DingleBerries Posted January 14, 2009 Share Posted January 14, 2009 I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example. Make Folder/Partition Encrypt Data Set Passwords Password 1 == Gain Rights to drive with all data Password 2 == Gain Rights to the drive but with different data So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1. Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking. Quote Link to comment Share on other sites More sharing options...
nullArray Posted January 14, 2009 Share Posted January 14, 2009 I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example. Make Folder/Partition Encrypt Data Set Passwords Password 1 == Gain Rights to drive with all data Password 2 == Gain Rights to the drive but with different data So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1. Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking. Mac/PC/Linux? If Mac, you can create an 256-bit AES encrypted disk image very simply in Disk Utility. Otherwise I can't help you besides what my GoogleFu turns up. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 14, 2009 Share Posted January 14, 2009 I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example. Make Folder/Partition Encrypt Data Set Passwords Password 1 == Gain Rights to drive with all data Password 2 == Gain Rights to the drive but with different data So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1. Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking. FAIL if you are using a program to obfuscate your data that specificity touts this feature... Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted January 14, 2009 Author Share Posted January 14, 2009 Either on Linux or Windows. Encrypting the Disk isnt hard, but doing it so that 1 Password gives on thing and another gives something completely different is another thing. I understand that if the program says it can do that then someone may get suspicious, however how are they to know which password i gave them? Quote Link to comment Share on other sites More sharing options...
digip Posted January 14, 2009 Share Posted January 14, 2009 I think TrueCrypt does this. You can have a partition that has one password for one set of data, and another to access a hidden share within that one. So one can be seen and requires a password, the other can not be seen and requires a different password to unhide and unlock it. Mubix covered this in the first episode the talked about TrueCrypt way back in like season 2 I think. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 14, 2009 Share Posted January 14, 2009 I understand that if the program says it can do that then someone may get suspicious, however how are they to know which password i gave them? You lost your plausible deny ability by showing that there is hidden data. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 14, 2009 Share Posted January 14, 2009 Put everything on a MicroSD card and hide it in your hair, or between your gum and your cheek. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted January 14, 2009 Author Share Posted January 14, 2009 Put everything on a MicroSD card and hide it in your hair, or between your gum and your cheek. lol i have one and could do that Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted January 14, 2009 Share Posted January 14, 2009 TrueCrypt will do this this (see "truecrypt hidden volumes"), just be sure not to write to much data or you may erase data in the 'hidden volume', plus TrueCrypt works on almost any OS. Quote Link to comment Share on other sites More sharing options...
vector Posted January 15, 2009 Share Posted January 15, 2009 ok so on my verbatim stor n go flash drives they have a little encryption app called v-safe.exe. it basically creates a hidden partition called private. so when you plug the drive in youll only have access to the public area, then you can run the v-safe app and it will prompt you for the password, after that youll be able to see the files in the private area. so you could keep some files in the pirvate partition and then you could encrypt the whole flash drive with any other encryption method. Quote Link to comment Share on other sites More sharing options...
stingwray Posted January 15, 2009 Share Posted January 15, 2009 As previously mentioned True Crypt will do this for you. True crypt first encrypts the stuff you want (disk/folder/file) then will create a second hidden encryption section inside the first. Because encrypted data is designed to look like random data, the theory is that you have plausible denability as you can give people the first and say look, its my Tax Returns. Quote Link to comment Share on other sites More sharing options...
loftrat Posted January 15, 2009 Share Posted January 15, 2009 I'm using TrueCrypt for this very purpose at the moment. Works very well. Quote Link to comment Share on other sites More sharing options...
loftrat Posted January 15, 2009 Share Posted January 15, 2009 Perhaps the crew might like to do a Seg on it? :D Quote Link to comment Share on other sites More sharing options...
digip Posted January 15, 2009 Share Posted January 15, 2009 Perhaps the crew might like to do a Seg on it? :D They already have like 2 years ago. http://www.hak5.org/episodes/season2-episode8 Quote Link to comment Share on other sites More sharing options...
Deathknight93 Posted February 3, 2009 Share Posted February 3, 2009 TrueCrypt is more or less the best......why would you want to give the viewer the feeling that its encrypted n all why not just hide it in an image or something copy / b abc.jpg+abc.rar output.jpg or something....or crypt it into an unknown format... Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted February 3, 2009 Author Share Posted February 3, 2009 TrueCrypt is more or less the best......why would you want to give the viewer the feeling that its encrypted n all why not just hide it in an image or something copy / b abc.jpg+abc.rar output.jpg or something....or crypt it into an unknown format... Because rarmages have been around for a loooooong time and most police/law enforcement agencies look there first for child porn, that is the most common way of distributing it. Also if I have 2.8GB of imformaion to hide, im sure a jpeg of that size will send flags off right way. Crypting into an unknown format may be good, however I do not posses the skills to code something like that. If you mean rename the .rar to a .unk then the hex dump would be a dead give away. I went with Vectors program and truecrypt and so far have no qualms. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted February 5, 2009 Share Posted February 5, 2009 Yeah, use truecrypt and its great. You can use multiple keyfiles in addition to passwords and hidden volumes for extra security. As far as giving it an extension goes for hiding, give it like a .doc extension. Opening it probably wouldn't even work with word/wordpad. Quote Link to comment Share on other sites More sharing options...
str33ts0ld13r Posted February 5, 2009 Share Posted February 5, 2009 obviously you want to use multiple layers of cryptography and hidden volumes for your data but there needs to be a legit reason for your data being there and consuming that much space. as SomethingToChatWith said it by renaming it a doc file it wont open in simple editors but if your going through this much work already your opponent wont be using wordpad. the answer to this is rare formats that consume lots and lots of space. and you can always hide it in a .rar file then tuck then in an iso or something.. encryption is just a game of hide and seek. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted February 5, 2009 Share Posted February 5, 2009 Better yet give it a .exe extension to really throw 'em for a loop :) But that doesn't matter. You can make an additonal container inside the hidden volume within the outside volume for even more security and TC already offers up to three types of encryption on a single volume as it is. Slower, but def. secure. Quote Link to comment Share on other sites More sharing options...
Trajik Posted February 10, 2009 Share Posted February 10, 2009 I also agree that Trucrypt is the best option for this. But before everyone gets head over heals, you still need to have long-arse pass phrase otherwise your security is kind of pointless. Have a read of this article before using it. http://www.shortinfosec.net/2009/02/cracki...-container.html Also, bundling it with other crypto methods is a good idea. Quote Link to comment Share on other sites More sharing options...
stingwray Posted February 10, 2009 Share Posted February 10, 2009 Also, bundling it with other crypto methods is a good idea. What do you mean by other "crypto methods"? Because encrypting a file with algorithm1 and passphrase1, then with algorithm2 and passphrase2, is no more secure than using just one of the algorithms and passphrase1+passphrase2 (if the algorithms are secure). You just end up slowing down your encryption and decryption more because you have to do it twice, where with a longer passphrase you get the same security and it takes no longer. If your worried about an algorithm being found to be insecure, then on evidence of this, switch algorithm then, it'll take a little time switching but you will have gained that time back by not having to make two passes using two algorithms. Theres really no need at the moment for anything more than AES-256, if you need stronger encryption at that point (to stop the NSA from reading your information for instance) then you need to look into other aspects of security to secure your data. Quote Link to comment Share on other sites More sharing options...
Trajik Posted February 10, 2009 Share Posted February 10, 2009 What do you mean by other "crypto methods"? Because encrypting a file with algorithm1 and passphrase1, then with algorithm2 and passphrase2, is no more secure than using just one of the algorithms and passphrase1+passphrase2 (if the algorithms are secure). You just end up slowing down your encryption and decryption more because you have to do it twice, where with a longer passphrase you get the same security and it takes no longer. If your worried about an algorithm being found to be insecure, then on evidence of this, switch algorithm then, it'll take a little time switching but you will have gained that time back by not having to make two passes using two algorithms. Theres really no need at the moment for anything more than AES-256, if you need stronger encryption at that point (to stop the NSA from reading your information for instance) then you need to look into other aspects of security to secure your data. Well not exactly 'different' crypto. But yeah you have a point. You would use the best method (or most secure) of encryption available to you, then why bother with wrapping anymore with anything less secure? Well i guess you wouldn't, you would use the same. But my point is that a method like that wprks purely for a time constraint point of view. Say you are trying to crack a password... at what point will you give up and say "bad luck, i couldn't crack it"? 1 week? 3 months? A year? If you have a trucrypt volume with say, a 16 character passphrase. Then inside that you have another truecrypt volume (same crypto or not) with a different 20 character passphrase (obviously would have a different hash, was created at a different time), then it WILL make it 'harder' to crack because you have only gotten half way if/once you crack the first container. And how long did that take? Who knows how long the second one will take? Will there be more encrypted containers inside this one? Obviously if you don't want government agencies getting to your stuff, you have a lot of other things to think about than encryption (yes, they probably already have those files archived off somewhere and have a nice meta search cluster at the ready to find anything on you at any time). But i believe that by having multiple encryptped volumes or containers inside each other, all with different (obviously long, random) pass-phrases, and all created with different hashes, the chance of cracking your way through each one will take longer and longer. Not really practical for every day file use like you state. But if you worked on the files maybe a couple of times a week, having to enter a few different passphrases at different levels may be worth while. All depends on where you draw the line from security/usability and is it worth while. --just for fun-- And i guess for tinfoil paranoia fun you could say, have your linux partitions encrypted automaticly, then use an encryption program to do its own full disk encryption, then create a virtual machine on that host. Install an OS with disk encryption. Inside the VM make numerous serpeate encrypted volumes with differernt passphrases, then have your files at the root of it all (inside the containers which are inside the VM). Shut down the VM. Create an encrypted container, move the VM inside that. Then move that container inside a few more containers. Oh and of course, the actual data you are protecting is a stenography file passworded with RAR then residing in a PGP file. Haha i'd actually be curious to see how fucking slow working with that would be :) --maybe not so fun-- Quote Link to comment Share on other sites More sharing options...
stingwray Posted February 10, 2009 Share Posted February 10, 2009 If you have a trucrypt volume with say, a 16 character passphrase. Then inside that you have another truecrypt volume (same crypto or not) with a different 20 character passphrase (obviously would have a different hash, was created at a different time), then it WILL make it 'harder' to crack because you have only gotten half way if/once you crack the first container. And how long did that take? Who knows how long the second one will take? Will there be more encrypted containers inside this one? Actually your making it considerably easier for me to crack. Proof: You have one encrypted container which contains another encrypted container, passphrase1 for the first, passphrase2 for the second. The passphrases are both n bits long. To check all the passphrases for one of them you need to check 2^n passphrases. Ignoring the probability of finding it within half of that normally. This means to crack both the containers I need to check 2x2^n passphrases. Say n=4. That is 32 passphrases to check. Now I only use one encrypted container and a single passphrase, but the passphrase is double that of previous example, 2n. That means I have 2^(2n) passphrases to check, with n= 4, I have 256 passphrases to check. So by using a single container, with the passphrases concatenated together you have significantly increased your security. It can also be argued that on successfully cracking one container, the attack would be motivated to carry on. Quote Link to comment Share on other sites More sharing options...
Trajik Posted February 10, 2009 Share Posted February 10, 2009 Actually your making it considerably easier for me to crack. Proof: You have one encrypted container which contains another encrypted container, passphrase1 for the first, passphrase2 for the second. The passphrases are both n bits long. To check all the passphrases for one of them you need to check 2^n passphrases. Ignoring the probability of finding it within half of that normally. This means to crack both the containers I need to check 2x2^n passphrases. Say n=4. That is 32 passphrases to check. Now I only use one encrypted container and a single passphrase, but the passphrase is double that of previous example, 2n. That means I have 2^(2n) passphrases to check, with n= 4, I have 256 passphrases to check. So by using a single container, with the passphrases concatenated together you have significantly increased your security. It can also be argued that on successfully cracking one container, the attack would be motivated to carry on. That is true. But your single passphrase is double the length of my 2 single ones. Then of course yours will be harder. But what if each one of mine were double the size of your one? Haha we could go around in circles for hours. But i know what your saying, you may aswell use a single pass-phrase just aslong as any mutliples combined for the same security. (But then we could start thinking about the future... what if the program in question used to encrypt, or the algorithym itself is later found to have an exploit of vulnerability, and that is the only method you used to encrypt your single file? You might then wish you had something else inside) And it could be true that once cracking through one container the motivation is there to carry on, it also could be true that it's the straw that breaks the camels back... it took <this long to crack>, they are all excited, only to find... yet another... encrypted volume. ARHHG. Haha interesting topic :) Quote Link to comment Share on other sites More sharing options...
stingwray Posted February 11, 2009 Share Posted February 11, 2009 You have to remember that an encryption algorithm will only handle its maximum amount of allowed bits for the key, AES tops out at 256-bits, so increasing the key anymore does nothing for security. 2^256 is a very very big number. As to my previous post, if you require more security than this then you need to be looking at other things than encryption. As for combining multiple encryption algorithms for redundancy, i still believe this is pointless, your going to seriously hurt your performance when working within the encrypted sector. Also given that all approved algorithms are tested extensively before they are accepted, the only likely vulnerability to be found is one which is systemic of all symmetric block ciphers of that type, like block ciphers. So all the algorithms that your going to use are broken at the same time. For example, you secure a chest with two pad locks, both of different lock design, which is great, until someone comes along with bolt cutters and simply cuts them both of at the same time because they have the same weakness. Its far easily and better to have better password policy and contingency plans, so pick a 32 character password which is completely random using a good range of characters, then change it regularly. If an encryption scheme is broken, have your system convert from one to another and remove all trace of the old version. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.