Jump to content

Folder Encryption


DingleBerries
 Share

Recommended Posts

I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example.

Make Folder/Partition

Encrypt Data

Set Passwords

Password 1 == Gain Rights to drive with all data

Password 2 == Gain Rights to the drive but with different data

So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1.

Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking.

Link to comment
Share on other sites

I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example.

Make Folder/Partition

Encrypt Data

Set Passwords

Password 1 == Gain Rights to drive with all data

Password 2 == Gain Rights to the drive but with different data

So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1.

Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking.

Mac/PC/Linux?

If Mac, you can create an 256-bit AES encrypted disk image very simply in Disk Utility.

Otherwise I can't help you besides what my GoogleFu turns up.

Link to comment
Share on other sites

I am looking for a program to encrypt a folder or dive, either or doesnt matter. Now the twist, I want to be able to set up two passwords. Here is an example.

Make Folder/Partition

Encrypt Data

Set Passwords

Password 1 == Gain Rights to drive with all data

Password 2 == Gain Rights to the drive but with different data

So say i am at a check point and they want to view my encrypted folder, I give them password 2 and it shows some randumb jpegs and text files, but the real data i am trying to hide is only uncoverable with Password 1.

Ive seen rar files act up when given passwords that do not match but for some reason opens the rar. It will give you an out put but its mostly rubbish and makes no sense. This was experienced when there was a thread about rar cracking.

FAIL

if you are using a program to obfuscate your data that specificity touts this feature...

Link to comment
Share on other sites

Either on Linux or Windows. Encrypting the Disk isnt hard, but doing it so that 1 Password gives on thing and another gives something completely different is another thing.

I understand that if the program says it can do that then someone may get suspicious, however how are they to know which password i gave them?

Link to comment
Share on other sites

I think TrueCrypt does this. You can have a partition that has one password for one set of data, and another to access a hidden share within that one. So one can be seen and requires a password, the other can not be seen and requires a different password to unhide and unlock it. Mubix covered this in the first episode the talked about TrueCrypt way back in like season 2 I think.

Link to comment
Share on other sites

TrueCrypt will do this this (see "truecrypt hidden volumes"), just be sure not to write to much data or you may erase data in the 'hidden volume', plus TrueCrypt works on almost any OS.

Link to comment
Share on other sites

ok so on my verbatim stor n go flash drives they have a little encryption app called v-safe.exe. it basically creates a hidden partition called private. so when you plug the drive in youll only have access to the public area, then you can run the v-safe app and it will prompt you for the password, after that youll be able to see the files in the private area. so you could keep some files in the pirvate partition and then you could encrypt the whole flash drive with any other encryption method.

vstore.jpg

quizimg.png

Link to comment
Share on other sites

As previously mentioned True Crypt will do this for you.

True crypt first encrypts the stuff you want (disk/folder/file) then will create a second hidden encryption section inside the first. Because encrypted data is designed to look like random data, the theory is that you have plausible denability as you can give people the first and say look, its my Tax Returns.

Link to comment
Share on other sites

  • 3 weeks later...
TrueCrypt is more or less the best......why would you want to give the viewer the feeling that its encrypted n all why not just hide it in an image or something copy / b abc.jpg+abc.rar output.jpg or something....or crypt it into an unknown format...

Because rarmages have been around for a loooooong time and most police/law enforcement agencies look there first for child porn, that is the most common way of distributing it. Also if I have 2.8GB of imformaion to hide, im sure a jpeg of that size will send flags off right way.

Crypting into an unknown format may be good, however I do not posses the skills to code something like that. If you mean rename the .rar to a .unk then the hex dump would be a dead give away.

I went with Vectors program and truecrypt and so far have no qualms.

Link to comment
Share on other sites

obviously you want to use multiple layers of cryptography and hidden volumes for your data but there needs to be a legit reason for your data being there and consuming that much space. as SomethingToChatWith said it by renaming it a doc file it wont open in simple editors but if your going through this much work already your opponent wont be using wordpad. the answer to this is rare formats that consume lots and lots of space. and you can always hide it in a .rar file then tuck then in an iso or something.. encryption is just a game of hide and seek.

Link to comment
Share on other sites

Better yet give it a .exe extension to really throw 'em for a loop :) But that doesn't matter. You can make an additonal container inside the hidden volume within the outside volume for even more security and TC already offers up to three types of encryption on a single volume as it is. Slower, but def. secure.

Link to comment
Share on other sites

I also agree that Trucrypt is the best option for this. But before everyone gets head over heals, you still need to have long-arse pass phrase otherwise your security is kind of pointless. Have a read of this article before using it.

http://www.shortinfosec.net/2009/02/cracki...-container.html

Also, bundling it with other crypto methods is a good idea.

Link to comment
Share on other sites

Also, bundling it with other crypto methods is a good idea.

What do you mean by other "crypto methods"?

Because encrypting a file with algorithm1 and passphrase1, then with algorithm2 and passphrase2, is no more secure than using just one of the algorithms and passphrase1+passphrase2 (if the algorithms are secure).

You just end up slowing down your encryption and decryption more because you have to do it twice, where with a longer passphrase you get the same security and it takes no longer.

If your worried about an algorithm being found to be insecure, then on evidence of this, switch algorithm then, it'll take a little time switching but you will have gained that time back by not having to make two passes using two algorithms.

Theres really no need at the moment for anything more than AES-256, if you need stronger encryption at that point (to stop the NSA from reading your information for instance) then you need to look into other aspects of security to secure your data.

Link to comment
Share on other sites

What do you mean by other "crypto methods"?

Because encrypting a file with algorithm1 and passphrase1, then with algorithm2 and passphrase2, is no more secure than using just one of the algorithms and passphrase1+passphrase2 (if the algorithms are secure).

You just end up slowing down your encryption and decryption more because you have to do it twice, where with a longer passphrase you get the same security and it takes no longer.

If your worried about an algorithm being found to be insecure, then on evidence of this, switch algorithm then, it'll take a little time switching but you will have gained that time back by not having to make two passes using two algorithms.

Theres really no need at the moment for anything more than AES-256, if you need stronger encryption at that point (to stop the NSA from reading your information for instance) then you need to look into other aspects of security to secure your data.

Well not exactly 'different' crypto. But yeah you have a point. You would use the best method (or most secure) of encryption available to you, then why bother with wrapping anymore with anything less secure? Well i guess you wouldn't, you would use the same. But my point is that a method like that wprks purely for a time constraint point of view. Say you are trying to crack a password... at what point will you give up and say "bad luck, i couldn't crack it"? 1 week? 3 months? A year?

If you have a trucrypt volume with say, a 16 character passphrase. Then inside that you have another truecrypt volume (same crypto or not) with a different 20 character passphrase (obviously would have a different hash, was created at a different time), then it WILL make it 'harder' to crack because you have only gotten half way if/once you crack the first container. And how long did that take? Who knows how long the second one will take? Will there be more encrypted containers inside this one?

Obviously if you don't want government agencies getting to your stuff, you have a lot of other things to think about than encryption (yes, they probably already have those files archived off somewhere and have a nice meta search cluster at the ready to find anything on you at any time). But i believe that by having multiple encryptped volumes or containers inside each other, all with different (obviously long, random) pass-phrases, and all created with different hashes, the chance of cracking your way through each one will take longer and longer. Not really practical for every day file use like you state. But if you worked on the files maybe a couple of times a week, having to enter a few different passphrases at different levels may be worth while.

All depends on where you draw the line from security/usability and is it worth while.

--just for fun--

And i guess for tinfoil paranoia fun you could say, have your linux partitions encrypted automaticly, then use an encryption program to do its own full disk encryption, then create a virtual machine on that host. Install an OS with disk encryption. Inside the VM make numerous serpeate encrypted volumes with differernt passphrases, then have your files at the root of it all (inside the containers which are inside the VM). Shut down the VM. Create an encrypted container, move the VM inside that. Then move that container inside a few more containers. Oh and of course, the actual data you are protecting is a stenography file passworded with RAR then residing in a PGP file. Haha i'd actually be curious to see how fucking slow working with that would be :)

--maybe not so fun--

Link to comment
Share on other sites

If you have a trucrypt volume with say, a 16 character passphrase. Then inside that you have another truecrypt volume (same crypto or not) with a different 20 character passphrase (obviously would have a different hash, was created at a different time), then it WILL make it 'harder' to crack because you have only gotten half way if/once you crack the first container. And how long did that take? Who knows how long the second one will take? Will there be more encrypted containers inside this one?

Actually your making it considerably easier for me to crack.

Proof:

You have one encrypted container which contains another encrypted container, passphrase1 for the first, passphrase2 for the second. The passphrases are both n bits long.

To check all the passphrases for one of them you need to check 2^n passphrases. Ignoring the probability of finding it within half of that normally. This means to crack both the containers I need to check 2x2^n passphrases. Say n=4. That is 32 passphrases to check.

Now I only use one encrypted container and a single passphrase, but the passphrase is double that of previous example, 2n. That means I have 2^(2n) passphrases to check, with n= 4, I have 256 passphrases to check.

So by using a single container, with the passphrases concatenated together you have significantly increased your security.

It can also be argued that on successfully cracking one container, the attack would be motivated to carry on.

Link to comment
Share on other sites

Actually your making it considerably easier for me to crack.

Proof:

You have one encrypted container which contains another encrypted container, passphrase1 for the first, passphrase2 for the second. The passphrases are both n bits long.

To check all the passphrases for one of them you need to check 2^n passphrases. Ignoring the probability of finding it within half of that normally. This means to crack both the containers I need to check 2x2^n passphrases. Say n=4. That is 32 passphrases to check.

Now I only use one encrypted container and a single passphrase, but the passphrase is double that of previous example, 2n. That means I have 2^(2n) passphrases to check, with n= 4, I have 256 passphrases to check.

So by using a single container, with the passphrases concatenated together you have significantly increased your security.

It can also be argued that on successfully cracking one container, the attack would be motivated to carry on.

That is true. But your single passphrase is double the length of my 2 single ones. Then of course yours will be harder. But what if each one of mine were double the size of your one? Haha we could go around in circles for hours. But i know what your saying, you may aswell use a single pass-phrase just aslong as any mutliples combined for the same security. (But then we could start thinking about the future... what if the program in question used to encrypt, or the algorithym itself is later found to have an exploit of vulnerability, and that is the only method you used to encrypt your single file? You might then wish you had something else inside)

And it could be true that once cracking through one container the motivation is there to carry on, it also could be true that it's the straw that breaks the camels back... it took <this long to crack>, they are all excited, only to find... yet another... encrypted volume. ARHHG.

Haha interesting topic :)

Link to comment
Share on other sites

You have to remember that an encryption algorithm will only handle its maximum amount of allowed bits for the key, AES tops out at 256-bits, so increasing the key anymore does nothing for security.

2^256 is a very very big number. As to my previous post, if you require more security than this then you need to be looking at other things than encryption.

As for combining multiple encryption algorithms for redundancy, i still believe this is pointless, your going to seriously hurt your performance when working within the encrypted sector. Also given that all approved algorithms are tested extensively before they are accepted, the only likely vulnerability to be found is one which is systemic of all symmetric block ciphers of that type, like block ciphers. So all the algorithms that your going to use are broken at the same time.

For example, you secure a chest with two pad locks, both of different lock design, which is great, until someone comes along with bolt cutters and simply cuts them both of at the same time because they have the same weakness.

Its far easily and better to have better password policy and contingency plans, so pick a 32 character password which is completely random using a good range of characters, then change it regularly. If an encryption scheme is broken, have your system convert from one to another and remove all trace of the old version.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...