.
But in general this demonstrates one possible weakness that might
be introduced in a plaintext partition table scenario. And if you
really consider things broadly, it spotlights why OTP is considered
the only truly unbreakable form of encryption. If a ciphertext can
potentially be "anything", it's impossible to even know if you've
successfully decrypted it or not. ;)

Nomen Nescio <nobody@dizum.com> wrote in
news:82ea57176532ddf0881ca98427937d4a@dizum.com:

> nemo_outis wrote:
>
>> >> Bestcrypt Volume Encryption for Windows is among the most advanced
>> >> full-HD OTFE encryption systems. Not only can it encrypt all HD
>> >> partitions on all HDs (including the boot/system one) it supports
>> >> complete encyption of spanned, mirrored, and striped volumes, as
>> >> well as RAID 5 volumes. It also supports physical tokens in
>> >> addition to a password/passphrase for additional security.
>> >>
>> >> http://www.jetico.com/bcve.htm
>> >
>> > That paragraph doesn't exist at all on that page. Or anywhere else
>> > on Jetico's site that I can find.
>>
>> Of course, you fucking moron, that paragraph is mine, in my words -
>> there are no quotation marks, no "Jeticos says" in it. It's a
>> simple description and characterization of the program clearly
>> provided by me, the author of the post, the fellow with his name in
>> the "From" header - just as anyone who wasn't a moron like you would
>> expect. You've just failed to comprehend plain English - yet again.
>
> I almost feel sorry for you. Even you had to cringe when you made the
> decision to try and float such a whopper.
>
> *snicker*
>
> Nobody is going to buy it liar. If you're going to play that way
> you're going to at least play on some level above "imbecile". Come up
> with a credible lie. Maybe "Oh, they must have just changed that page
> when they released 5.0" or something. It wouldn't really help all that
> much because the link you provided says exactly the opposite of the
> lie you tried to tell, but at the bottom end of the evolutionary
> ladder you would, at least, stand out among your peers.
>
You simply mistook his statement for a quote, and you can't seem
to see that his explanation makes perfect sense.

It was not in quotes or set off by indentation, and he never claimed
it was a quote.

What is your problem?

"*snicker*"

Oh, and that's me, quoting you.

*snicker*

and then me giggling like a stupid idiot.

Cyberiade.it Anonymous Remailer wrote:

> it spotlights why OTP is considered
> the only truly unbreakable form of encryption. If a ciphertext can
> potentially be "anything", it's impossible to even know if you've
> successfully decrypted it or not. ;)


OTP's security comes from the fact that knowing the message doesn't change
the a priory probability of the plaintext. It never claimed that all
plaintexts are equally likely.