Sebastian G. wrote:

Actually, on Linux I think this is fixed. You have to authenticate as
the "owner" of a volume before giving any system passwords necessary
for mounting that volume. It use to be the other way around.

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

nemo_outis wrote:

Tell you what, why don't you go right ahead and shrink your main
bootable partition on your first hard drive and create another
partition on that drive (if you don't have one there already) and then
use Truecrypt to encrypt that entire drive as a single device so the
entire disk IS encrypted. Let us know how that works out for you.

Hope you have backups.

Bah! Dozens of things move/alter the partition table Nemo, for all
sorts of reasons.

That sounds like a straw grab. And in some cases like someone stealing
your 'puter it's actually a GOOD thing. It's your encryption software
keeping your data out of the hands of a thief in a real permanent way.

If you're using WD encryption and ignore some utility run from a boot
floppy or whatever telling you that it doesn't recognize your drive and
something bad happens I'd call that PEBKAC. If someone else does it you
either have a lack of communication, or a lack of physical security and
the software is covering your ass.

You may not see it as a serious threat, but others are free to disagree
with that opinion. Myself included. In the context of these groups and
recent discussions we've been having about things like RIPA and forced
divulging of passwords, knowing that you need two or more passwords to
get at everything rather than one is a DISTINCT advantage for anyone
bringing the weight of that law to bear against you.

Yeah, nobody's saying anything different. In fact nobody's even talking
about that aspect of WD/OTFE encryption Nemo. Why are you?

Doesn't Truecrypt have a built in mechanism for doing just that? I
think if you read the docs you see something about rescue CD's.

If you knew you were wrong, then why did you make the post?

Casper wrote:

Actually, in this case the two things are the same if you're talking
about being able to access your boot partition. That's what the
pre-boot authentication does... set up OTFE access for that drive. It
absolutely *is* encrypted, and looks like random data to anyone with a
LiveCD or whatever.

George Orwell <nobody@mixmaster.it> wrote in
news:d7ac7fb60c39b076fbe85e54bf4ba496@mixmaster.it :

Ah, the first of the whiners and cavillers has arrived. ...with a
farrago of nonsense. ...just as I predicted.


Are you usually this thick? Yes, even though you have a whole-disk
encryption program you can choose not to encrypt some partitions - or any
of them for that matter. However, choosing not to use the program's
capability for whole-disk encryption doesn't make it one whit less a
whole-disk encryption program.

As for a boot drive's partition table, some full HD OTFE programs may
encrypt it, while others may not - just as I said. For instance,
Bestcrypt Volume Encryption (one of the better commercial full-HD OTFE
programs) does NOT encrypt the partiton table on a fully encrypted hard
drive - I have just confirmed this with a number of partition managers
(using Hiren v9.3).

Why? Because encrypted partition tables are just asking for trouble from
some program that doesn't recognize that the disk is not trashed (i.e.,
one that misinterprets an encrypted partition table as a corrupted one).

Just as I said.

The benefit from encrypting the partition table? None!

It does not hide the fact that you are using encryption - that's already
instantly discernible by the presence of the encryption programs's
unencrypted executable stub code on track 0.

As for an unencrypted partition table disclosing info, that trivial info
is useless for decrypting the contents of the partitions or even
inferring the nature of what is contained in them.

As for Truecrypt supposedly not being a whole-disk encryption program,
that's just plain wrong. With the release of Version 5 Truecrypt is now
a full-fledged whole-disk encryption program, capable of encrypting any
or all of the partitions on any of the hard drives in a system, including
the boot/system one. Of course, Truecrypt does have an unencrypted stub
on track zero - as do ALL other whole-disk OTFE encryption programs.

Just as I said.

....additional rambling nonsense mercifully snipped...

Regards,

Nomen Nescio <nobody@dizum.com> wrote in
news:8bfad53b8d4b69cd8d27311d874867f6@dizum.com:

You really are a whining caviller. However, lest others be misled, I will
explain why I am 100% correct.

You see, the space on a HD, as conventionally set up, consists entirely of
the following: the boot track and one or more partitions. (This excludes
the rare cases where there is unallocated unpartitioned space on the drive,
and arcana such as the HPA and manufacturer's reserved space).

So, if you encrypt all partitions on such a drive (as Truecrypt v5 now
allows you to do, even if it is the boot/system drive) you have encrypted
the **whole drive** - with the exception, of course, of the small
unencrypted bootstub info on track 0 - just as with ALL other whole-disk HD
OTFE encryption programs.

Just as I said.

Regards,

George Orwell wrote:



Your speculation is going into the wrong direction. The undisclosed
privilege escalation I'm talking about requires only to run a specially
crafted program with non-root privileges by a logged-on user (which might
potentially be compromised). The result is that the program gains root
privileges.

Indeed, the attack works quite well if the malicious program uses
TrueCrypt's official code to create a fresh file container volume without
caring for its content.

nemo_outis wrote:



If you're not using the pre-boot stuff, then TrueCrypt can encrypt the
entire volume including the MBR with its partition table.

"Sebastian G." <seppi@seppig.de> wrote in
news:610sj2F1qodjmU2@mid.dfncis.de:

There must - necessarily! - be a small amount of unencrypted code on the
boot/system volume. This is invariably located on track 0.

Regards,

nemo_outis wrote:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I underlined you something. Full disk encryption doesn't necessarily imply
that the encrypted volume is a boot/system volume.

"Sebastian G." <seppi@seppig.de> wrote in
news:610vsoF1rnd8cU1@mid.dfncis.de:



This is true albeit somewhat banal. Any Windows OTFE program capable of
encrypting partitions has long been able to encrypt all the partitions on
all drives - with the sole exception of the boot partition on the system
drive. That was the last hurdle for Truecrypt, one which v5 has now
cleared.

Truecrypt (for v5 as for previous versions) represents in its documentation
that it does NOT change in any way (much less encrypt) the partition table
on a drive on which Truecrypt partitions reside (i.e., does not encrypt it
and has no special Truecrypt signature byte). I heven't checked whether
this is indeed so in all cases.

Regards,

nemo_outis wrote:



Maybe this statement was confusing: TrueCrypt can encrypt entire drives and
mount it as a raw volume. Within this volume, you can create a partition
table and associated partitions, which may or may not be additionally
encrypted, or you may put there whatever you want.

An attacker seeing the raw encrypted volume will only perceive random
garbage at the place where the partition table would reside, and indeed one
must be very careful to not run any partitioning tools with admin privileges
while the raw volume is not mounted.

Sebastian G. wrote:

It "can", but that's a destructive process and there's absolutely no
way to bootstrap any operating system that you might install after the
fact.

You guys aren't thinking this through.

Anonymous wrote:
I would have thought that this is not an issue with TrueCrypt, because
the hidden partition is within the free space of another encrypted
partition and thus doesn't show up anywhere else?

Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> writes:
Au contraire. Sebastian's thought this through in its
entirety, it's just that you're all taking a long time
to catch up.

Your "that's a destructive process" is either meaningless
or wrong. Your "there's absolutely no way to bootstrap any
operating system" is completely false. Boot of another
medium. Trivial.

_Any_ container for an encrypted file system will break
the contained file system if tampered with. That applies
exactly equally to an entire disk as it does to a single
file sitting within an arbitrary other file system.

Please try to keep up.

Phil
--
Dear aunt, let's set so double the killer delete select all.
-- Microsoft voice recognition live demonstration

Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> writes:
I don't know anything about truecrypt and haven't been following this
discussion, but I've often wanted to encrypt my laptop's internal hard
drive like that. The only way to boot would be from another drive,
and I'd use a usb pen drive for that purpose.

Casper wrote:
be encrypted. This doesn't answer my question though. Do any data leak
into the non-user partitions? I had heard that some shyster companies
use these partitions for their nefarious 'DRM' so I spose it is
possible, but not if Truecrypt is in control of where all the data are
going?

Something has to be unencrypted somewhere, otherwise the disk will be
unusable. Some programs might overcome this by taking care of that
business themselves, but surely that is just moving the same risk elsewhere?

Andy

Cyberiade.it Anonymous Remailer wrote:


Maybe you're just stupid. Why do you narrow your views to one drive? You can
have two or more. One contains the operating system, does the pre-boot stuff
and has an identifyable partition table. The second drive is meant to store
data, and is fully encrypted, including the partition table.

On 7 Feb 2008 16:00:31 +0100, Cyberiade.it Anonymous Remailer wrote:

Hell, let's hope this is one step back which proceeds several forward. I
admire those guys, I hope they haven't fallen over a cliff.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

nemo_outis wrote:

Talk about thick... you don't even have the slightest clue what whole
disk encryption really is. Got some more bad news for you sonny.
Bestcrypt ain't on that list. That's right, it's not whole disk either.

*snicker*

You've been making a supreme fool of yourself all this time, puffing
your chest and calling other people stupid in your usual self
aggrandizing way, so just to rub your nose in it here's the current
contenders as of 11/09/2007.

http://www.full-disc-encryption.com/...ncryption.html

Read'm and weep, bitch. Maybe some day you'll learn to not be
such an arrogant jackass.


Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell <nobody@mixmaster.it> wrote in
news:a6b52b3f53d8d9e5e5666d21fd185ed6@mixmaster.it :

Another bit of stupidity from you, you mouthbreathing twit.

Bestcrypt Volume Encryption for Windows is among the most advanced full-HD
OTFE encryption systems. Not only can it encrypt all HD partitions on all
HDs (including the boot/system one) it supports complete encyption of
spanned, mirrored, and striped volumes, as well as RAID 5 volumes. It also
supports physical tokens in addition to a password/passphrase for
additional security.

http://www.jetico.com/bcve.htm

Now do be a good little moron and fuck off.

Regards,