It is longstanding near-universal practice, including in the industry
itself, to refer to OTFE encryption of all partitions (except for a
bootstub) as "full disk" encryption. It is those who differ with this
standard terminology who are out of step, not the rest of the world.
Although the point hardly needs further corroboration, I will generously
give more...
In addition to the 8 vendors already cited a few posts back, all of whom
describe their product as providing "full disk" encryption:
And as already mentioned, Compusec describes its product as providing
"entire hard disk" encryption. http://www.ce-
infosys.com/english/downloads/free_compusec/free_compusec_faq.html
Moreover, the web page listing OTFE encryption vendors (to which one
mouthbreather here pointed some posts back) is itself titled "Full Disk
Encryption Providers" http://www.full-disk-encryption.net/...ncryption.html
And to remind folks of the 8 vendors previously cited, here they are
again:
> George Orwell <nobody@mixmaster.it> wrote:
> >Embarrassing incompetent gits with over inflated egos
> >is a hobby of mine.
>=20
> Is that what you are doing? I can see "embarrasing", "incompetent git"
> and "inflated ego", but not quite in this combination.
Your dyslexia isn't my problem.
>=20
> >We'll start with why the most notable member of Counterpane advises
> >people to use Rijndael rather then their own product.
>=20
> Bruce Schneier a _member_ of Counterpane? Twofish a _product_ of
> Counterpane?
Neither is your pathetic attempts to start semantics quibbles.
So did you have anything useful to add, or were you just wanting
to foam?
"Sebastian G." <seppi@seppig.de> wrote in
news:61qj1aF200lsgU1@mid.dfncis.de:
> Vend wrote:
>
>
>>> Obviously: The partition table leaks information about the partition
>>> layout and the filesystems.
>>
>> So?
>
>
> Encryption is supposed to provide concealment of all non-public
> information.
No, encryption enables non-disclosure of "selected material" except to
authorized users. Not necessarily all material. This is precisely why,
for instance, ALL vendors give the choice of NOT encrypting some
partitions while encrypting others.
Nor should encryption be confused with plausible deniability or
steganography, which have different goals.
Which material is encrypted is (or should be) determined as a result of a
risk/threat/consequences/productivity/resources analysis. Some material
(e.g., that in partiton tables) is of no practical use whatever to an
adversary faced with full-disk encrypted HDs and so need not be
encrypted. (For the paranoids who needlessly worry nonetheless there are
workarounds, such as filling track 0 with random junk after each session
and restoring it at the start of the next session.)
bealoid <signup@bealoid.co.uk> wrote:
>Kristian Gjøsteen <kristiag+news@math.ntnu.no> wrote in news:vu3m85-
>u1a2.ln1@fimf-h28.math.ntnu.no:
>
>> Bruce Schneier a _member_ of Counterpane?
>
>Why is that wrong? He's a founding member, and "CTO" (whatever that is),
>but that's still a member.
You're a member of a club, not a company. But please note that is was
essentially a lame spelling flame from an idiot that has English as his
second language. It can safely be ignored.
> On Sun, 17 Feb 2008 10:20:03 -0600, Nomen Nescio <nobody@dizum.com> wrote:
>
> > me@privacy.net wrote:
> >
> >>
> >>
> >>
> >> Krazee Brenda wrote:
> >> >
> >> >On Fri, 15 Feb 2008 18:29:41 +0000, me@privacy.net wrote:
> >> >
> >> >> I have a simple text file, less than 64KB, containing all the
> >> >> unique passwords I use for websites. I want to encrypt it in as
> >> >> secure a manner as possible on a Windows XP box. I don't need
> >> >> all these other fancy features, just a simple "type in my
> >> >> passphrase, see the text file" system. Any recommendations?
> >> >> It doesn't need to be free.
> >> >
> >> >Axcrypt, Twofish (with GUI)
> >>
> >> Are you saying Axcrypt uses Twofish? The web page at
> >> http://www.axantum.com/AxCrypt/Features.html says that
> >> it uses AES encryption with 128-bit keys.
> >
> > A perfect example of why you shouldn't rely on clueless rubes for
> > technical information, especially concerning security software..
> >
> Would it be too much to ask to carry this discussion on in your primary ng
> and leave alt.comp.freeware out of this?
Yes it would. :)
>
>
>
>
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info https://www.mixmaster.it
....
> In practice, hiding everything may be easier than determining exactly
> what information must be protected.
That may be true if, in fact, it is easier - it may well not be!
For instance, without resorting to devices external to the computer to
store the unencrypted initial boot code (or hidey-holes like BIOS
extensions), it is not only not easy, it is impossible.
Moreover, for instance, carrying a bootable USB (thereby enabling all HDs
on the machine to, in principle, have their track 0s
randomized/encrypted) may have its own considerable risks and
inconveniences.
IOW, that it is easier and less risky to encrypt track 0 is by no means a
slam dunk - it requires careful analysis of the tradeoffs.
Regards,
PS The few and weak benefits that might accrue from not exposing the
partition table are almost exclusively in the realm of plausible
deniability and steganography, NOT decryption resistance. Modern OTFE
encryption is sufficiently strong to withstand the availablity of
mountains of known plaintext, let alone the minuscule amount of indirect
data provided by a 16-byte partition table entry.
Moreover, an encrypted partition table (or track 0 generally), especially
in conjunction with ostensibly "random" data filling a HD, *completely
undermines* plausible deniability or steganography - it is obvious to all
but the completely untutored that encryption is being used.
In short, there is no point in encrypting/randomizing a partition table
from either a decryption or steganography/plausible deniability point of
view.
nemo_outis <abc@xyz.com> wrote:
>IOW, that it is easier and less risky to encrypt track 0 is by no means a
>slam dunk - it requires careful analysis of the tradeoffs.
Or you could buy suitable hardware. What's more expensive, careful
analysis or suitable hardware? I don't know. I just know that careful
analysis is rare.
Kristian Gjøsteen <kristiag+news@math.ntnu.no> wrote in
news:deem85-iga2.ln1@fimf-h28.math.ntnu.no:
> nemo_outis <abc@xyz.com> wrote:
>>IOW, that it is easier and less risky to encrypt track 0 is by no
>>means a slam dunk - it requires careful analysis of the tradeoffs.
>
> Or you could buy suitable hardware. What's more expensive, careful
> analysis or suitable hardware? I don't know. I just know that careful
> analysis is rare.
A valid point. However, there is next-to-no "open source" hardware for
encryption - one must rely on the manufacturer not to introduce bugs or
backdoors. I trust certifiers (e.g., FIPS) to do a reasonably decent job
in the bugs area, but backdoors? (Crypto AG still haunts my decision-
making.)
I would much prefer to use generic hardware bought from quasi-random
sources in conjunction with open-source software.
Regards,
PS The truly paranoid will only use hardware (and software?) obtained
before 9/11 :-) And not any produced in certain countries such as the US.
On Sun, 17 Feb 2008 18:10:03 +0100 (CET), Nomen Nescio
<nobody@dizum.com> wrote:
>Because it's a fact. Bruce Schneier advises against using Twofish
>and advises FOR using AES.
Can you give a reference for where he said that please? I would be
interested to see his reasons.
> On Sun, 17 Feb 2008 10:28:47 -0600, Kristian Gj=C3=B8steen =20
> <kristiag+news@math.ntnu.no> wrote:
>=20
> > George Orwell <nobody@mixmaster.it> wrote:
> >> Embarrassing incompetent gits with over inflated egos
> >> is a hobby of mine.
> >
> > Is that what you are doing? I can see "embarrasing", "incompetent git"
> > and "inflated ego", but not quite in this combination.
> >
> >> We'll start with why the most notable member of Counterpane advises
> >> people to use Rijndael rather then their own product.
> >
> > Bruce Schneier a _member_ of Counterpane? Twofish a _product_ of
> > Counterpane?
> >
> > I have a suggestion. The next time you want to inflate your ego, go
> > somewhere other than sci.crypt.
> >
>=20
> I have a better suggestion...strip alt.comp.freeware off of this thread.
Even better: learn to use a killfile so you don't have to whine and cry
so much.
> > Encryption is supposed to provide concealment of all non-public
> > information.
>
>
> No, encryption enables non-disclosure of "selected material" except to
You're exactly right. The point you're purposfully ignoring is that
"selected material" is arbitrary, and there are perfectly valid reasons
for placing things like partition information inside that box. You can
whine and cry about it being of no value to an attacker for as long as
you feel necessary to soothe your bruised ego, but you've already been
provided with a couple cites that prove you flatly wrong so it won't do
anyone, least of all you, any actual good. It's really nothing but
another example of your now well documented egocentric vision of what
defines security for everyone.
News Flash: What you think you need isn't what everyone wants or needs.
Learn to accept that.
<rest of your rant discarded unread>
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info https://www.mixmaster.it
rossum <rossum48@coldmail.com> wrote:
>Can you give a reference for where he said that please? I would be
>interested to see his reasons.
After a brief search, the only statement I can find is David Wagner's
statement on sci.crypt. In short, AES is the standard, it and its
implementations see more analysis than Twofish and its implementations.
(While I think I remember a similar statement by Schneier, I can't find
it now. Surely, whoever brought this up can provide a suitable reference.)
> bealoid <signup@bealoid.co.uk> wrote:
> >Kristian Gj=C3=B8steen <kristiag+news@math.ntnu.no> wrote in news:vu3m85-
> >u1a2.ln1@fimf-h28.math.ntnu.no:
> >
> >> Bruce Schneier a _member_ of Counterpane?
> >
> >Why is that wrong? He's a founding member, and "CTO" (whatever that is)=
,=20
> >but that's still a member.
>=20
> You're a member of a club, not a company.
> Kristian Gj=C3=B8steen <kristiag+news@math.ntnu.no> wrote in news:vu3m85-
> u1a2.ln1@fimf-h28.math.ntnu.no:
>=20
> > George Orwell <nobody@mixmaster.it> wrote:
>=20
> [snip]
> =20
> >>We'll start with why the most notable member of Counterpane advises
> >>people to use Rijndael rather then their own product.
> >=20
> > Bruce Schneier a _member_ of Counterpane?
>=20
> Why is that wrong? He's a founding member, and "CTO" (whatever that is),=
=20
> but that's still a member.
It's called "straw grabbing". :(
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info https://www.mixmaster.it
> nemo_outis <abc@xyz.com> wrote:
>> IOW, that it is easier and less risky to encrypt track 0 is by no means a
>> slam dunk - it requires careful analysis of the tradeoffs.
>
> Or you could buy suitable hardware. What's more expensive, careful
> analysis or suitable hardware? I don't know. I just know that careful
> analysis is rare.
Suitable hardware is most likely more expensive since all cheap existing
solutions are horribly broken.
"Sebastian G." <seppi@seppig.de> wrote in
news:61rnfoF20363gU1@mid.dfncis.de:
> Kristian Gjøsteen wrote:
>
>> nemo_outis <abc@xyz.com> wrote:
>>> IOW, that it is easier and less risky to encrypt track 0 is by no
>>> means a slam dunk - it requires careful analysis of the tradeoffs.
>>
>> Or you could buy suitable hardware. What's more expensive, careful
>> analysis or suitable hardware? I don't know. I just know that careful
>> analysis is rare.
>
>
> Suitable hardware is most likely more expensive since all cheap
> existing solutions are horribly broken.
True. And in light of that, I don't see how "careful analysis" of hardware
is any easier than careful analysis of software.
On Sun, 17 Feb 2008 21:56:57 +0100, Kristian Gjøsteen
<kristiag+news@math.ntnu.no> wrote:
>rossum <rossum48@coldmail.com> wrote:
>>Can you give a reference for where he said that please? I would be
>>interested to see his reasons.
>
>After a brief search, the only statement I can find is David Wagner's
>statement on sci.crypt. In short, AES is the standard, it and its
>implementations see more analysis than Twofish and its implementations.
>
>(While I think I remember a similar statement by Schneier, I can't find
>it now. Surely, whoever brought this up can provide a suitable reference.)
Thanks for that.
There is something in Practical Cryptography 4.5.7 - "The safe choice
for your career is AES." - but that is more covering yourself than a
cryptographic problem with Twofish.
I was hoping for something more specific about some sort of attack on
Twofish.
> nemo_outis <abc@xyz.com> wrote:
> >IOW, that it is easier and less risky to encrypt track 0 is by no means =
a=20
> >slam dunk - it requires careful analysis of the tradeoffs. =20
>=20
> Or you could buy suitable hardware. What's more expensive, careful
> analysis or suitable hardware? I don't know. I just know that careful
> analysis is rare.
> rossum <rossum48@coldmail.com> wrote:
>> I was hoping for something more specific about some sort of attack on
>> Twofish.
>
> No. No attacks are known on Twofish.
Mr. Schneier may not want to acknowledge them, but I think the
distinguishing attack with 2^52 chosen plaintexts and 2^70 steps is pretty
serious.
On 17 Feb, 17:18, Kristian Gjøsteen <kristiag+n...@math.ntnu.no>
wrote:
> Vend <ven...@virgilio.it> wrote:
> >And what is the point of concealing a partition table?
>
> Suppose your automated izi-to-use infidel-crushing attack tool creates
> a certain partition layout when installed. You'll certainly want to keep
> that signature hidden from snooping eyes.
>
> In practice, hiding everything may be easier than determining exactly
> what information must be protected.
If you want to be paranoid I suppose that you might even want to
encrypt the bios and cpu microcode firmware.
But, apart from paranoia, I can't really think of any practical case
in which an unencrypted partition table leaks information you would
like to keep private.
On Sun, 17 Feb 2008 19:55:15 +0100 (CET), George Orwell wrote:
>>>> >> I have a simple text file, less than 64KB, containing all the
>>>> >> unique passwords I use for websites. I want to encrypt it in as
>>>> >> secure a manner as possible on a Windows XP box. I don't need
>>>> >> all these other fancy features, just a simple "type in my
>>>> >> passphrase, see the text file" system. Any recommendations?
>>>> >> It doesn't need to be free.
>>>> >
>>>> >Axcrypt, Twofish (with GUI)
>>>>
>>>> Are you saying Axcrypt uses Twofish? The web page at
>>>> http://www.axantum.com/AxCrypt/Features.html says that
>>>> it uses AES encryption with 128-bit keys.
>>>
>>> A perfect example of why you shouldn't rely on clueless rubes for
>>> technical information, especially concerning security software..
>>>
>> Would it be too much to ask to carry this discussion on in your primary ng
>> and leave alt.comp.freeware out of this?
>
> Yes it would. :)
Of course, the IdiotBearBottoms, Mr. Cocaine Cowboy To Kiddies Anywhere,
didn't snip ACF from his reply.
No, what Mr. Bare(llful) of drugs is worried about is that if he doesn't
respond, which he does to *every* post to ACF, that his cover as a security
expert will be blown.
The CIA is big on cover, ya' know? Ask Bear, ask Barry Seal, his fate got
"sealed".
--
See Brenda's UniWorldWare http://tinyurl.com/nm2yt
On Mon, 18 Feb 2008 01:19:21 +0100, "Sebastian G." <seppi@seppig.de>
wrote:
>Kristian Gjøsteen wrote:
>
>> rossum <rossum48@coldmail.com> wrote:
>>> I was hoping for something more specific about some sort of attack on
>>> Twofish.
>>
>> No. No attacks are known on Twofish.
>
>Mr. Schneier may not want to acknowledge them, but I think the
>distinguishing attack with 2^52 chosen plaintexts and 2^70 steps is pretty
>serious.
Reference/source please.
Sebastian G. wrote:
>Mr. Schneier may not want to acknowledge them, but I think the
>distinguishing attack with 2^52 chosen plaintexts and 2^70 steps is pretty
>serious.
I can't recall any such attack on the full Twofish. Citation, please.
Nomen Nescio wrote:
>
>me@privacy.net wrote:
>
>> Krazee Brenda wrote:
>> >
>> >On Fri, 15 Feb 2008 18:29:41 +0000, me@privacy.net wrote:
>> >
>> >> I have a simple text file, less than 64KB, containing all the
>> >> unique passwords I use for websites. I want to encrypt it in as
>> >> secure a manner as possible on a Windows XP box. I don't need
>> >> all these other fancy features, just a simple "type in my
>> >> passphrase, see the text file" system. Any recommendations?
>> >> It doesn't need to be free.
>> >
>> >Axcrypt, Twofish (with GUI)
>>
>> Are you saying Axcrypt uses Twofish? The web page at
>> http://www.axantum.com/AxCrypt/Features.html says that
>> it uses AES encryption with 128-bit keys.
>
>A perfect example of why you shouldn't rely on clueless rubes for
>technical information, especially concerning security software..
It is hard to tell which are the clueless rubes when one is himself
a clueless noob...
A google search makes me believe that Axecrypt is a program that
I can download and run, while Twofish is an algorithm that some
programs are based upon. Simply putting the two words in a row
with a comma in between is not clear writing, thus my query as to
the intended meaning.
> On Sun, 17 Feb 2008 16:53:16 +0100 (CET), George Orwell wrote:
>
> >> Like to take me on in a conversation about cryptology?
> >
> > You betcha I do.
>
> SHUDDUP Moron, I wasn't talking to you.
In other words you're tucking tail and running away from your own empty
challenge.
Sebastian G. <seppi@seppig.de> wrote:
>Kristian Gjøsteen wrote:
>
>> rossum <rossum48@coldmail.com> wrote:
>>> I was hoping for something more specific about some sort of attack on
>>> Twofish.
>>
>> No. No attacks are known on Twofish.
>
>Mr. Schneier may not want to acknowledge them, but I think the
>distinguishing attack with 2^52 chosen plaintexts and 2^70 steps is pretty
>serious.
The last time you claimed Twofish broken, the reference you provided
said no such thing. Is this merely a figment of your imagination or
another misreading/mischaracterisation of an honest scientific work?
PS. I'm still waiting for a reference to the claim that AES-256 with 16
rounds is vulnerable to differential cryptanalysis.
Re: TrueCrypt 5.0a - Non KakaWare 
Linear Mode
