Five hours plus...
Dec. 5th, 2005 09:42 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
alexpgp...of sleep, I think. Maybe even six. I can function at that level.
My inbox contains no responses to any of the emails I sent before hitting the hay, which signifies... nothing much at all. No news, as they say, is good news.
* * * TrueCrypt is an interesting open source application that claims to deliver a high-quality solution to the issue of data encryption. I say "claims" because nobody in their right mind ever offers a program to explicitly provide crappy encryption, and yet the history - particularly the early history - of microcomputing is littered with the corpses of encryption programs that came with impressive marketing materials but truly awful, mickeymouse algorithms.
Basically, TrueCrypt operates by creating a data file - call it a metafile - that is then "mounted" as a disk on your computer (shows up with its own letter 'n everything in MyComputer). This metafile contains data that - to all intents and purposes - appears random whether or not you've got any data in it to encrypt. When you save files to the mounted TrueCrypt disk (i.e., to the drive that is the metafile), the data in the metafile still looks like a bunch of random data. According to the documentation, there is no information saved with the metafile that gives any clue as to what kind of data is in the file or what kind of encryption algorithm was used to create the encrypted data.
What I find appealing about this approach is the ability to have multiple such metafiles that can be stored off-site (indeed, there's a beta service out there called Mozy that will store up to 2 GB of data for you for free, but even though they say they encrypt the data to keep it from the eyes of prying third parties, the True Paranoid™ will want to encrypt any such data before the Mozy software gets its grubby little subroutines on it, but I digress...).
As I mentioned, lots of encryption programs that have been touted as having "unbreakable" encryption have been subsequently shown to be not so unbreakable, to one extent or another. (Even the venerable Pretty Good Privacy program has come in for its share of criticism.) So, on a whim, a few minutes ago I searched Google to see what kinds of critical assessments of TrueCrypt had been published recently. I've saved the page offline, to be pursued at a time when I have little else to do.
One incidental that did amuse me was a comment by one Nitesh Dahnjani regarding the application's capability for creating a so-called "hidden volume."
The "hidden volume" feature takes advantage of the fact that the entire metafile looks like a collection of random data. (In other words, the result of storing a 1K file inside a 100 MB metafile looks pretty much the same storing 99.9 MB of files inside the same file.) Given this fact, the application has the capability of creating a second random-looking file within the metafile that can also be used to store data. (Is your head dizzy yet? Hang on, we're almost there!)
The idea here is that you could encrypt the Really Important Stuff™ in the hidden volume, along with some files that merely Look Important™ in the "standard" volume. Theoretically, faced with a choice of giving up the password to your encrypted file or, say, one or two fingers, you can reluctantly blurt out the password that gives the Bad Guys™ only the innocuous files, and who's to know that there may actually be additional encrypted files in the volume?
Answers Nitesh: Anyone who has read the documentation!
This means, BTW, that if you have not created a hidden volume within the standard file, your Honorable Adversary™ will probably feel obligated to break out (and use) the battery cables, tin snips, and other assorted doodads in an honest, due-diligence effort to get that other - and, sadly, nonexistent - password from you.
Quoting Hannibal Lector, "Goody, goody."
How did I get off on that tangent? I need to get ready to go to work.
Cheers...
My inbox contains no responses to any of the emails I sent before hitting the hay, which signifies... nothing much at all. No news, as they say, is good news.
Basically, TrueCrypt operates by creating a data file - call it a metafile - that is then "mounted" as a disk on your computer (shows up with its own letter 'n everything in MyComputer). This metafile contains data that - to all intents and purposes - appears random whether or not you've got any data in it to encrypt. When you save files to the mounted TrueCrypt disk (i.e., to the drive that is the metafile), the data in the metafile still looks like a bunch of random data. According to the documentation, there is no information saved with the metafile that gives any clue as to what kind of data is in the file or what kind of encryption algorithm was used to create the encrypted data.
What I find appealing about this approach is the ability to have multiple such metafiles that can be stored off-site (indeed, there's a beta service out there called Mozy that will store up to 2 GB of data for you for free, but even though they say they encrypt the data to keep it from the eyes of prying third parties, the True Paranoid™ will want to encrypt any such data before the Mozy software gets its grubby little subroutines on it, but I digress...).
As I mentioned, lots of encryption programs that have been touted as having "unbreakable" encryption have been subsequently shown to be not so unbreakable, to one extent or another. (Even the venerable Pretty Good Privacy program has come in for its share of criticism.) So, on a whim, a few minutes ago I searched Google to see what kinds of critical assessments of TrueCrypt had been published recently. I've saved the page offline, to be pursued at a time when I have little else to do.
One incidental that did amuse me was a comment by one Nitesh Dahnjani regarding the application's capability for creating a so-called "hidden volume."
The "hidden volume" feature takes advantage of the fact that the entire metafile looks like a collection of random data. (In other words, the result of storing a 1K file inside a 100 MB metafile looks pretty much the same storing 99.9 MB of files inside the same file.) Given this fact, the application has the capability of creating a second random-looking file within the metafile that can also be used to store data. (Is your head dizzy yet? Hang on, we're almost there!)
The idea here is that you could encrypt the Really Important Stuff™ in the hidden volume, along with some files that merely Look Important™ in the "standard" volume. Theoretically, faced with a choice of giving up the password to your encrypted file or, say, one or two fingers, you can reluctantly blurt out the password that gives the Bad Guys™ only the innocuous files, and who's to know that there may actually be additional encrypted files in the volume?
Answers Nitesh: Anyone who has read the documentation!
This means, BTW, that if you have not created a hidden volume within the standard file, your Honorable Adversary™ will probably feel obligated to break out (and use) the battery cables, tin snips, and other assorted doodads in an honest, due-diligence effort to get that other - and, sadly, nonexistent - password from you.
Quoting Hannibal Lector, "Goody, goody."
How did I get off on that tangent? I need to get ready to go to work.
Cheers...
