Which Drive Encryptor for this?

D

doofus

I am going to be doing some traveling and I need a driver encryption
program to keep the facist nosey TSA out of my data.

But my requirements are kinda dated. I need something that will make
large containers or partitions around 50GB but is accessible under both
windoze 98se and XP. Drivecrypt limits its 98 accessibility to containers
of max. 4 GB-no good for my purposes.

I need something reliable that I can use across different cafe computers
from the usb port without having to install it on each machine also.

Any ideas? Thanks.
 
Y

Yousuf Khan

I am going to be doing some traveling and I need a driver encryption
program to keep the facist nosey TSA out of my data.

But my requirements are kinda dated. I need something that will make
large containers or partitions around 50GB but is accessible under both
windoze 98se and XP. Drivecrypt limits its 98 accessibility to containers
of max. 4 GB-no good for my purposes.

Stop using Windows 98. What's the point in keeping that ancient thing
around, especially when you're travelling.
 
A

Arno

doofus said:
I am going to be doing some traveling and I need a driver encryption
program to keep the facist nosey TSA out of my data.

You do nkow that they can just require you to give them the
passphrase and if you refuse send you back after a few
days of incarceration?
But my requirements are kinda dated. I need something that will make
large containers or partitions around 50GB but is accessible under both
windoze 98se and XP. Drivecrypt limits its 98 accessibility to containers
of max. 4 GB-no good for my purposes.

Unless you drop the win98 requirement, you as likely out of luck.
I need something reliable that I can use across different cafe computers
from the usb port without having to install it on each machine also.

Well. There is nothing usable without installation for win98.
With XP it is difficult. What about using Linux, e.g. a
Knoppix USB-Stick install with encrypted partition (all
standard Knoppix fearures)? That does not require any installation,
just a reboot. And a reboot is a very good idea anyways to get
around spyware on computers not yours.

Arno
 
R

Roger Blake

I am going to be doing some traveling and I need a driver encryption
program to keep the facist nosey TSA out of my data.

You might try Truecrypt (http://www.truecrypt.org). It has the
capability of embedding a hidden encrypted container within an
outer encrypted container in order to provide plausible deniability
if forced by government thugs into revealing your pass code.
However, the earliest version of Windows supported is Windows 2000.
(You mentioned needing Win98 support. That's a problem, almost
nothing runs on Windows 98 any more.) Truecrypt is cross-platform
and also runs on Linux and Max OS-X. I routinely use it for encrypting
data on USB flash drives that needs to be accessible on Windows
and Linux.

--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)

"Climate policy has almost nothing to do anymore with environmental
protection... the next world climate summit in Cancun is actually
an economy summit during which the distribution of the world's
resources will be negotiated." -- Ottmar Edenhofer, IPCC
-----------------------------------------------------------------------------
 
D

DevilsPGD

You do nkow that they can just require you to give them the
passphrase and if you refuse send you back after a few
days of incarceration?

While true, your data is still safe and protected.

Note that "refusing" might actually get you detained longer, and might
violate other laws. Not having the decryption keys in your possession
at all is a safer approach, and can be done by providing the decryption
key to someone trustworthy.

There's different approaches, a single person at your destination (since
forcing them to reveal the key requires due process, whereas as the
border none is required) is the easiest, if you have someone you trust.

Better yet, split the key between someone at your destination and
someone at your country of origin (who is not subject to US law at all),
with both individuals being instructed to only hand over their key when
you confirm arrival at your destination (and the individual at the
destination confirms to the individual at origin that you have arrived
-- Again, the idea is that there's no legal theory that would force
either the individual at the border or at the destination to lie to a
third party, so the most that will happen is the data will be
confiscated and/or the traveler won't be allowed entry)
 
G

gustav

You might try Truecrypt (http://www.truecrypt.org). It has the
capability of embedding a hidden encrypted container within an
outer encrypted container in order to provide plausible deniability
if forced by government thugs into revealing your pass code.
However, the earliest version of Windows supported is Windows 2000.
(You mentioned needing Win98 support. That's a problem, almost
nothing runs on Windows 98 any more.) Truecrypt is cross-platform
and also runs on Linux and Max OS-X. I routinely use it for encrypting
data on USB flash drives that needs to be accessible on Windows
and Linux.
thanks for your reply one of the few that attempted to answer the
questions. someone here suggested an earlier version of truecrypt might
support 98se? do you happen to know for certain if earlier versions don't
support 98se? also do you know if it might support larger partitions or
containers?
 
L

loopey

While true, your data is still safe and protected.

Note that "refusing" might actually get you detained longer, and might
violate other laws. Not having the decryption keys in your possession
at all is a safer approach, and can be done by providing the decryption
key to someone trustworthy.

There's different approaches, a single person at your destination (since
forcing them to reveal the key requires due process, whereas as the
border none is required) is the easiest, if you have someone you trust.

Better yet, split the key between someone at your destination and
someone at your country of origin (who is not subject to US law at all),
with both individuals being instructed to only hand over their key when
you confirm arrival at your destination (and the individual at the
destination confirms to the individual at origin that you have arrived
-- Again, the idea is that there's no legal theory that would force
either the individual at the border or at the destination to lie to a
third party, so the most that will happen is the data will be
confiscated and/or the traveler won't be allowed entry)

actually i think a safest approach is to wipe the drive after uploading ur
data to an online storage site (maybe TSA in disguise, my God, we're never
safe).
 
A

Arno

actually i think a safest approach is to wipe the drive after uploading ur
data to an online storage site (maybe TSA in disguise, my God, we're never
safe).

If you run your own server, it will either already be compromised
or safe. But, yes, I completely agree that this is the right
approach. In fact I have a laptop "travel" drive for the US
that only has a clean OS install (Linux and XP) on it.

Arno
 
A

Arno

You might try Truecrypt (http://www.truecrypt.org). It has the
capability of embedding a hidden encrypted container within an
outer encrypted container in order to provide plausible deniability
if forced by government thugs into revealing your pass code.

While nice in theory, and certainly well implemented in
TrueCrypt, the problem is that the TrueCrypt documentation
mentions the possibility. So what they will do is to
just sent you for a few years to Gitmo and if you have
not revealed the second passphrase by then (either because
you are sutubborn or becasue there is none), it will not
really matter.

In fact, when crossing the US border with TrueCrypt as
protection, I strongly advise to have the hidden container
configured and the second passphrase ready to hand over...

The problem is that nothing bad happens to them when they
torture you to hand over something you do not actually have,
as long as they have a reasonable suspicion. The TrueCrypt
handbook gives them that. Also see http://xkcd.com/538/

So what to do? I think the only thing reasonable is to
not have encrypted data on your person in an US border
cross. This also means wiping free space with zeros,
(not random data) just to be sure. Then store the data
in encrypted form on the net somewhere safe, download
and decrypt after the border cross. Before crossing the
border again, wipe all data by overwriting with zeros.

Side note: Incredible. I would have expected these
measures to be necessary when going into the USSR of
old, but not ever for the US. How times can change...
However, the earliest version of Windows supported is Windows 2000.
(You mentioned needing Win98 support. That's a problem, almost
nothing runs on Windows 98 any more.) Truecrypt is cross-platform
and also runs on Linux and Max OS-X. I routinely use it for encrypting
data on USB flash drives that needs to be accessible on Windows
and Linux.

It is a good product. Cross-platform support is limited to
normal containers, OS encryption is only available on Windows.
However there it is really done right: You can transparently
encrypt (and permenanetly decrypt if needed) an exisitng
OS installation. Did that recently for the Win7 partition
of my work Laptop. For Linux I use dm-crypt or LUKS.

Arno
 
A

Arno

Stop using Windows 98. What's the point in keeping that ancient thing
around, especially when you're travelling.

Indeed. Or maybe virtualize it and use it inside vmware player
or some other vortualization environment.

Arno
 
A

Alfonson

Arno said:
You do nkow that they can just require you to give them the
passphrase and if you refuse send you back after a few
days of incarceration?


Unless you drop the win98 requirement, you as likely out of luck.


Well. There is nothing usable without installation for win98.
With XP it is difficult. What about using Linux, e.g. a
Knoppix USB-Stick install with encrypted partition (all
standard Knoppix fearures)? That does not require any installation,
just a reboot. And a reboot is a very good idea anyways to get
around spyware on computers not yours.

Arno

You're partly wrong. Drivecrypt works under 98SE but only for containers up
to 4GB. Under XP it will do partitions much larger. Also many cafes disable
usb boot so there goes your idea of using a linux usb stick. Drivecrypt has
a mode that does not require installation for access to the encrypted
volumes.
 
B

byanyothername

Arno said:
If you run your own server, it will either already be compromised
or safe. But, yes, I completely agree that this is the right
approach. In fact I have a laptop "travel" drive for the US
that only has a clean OS install (Linux and XP) on it.

Arno

(just in case you don't like bellsouth)

You're partly wrong. Drivecrypt works under 98SE but only for containers
up to 4GB. Under XP it will do partitions much larger. Also many cafes
disable usb boot so there goes your idea of using a linux usb stick.
Drivecrypt has a mode that does not require installation for access to
the encrypted volumes.
 
R

Roger Blake

While nice in theory, and certainly well implemented in
TrueCrypt, the problem is that the TrueCrypt documentation
mentions the possibility. So what they will do is to
just sent you for a few years to Gitmo and if you have
not revealed the second passphrase by then (either because
you are sutubborn or becasue there is none), it will not
really matter.

There is no way for them to know whether there is a second container.
For that matter, there is no way for them to know on any given computer
whether there is a Truecrypt container at all. You don't need to have
Truecrypt resident on the machine. You could have the container in
some innocuous file buried deep in the filesystem and the program files
needed for decryption on a remote server that you can download later
after you get through Checkpoint Charlie.

--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)

"Climate policy has almost nothing to do anymore with environmental
protection... the next world climate summit in Cancun is actually
an economy summit during which the distribution of the world's
resources will be negotiated." -- Ottmar Edenhofer, IPCC
-----------------------------------------------------------------------------
 
D

DevilsPGD

In message <[email protected]> Roger Blake
There is no way for them to know whether there is a second container.

Which means if they assume there is one, you can't prove otherwise.
For that matter, there is no way for them to know on any given computer
whether there is a Truecrypt container at all. You don't need to have
Truecrypt resident on the machine. You could have the container in
some innocuous file buried deep in the filesystem and the program files
needed for decryption on a remote server that you can download later
after you get through Checkpoint Charlie.

All the more reason why having a container and a second container within
is a good way to go, preferably with something legal but socially
embarrassing, under the theory that they'll find your dirty little
secret and move on.
 
A

Arno

There is no way for them to know whether there is a second container.

Yes. But do they need to care? My point is they can just
procceed on the assumption that there is one, becasue after
all "its the feature why somebody would use TrueCrupt".
No matter that this is not the truth.
For that matter, there is no way for them to know on any given computer
whether there is a Truecrypt container at all.

Depends. If encrypted OS is used, it is rather obvious. If not,
the TrueCrypt binaries will be installed. If it is really just
the container and no software _and_ the container is not
mapped to a file (no idea how to do that under Windows),
then they can still find out that there is possible encrypted
data, and procceed on the assumption that there is indeed.
Hence my statement that any unused space should be overwritten
wit zeros and not random data.
You don't need to have
Truecrypt resident on the machine. You could have the container in
some innocuous file buried deep in the filesystem

Not good. Compressed data and possibly encrypted data can
distinguished automatiovally (by detecting the compresseion
algorithm, of which there are not so many). Entropy of good
compressed date is close to encrypted data, but there is still
structure.
and the program files
needed for decryption on a remote server that you can download later
after you get through Checkpoint Charlie.

If the encrypoted container is small, this may work. But in that
case why not have the whole data on that remote server? If the
encrypted data is larger, this will draw attention on any
reasonable autometed search.

Bottom line: Encryption only really protects you if they do not
have the right to demand the key. That is why this freedom is so
important. Look at the UK: If you claim to have forgotten the key,
or if you use my method of blanking disk drives (map in cryptsetup
with random key and then overwerite with zeros), and they have
any uspicion (which is easy to generate or fake, nobody says they
are playing fair and often they do not), you can go to prison for
a few months. This can happen to you for doing something that
only _looks_ like plausible deniability. Just call you a
"terror sympathiser" or something like that and it will be easy to
do to you. And they even have motive: If nobody dares to use
the plausible deniability defense, their job gets easier.

Arno
 
R

Roger Blake

Yes. But do they need to care? My point is they can just
procceed on the assumption that there is one, becasue after
all "its the feature why somebody would use TrueCrupt".
No matter that this is not the truth.

Then you are screwed for simply carrying any computer or storage
device. Since there is no way to know for certain whether there is encrypted
data present those in power may simply assume away as they please.

It is important to assess the level of threat in order to take appropriate
measures. TSA thugs tend to be poorly-trained equal-opportunity employees
who will be looking for obvious signs of contraband or other suspicious items.
They are not equipped to perform a full forensic analysis of every system
that crosses their path, they are looking for imbeciles who have obvious
pirated movies or kiddie porn stored openly. For the ordinary traveler
if you don't give them a reason to search for encrypted data they are not
likely to discover it is there.

Of course one must be more creative when dealing with higher-up thugs who
have more authority and means at their disposal.

--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)

"Climate policy has almost nothing to do anymore with environmental
protection... the next world climate summit in Cancun is actually
an economy summit during which the distribution of the world's
resources will be negotiated." -- Ottmar Edenhofer, IPCC
-----------------------------------------------------------------------------
 
A

Arno

Then you are screwed for simply carrying any computer or storage
device. Since there is no way to know for certain whether there is encrypted
data present those in power may simply assume away as they please.

It is actually very simple to show the converse. If there is no
random-looking data that compresses badly and is not obviously
compressed, then there is no encrypted data (disregarding
steganography). A Truecrypt container is rather visible and
can be automatically detected.
It is important to assess the level of threat in order to take appropriate
measures. TSA thugs tend to be poorly-trained equal-opportunity employees
who will be looking for obvious signs of contraband or other suspicious items.
They are not equipped to perform a full forensic analysis of every system
that crosses their path, they are looking for imbeciles who have obvious
pirated movies or kiddie porn stored openly. For the ordinary traveler
if you don't give them a reason to search for encrypted data they are not
likely to discover it is there.

Or they may have some neat "contraband analyzer" that they will
require you to boot from. Reportedly, UK customs already did
that some time ago. Of course thay will only do that after
singeling you out for extra screening.
Of course one must be more creative when dealing with higher-up thugs who
have more authority and means at their disposal.

I strongly advise against any "creativity". You are in a "no civil
rights" zone when dealing with US immigration and customs.

Arno
 
J

Jim Brown

Arno said:
Yes. But do they need to care? My point is they can just
procceed on the assumption that there is one, becasue after
all "its the feature why somebody would use TrueCrupt".
No matter that this is not the truth.


Depends. If encrypted OS is used, it is rather obvious. If not,
the TrueCrypt binaries will be installed. If it is really just
the container and no software _and_ the container is not
mapped to a file (no idea how to do that under Windows),
then they can still find out that there is possible encrypted
data, and procceed on the assumption that there is indeed.
Hence my statement that any unused space should be overwritten
wit zeros and not random data.


Not good. Compressed data and possibly encrypted data can
distinguished automatiovally (by detecting the compresseion
algorithm, of which there are not so many). Entropy of good
compressed date is close to encrypted data, but there is still
structure.


If the encrypoted container is small, this may work. But in that
case why not have the whole data on that remote server? If the
encrypted data is larger, this will draw attention on any
reasonable autometed search.

Bottom line: Encryption only really protects you if they do not
have the right to demand the key. That is why this freedom is so
important. Look at the UK: If you claim to have forgotten the key,
or if you use my method of blanking disk drives (map in cryptsetup
with random key and then overwerite with zeros), and they have
any uspicion (which is easy to generate or fake, nobody says they
are playing fair and often they do not), you can go to prison for
a few months.

No you can't.
This can happen to you for doing something that
only _looks_ like plausible deniability. Just call you a
"terror sympathiser" or something like that and it will be easy to
do to you.

They can't jail you for that.

The most they can do is delay your movement thru customs etc.
 
J

Jim Brown

Arno said:
It is actually very simple to show the converse. If there is no
random-looking data that compresses badly and is not obviously
compressed, then there is no encrypted data (disregarding
steganography). A Truecrypt container is rather visible and
can be automatically detected.


Or they may have some neat "contraband analyzer" that they will
require you to boot from. Reportedly, UK customs already did
that some time ago. Of course thay will only do that after
singeling you out for extra screening.


I strongly advise against any "creativity". You are in a "no civil
rights" zone when dealing with US immigration and customs.

Thats a lie. The worst they can do is refuse you entry to their country.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top