PDA

View Full Version : Truecrypt 5.0 Released (now with system partition encryption)



Pages : 1 [2] 3 4

nemo_outis
02-09-08, 01:07 AM
nobody@aes256.cn (Anonymous) wrote in news:f0c6f944956a469714d047cbab689929
@aes256.cn:

> None of that has anything at all to do with what the guy was
> talking about. Nobody is even suggesting the use of Truecrypt would
> be hidden, he's talking about hardening Truecrypt's plausible
> deniability by using hidden volumes to create two completely
> separate encrypted OS installs, and using the password mechanism as
> a sort of boot loader. Is such a thing possible?
>
> Please..... if you don't understand the question don't try and give
> an answer.


I understand the question very well.

And my answer is twofold:

1) I cannot currently be done with Truecrypt

2) That it cannot be done is no loss since it's a silly idea in the first
place.

Regards,

nemo_outis
02-09-08, 01:14 AM
Anonymous <nobody@aes256.cn> wrote in
news:874c4fbd4874eb652c39433b31131c8a@aes256.cn:

> nemo_outis wrote:

If you encrypt an entire HD (as Truecrypt allows you to do in "device"
mode) then you cannot boot from that HD. If you do this with all your HDs
then you cannot boot from any of them. You are reduced to using all your
HDs as data drives. And so you must find something else (CD, USB, etc) to
boot from. Or else stare at your completely non-functional computer, which
will just sit there making exactly the same kind of humming noise that
bricks don't.

If this was all you wanted from life then you could have stuck with version
4.3 of Truecrypt, and not bothered folks here with your whinging.

Regards,

Anonymous
02-09-08, 01:15 AM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:d7ac7fb60c39b076fbe85e54bf4ba496@mixmaster.it:
>
> Ah, the first of the whiners and cavillers has arrived. ...with
> a farrago of nonsense. ...just as I predicted.
>
>
> > nemo_outis wrote:
> >
> >> The entire disk IS encrypted, with the exception of the boot
> >> stub on track 0.
> >
> > No, it's not. If you have two partitions and encrypt only the
> > "system" partition the other isn't touched.
>
> Are you usually this thick? Yes, even though you have a
> whole-disk encryption program you can choose not to encrypt some
> partitions - or any of them for that matter. However, choosing
> not to use the program's capability for whole-disk encryption
> doesn't make it one whit less a whole-disk encryption program.
>
> As for a boot drive's partition table, some full HD OTFE programs
> may encrypt it, while others may not - just as I said. For
> instance, Bestcrypt Volume Encryption (one of the better
> commercial full-HD OTFE programs) does NOT encrypt the partiton


Excuse me *******, but.... Bestcrypt isn't wholedisk encryption
either.

Main Features

1. Encrypting all types of volumes residing on fixed and removable disks:
* Simple volume, i.e. volume consisting of one disk partition.
* Mount point - volume mounted as a sub-folder on NTFS-formatted volume.
* Multipartition volume, i.e. volume consisting of several disk partitions:
1. Spanned volumes;
2. Mirrored volumes;
3. Striped volumes;
4. RAID-5 volumes.

If you're struggling with the meaning of "volume" and "residing
on" let us know and we'll post some explanations using really
small words. :)


> table on a fully encrypted hard drive - I have just confirmed
> this with a number of partition managers (using Hiren v9.3).
>
> Why? Because encrypted partition tables are just asking for
> trouble from some program that doesn't recognize that the disk is

What a crock. Do you have any clue at all how many wholedisk OTFE
producte actually DO encrypt the partition table? Any clue at all?

Wait, no you don't. You don't even know what wholedisk encryption
products ARE.

> not trashed (i.e., one that misinterprets an encrypted partition
> table as a corrupted one).
>
> Just as I said.
>
> The benefit from encrypting the partition table? None!

That's really funny coming from someone whose idea of "secure" is
hiding something in a sock drawer.

Yeah nimrod, your silly ass steganography is secure but hiding the
fact that entire partitions exist with strong encryption is a waste
of time.

You're not just dim, you can't even pick a position and stick with
it.

What an idiot.

Ari
02-09-08, 01:50 AM
Thanks, nemo.


On Sat, 09 Feb 2008 04:15:24 GMT, nemo_outis wrote:

> Ari <arisilverstein@yahoo.com> wrote in
> news:1f1ux0vajj9g7.1i6hv3ciyph87.dlg@40tude.net:
>
>> On Fri, 08 Feb 2008 17:40:22 GMT, nemo_outis wrote:
>>
>>> I'll be happy to post the method again if anyone cares.
>>>
>>> Regards,
>>
>> I do.
>>
>> I love you and you know that.
>
> Here (from 2004) is the method whereby a suitably configured OS (or
> powerful system-level program, etc.) could leak the encryption key of a
> full-HD OTFE program without changing the encryption algorithm in the
> least. My old description is in terms of DCPP but the method generalizes
> to all such programs, including Truecrypt. All that is required is that
> the full-HD OTFE user have installed a particular OS which has, say,
> already been modifed back at Microsoft by the NSA to have the
> capabilities I describe.
>
> ********************************************
> A malign OS can leak the encryption key even while fully and perfectly
> adhering to the DCPP encryption scheme. And it can leak the key on the
> ordinary data areas of the HD - no hidey-holes required. The scheme will
> pass every validation test, because it fully adheres to the DCPP
> encryption rules.
>
> AND YET THE KEY WILL HAVE BEEN LEAKED!
> ********************************************
>
> Bear with me, for this is a little complicated to explain.
>
> I'm going to describe the unobfuscated way of doing this at first.
> First of all, I take as given that the malign OS can harvest the key from
> memory. So the OS knows the key (say 256-bit for the sake of
> concreteness)
>
> Now, it is perfectly legitimate for the OS to write data for its own
> purposes in a sequence of sectors (say as part of the swap file).
> However, according to the DCPP encryption mechanism it must encrypt them
> using the algorithm and key (and IV) that is prescribed by DCPP. So
> here's what the malign OS does next.
>
> Let's say the first 3 bits of the key are 001
>
> For the first in a series of 256 consecutive sectors in the swap file
> (and the OS can easily ensure these are also consecutive physical sectors
> on the HD as well) the OS generates some random data. It then encrypts
> it following the DCPP algorithm perfectly. If it encrypts to an odd 512-
> byte number, the OS writes the sector. If it doesn't, it generates a new
> random number and tries again. Very quickly it finds a value that will
> encrypt to an odd 512-byte number. Satisfied, it writes the data to the
> sector. Here's the crux: the OS has just written a sector that can be
> interpreted as a binary zero (i.e., if the whole 512-byte encrypted
> sector is odd). It has just leaked the first bit of the key!
>
> The OS repeats the process for the next sector until it again writes what
> can be interpreted as a "zero" (i.e., the whole 512-byte encrypted sector
> is odd). It has just leaked the second bit of the key!
>
> The OS repeats the process again for the third bit - except this time the
> sector must encrypt to an even 512-byte number to signal a binary one.
> The OS writes the sector, thus leaking the third bit of the key.
>
> And so on and so on until the OS has leaked the entire 256-bit key as a
> sequence of 256 consecutive completely-properly-encrypted sectors, with
> each sector interpreted as binary 0 or 1 according to whether its whole
> 512-byte contents are even or odd!
>
> But how would someone looking at the disk know where the OS has leaked
> the key? Answer: the OS uses (say) a ten-sector sequence of all evens
> (say) to signal that the next 256 sectors should be interpreted as the
> key!
>
> Result: the malign OS has fully conformed to the encryption rules. Every
> sector is correctly encrypted according to the rules - no exceptions! No
> data has been written to any hidey-hole. AND YET THE KEY HAS BEEN
> LEAKED!
>
> Assuming you understand the above, you can now add obfuscation. For
> instance, there is no need for the "key follows" signal to be ten 1's -
> it could just as easily be 1001001101110111.
>
> Similarly, the malign OS needn't leak the key as "plaintext" - it can
> encrypt/obscure the leaked key sequence using a prearranged scheme known
> only to the NSA and Microsoft.
>
> As I said in a previous post: Covert channels are a bitch to plug!
>
> Regards,
>
> PS Needless to say, once the principle is grasped, zillions of
> variants readily spring to mind.


--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

Anonymous
02-09-08, 02:54 AM
nemo_outis wrote:

> > Tell you what, why don't you go right ahead and shrink your main
> > bootable partition on your first hard drive and create another
> > partition on that drive (if you don't have one there already) and then
> > use Truecrypt to encrypt that entire drive as a single device so the
> > entire disk IS encrypted. Let us know how that works out for you.
> >
> > Hope you have backups. ;)
>
> You really are a whining caviller. However, lest others be misled, I will
> explain why I am 100% correct.

"BestCrypt Volume Encryption software provides the following advanced
functionality:

1. Encrypting all types of volumes residing on fixed and removable
disks:

* I. Simple volume, i.e. volume consisting of one disk partition.
* II. Mount point - volume mounted as a sub-folder on
NTFS-formatted volume.
* III. Multipartition volume, i.e. volume consisting of several
disk partitions:"

http://www.jetico.com/bcve_web_help/html/01_introduction/03_main_features.htm

What part of "volume" and "residing on" are you struggling with there
sonny? :)

Sebastian G.
02-09-08, 04:43 AM
Anonymous wrote:


>> However, I found a privilege escalation vulnerability from
>> version 4.3a being carried over, so I heavily recommend to avoid
>> using TrueCrypt until it's fixed.
>
> You didn't find ****. There's no such vulnerability that hasn't
> been fixed, and all you're doing is spreading FUD to try and make
> yourself look important.


Since the TrueCrypt developers obviously don't care (haven't responded
withing 48 hours), I can publish the vulnerability:

ntdriver.c!ProcessVolumeDeviceControlIrp!IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME:
if Irp->AssociatedIrp.SystemBuffer is smaller than
sizeof(MOUNTDEV_SUGGESTED_LINK_NAME), this will lead to an unhandled invalid
memory write access or kernel memory corruption. If the buffer address is
larger than 0x100000000-sizeof(MOUNTDEV_SUGGESTED_LINK_NAME), an integer
overflow occurs and allows to write into memory regions around 0x00000000 to
(sizeof(MOUNTDEV_SUGGESTED_LINK_NAME)), where the process control block may
reside

ntdriver.c!ProcessVolumeDeviceControlIrp!IOCTL_DISK_VERIFY: if if
Irp->AssociatedIrp.SystemBuffer is smaller than sizeof(VERIFY_INFORMATION),
this will lead to an unhandled invalid memory read access or information
disclosure

Both can easily be triggered by creating a new volume or taking an existing
one, mounting it with drive letter X: and the running dc2.exe (Driver Path
Exerciser Tool for the Windows Driver Kit) against the volume object file:
"dc2 /hct \Device\TrueCryptVolumeX". If you activate logging (switch '/lv'),
then you'll see that the crash happens for the DeviceIoControl test at the
IOCTLs 0x4d00c or 0x70014, which are the two mentioned above.

> You've pulled that same crap before too,
> and got spanked right out of a couple forums because of it.


I only posted one vulnerability in the forums, which was a real
vulnerability (the Makefile for the driver defined the macro NT_UP=1, which
will trigger some optimization for single processor systems that don't hold
on multi processor systems and lead to fatal consequences) and this got
acknowledged quite well. Being "spanked right out" is something I don't know
about, maybe you can elaborate?

> Isn't that right, "Gobbleslop"? ;-)


Hm? Should this name tell me anything?

Sebastian G.
02-09-08, 04:46 AM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:61496qF1smtekU1@mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>
>>> If that "other media" is permanently attached to the system (i.e.,
>>> "fixed") then plausible deniability is still shot. Since Microsoft
>>> only supports booting normal Windows (not PE, not embedded) from
>>> fixed media, what you want is unachievable with Windows as the OS
>>> (without violating the licence).
>
>> Once again: You can modify an normal Windows installation CD to allow
>> installation and booting from USB mass storage, FireWire Mass Storage
>> and SD Cards. Without any license violation. With a text editor and
>> cabarc (which is free to download from Microsoft).
>
>
> No, Sebastian, such a modification of Windows is not authorized by
> Microsoft.


Such a modification is even explicitly intended by Microsoft, it's called an
"unattended setup".

> And BTW, Sebastian, it's still utterly implausible that someone has a
> computer system with every HD completely filled with random junk.


I already told you some counterexamples.

> Remmember, Sebastian, it's not whether you find such patent nonsense


OK, now you even call standard practices nonsense.

> plausible but whether a judge and jury do.


They should. After all, any special attended expert can tell them that such
things are common practice.

Sebastian G.
02-09-08, 04:49 AM
nemo_outis wrote:


>> Additionally, if you do the pre-boot stuff, the MBR containing this
>> code would also differ from random data. But TrueCrypt does not permit
>> storing the MBR on another media and do some redirection.
>
> Yes, Truecrypt has not COMPLETELY redesigned Windows' boot process to
> accomodate a kook like you.


Two obvious things:

- This is not a limitation of Windows' boot process. Why do you think it is?

- storing the initial boot loader on another media to avoid running a
potentially modified bootloader from the disk in neither unknown nor
unusual, so it's no wonder that some products actually implement this

But since you can hardly do anything but ranting, maybe you should stop
discussing about such trivialities.

Sebastian G.
02-09-08, 04:55 AM
Anonymous wrote:

> Sebastian G. wrote:
>
>> Cyberiade.it Anonymous Remailer wrote:
>>
>>
>>>> Are you usually this thick? Yes, even though you have a
>>>> whole-disk encryption program you can choose not to encrypt some
>>>> partitions - or any of them for that matter. However, choosing
>>>> not to use the program's capability for whole-disk encryption
>>>> doesn't make it one whit less a whole-disk encryption program.
>>> Problem is, with Truecrypt you don't have that choice.
>>
>> So then my fully encrypted harddisk with even an encrypted partition table
>> is pure imagination?
>
> It sure as hell is if you think you have a usable operating system
> installed on it.


I don't think so, since I haven't. And never claimed so.


Maybe you have a problem with statements? The I'll better summarize the
current point:

- TrueCrypt does support encrypting entire media including partition tables,
so it's FDE.
- TrueCrypt does support booting from encrypted partitions using pre-boot
authentication.
- But not oth things simultaneously on the same media.

>> Who cares for installing an OS? This drive only contains data, the OS is on
>> another media.
>
> Exactly. That's what tells us you're using partition/volume encryption
> rather than whole disk encryption.


I use partition encryption for the OS, and FDE volume encryption for the data.

> I have no idea where you're getting your definitions and information
> from, or whether you're just making **** up as you go, but even
> Truecrypt doesn't claim to be whole disk encryption.


It does claim so, supports it very well and I can easily verify on my system
that it actually does.

> Do you really think you're more knowledgeable about the product than the
> people who write and maintain it?


No. I just think that you're too stupid to read the documentation and/or try
it yourself - before posting your spouted nonsense.

nemo_outis
02-09-08, 12:34 PM
Anonymous <nobody@aes256.cn> wrote in
news:3d153c86fd7dcfae05dfaafa24ca4363@aes256.cn:

You still don't understand that Bestcrypt Volume Encryption can provide
OTFE protection for full HDs? Then go read the site documentation again -
maybe this time even a moron like you will get it.

Regards,

nemo_outis
02-09-08, 12:35 PM
nobody@aes256.cn (Anonymous) wrote in
news:6820499054317f6d4743e40c24032cb3@aes256.cn:

You still don't understand that Bestcrypt Volume Encryption can provide
OTFE protection for full HDs? Then go read the site documentation again -
maybe this time even a moron like you will get it.

Regards,

nemo_outis
02-09-08, 12:41 PM
"Sebastian G." <seppi@seppig.de> wrote in
news:615b23F1sfp4gU2@mid.dfncis.de:

> Such a modification is even explicitly intended by Microsoft, it's
> called an "unattended setup".

It's not the unintended setup that's unsupported ny Microsoft, but setup to
a removable drive (e.g., USB)

>> And BTW, Sebastian, it's still utterly implausible that someone has a
>> computer system with every HD completely filled with random junk.

> I already told you some counterexamples.

Yes, blatantly implausible ones.

>> Remmember, Sebastian, it's not whether you find such patent nonsense
>> plausible but whether a judge and jury do.

No, Sebastian, by far the most plausible reason for every drive on a
computer being filled with random junk is that encryption is being used.

Regards,

nemo_outis
02-09-08, 12:44 PM
"Sebastian G." <seppi@seppig.de> wrote in
news:615b7tF1sfp4gU3@mid.dfncis.de:

> nemo_outis wrote:
>
>
>>> Additionally, if you do the pre-boot stuff, the MBR containing this
>>> code would also differ from random data. But TrueCrypt does not
>>> permit storing the MBR on another media and do some redirection.
>>
>> Yes, Truecrypt has not COMPLETELY redesigned Windows' boot process to
>> accomodate a kook like you.
>
>
> Two obvious things:
>
> - This is not a limitation of Windows' boot process. Why do you think
> it is?
>
> - storing the initial boot loader on another media to avoid running a
> potentially modified bootloader from the disk in neither unknown nor
> unusual, so it's no wonder that some products actually implement this

How can you be this stupid, Sebastian? No matter how easy you think it
is, no matter how badly you want it, the plain fact of the matter is that
WINDOWS DOESN'T DO IT!

Regards,

Nomen Nescio
02-09-08, 12:50 PM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:bf6ea79edec361e1aad589185e7d1167@mixmaster.it:
>
> > nemo_outis wrote:
> ...
> >> As for an unencrypted partition table disclosing info, that
> >> trivial info is useless for decrypting the contents of the
> >> partitions or even inferring the nature of what is contained
> >> in them.
>
> > I see. So now you believe you're smarter than all the encryption
> > and cryptanalysis experts that ever lived, combined.
>
>
> You see little and comprehend less.
>
> If you have some argument to show how an unencrypted partition
> table would permit decrypting the contents of of an encrypted

Nobody ever said anything at all like that you lying *******.
You've already been clubbed over the head with a cite about why
unencrypted partition tables are less secure than encrypted ones.
You didn't even have the courage to reply to it, but it's out there
none the less.

> partition, then make it. If not, then, as I have repeatedly
> suggested: Do be a good little moron and **** off.
>
> Regards,

Nomen Nescio
02-09-08, 12:50 PM
nemo_outis wrote:

> >> Bestcrypt Volume Encryption for Windows is among the most advanced
> >> full-HD OTFE encryption systems. Not only can it encrypt all HD
> >> partitions on all HDs (including the boot/system one) it supports
> >> complete encyption of spanned, mirrored, and striped volumes, as well
> >> as RAID 5 volumes. It also supports physical tokens in addition to a
> >> password/passphrase for additional security.
> >>
> >> http://www.jetico.com/bcve.htm
> >
> > That paragraph doesn't exist at all on that page. Or anywhere else on
> > Jetico's site that I can find.
>
> Of course, you ****ing moron, that paragraph is mine, in my words - there
> are no quotation marks, no "Jeticos says" in it. It's a simple
> description and characterization of the program clearly provided by me,
> the author of the post, the fellow with his name in the "From" header -
> just as anyone who wasn't a moron like you would expect. You've just
> failed to comprehend plain English - yet again.

I almost feel sorry for you. Even you had to cringe when you made the
decision to try and float such a whopper.

*snicker*

Nobody is going to buy it liar. If you're going to play that way you're
going to at least play on some level above "imbecile". Come up with a
credible lie. Maybe "Oh, they must have just changed that page when
they released 5.0" or something. It wouldn't really help all that much
because the link you provided says exactly the opposite of the lie you
tried to tell, but at the bottom end of the evolutionary ladder you
would, at least, stand out among your peers.

> The cite was provided for convenience to allow readers to check for
> themselves what Bestcrypt says about its product. And the cite was set
> off in a completely separate paragraph specifically so as not to directly
> link it to my words above.
>
> As for what Bestcrypt says about the term "volume," you would understand,
> if you weren't such a colossal moron, that Bestcrypt uses the term in a
> broader sense than Truecrypt to refer to "high-level storage entities"
> that can, inter alia, extend across multiple hard drives (such as spanned
> volumes or RAID 5). Jetico makes the distinction between "volume" and
> "whole-disk" encryption because its product can support seamless
> "volumes" which may be stored across several physical HDs.

What they say, "moron", is that volume, partition, and FD/Wholedisk are
three different things. Period. And that of those three possibilities,
Bestcrypt is clearly of type "volume". Period. It's not ambiguous no
matter how hard you try and wriggle out of you own imbecility by
pretending it is. It's a clear statement of fact that proves you
unequivocally wrong, made by the people you were "citing" in an attempt
to prop up that imbecility.

Sorry about your luck, sucks to be you, have a nice day.

*snicker*

> Now do be a good moron and **** off.

Maybe after a bit. That crunching sound is just too attractive at the
moment. Sorta like a little symphony, being backed up your your
squealing and all.

*snicker*

Don't worry little one, I know how important it is for people like you
to get the last word in. When I decide that time has come, I'll let you
know. :)

Anonymous
02-09-08, 12:53 PM
Sebastian G. wrote:

> Anonymous wrote:
>
>
> > except maybe in caches, swap space, histories and logs, last
> > modified fields, etc...........
> >
> > with whole disk nothing can ever be leaked to another partition
> > or anywhere else that anyone can see without owning the keys.
> > partition encryption can leak like a sieve.
>
>
> Which is wrong again. For all those FDE products which use CBC
> mode, the swap file is likely to contain an IV, which leaks the

Which doesn't matter one ****ing bit because unless it's mounted,
it's encrypted.

What an idiot.


> first block of data for every CBC block. For LRW, swapping out an
> empty page with the LRW tweak key at the beginning or the end
> will allow an attacker to retrieve the LRW tweak, and therefore
> distinguishing the encrypted volume from random data. For ESSIV
> it's the same.
>
> Lucky you that TrueCrypt 5.0 introduced XTS as the only mode for
> creating new encrypted volumes.

nemo_outis
02-09-08, 01:01 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:9c560c5e4d435ab2734ae2e076739ea3@dizum.com:

Back again with the same ********? You get the same answer as last time.

If you have some argument to show how an unencrypted partition table would
permit decrypting the contents of of an encrypted partition, then make it.
If not, then, as I have repeatedly suggested: Do be a good little moron and
**** off.

Regards,

nemo_outis
02-09-08, 01:02 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:82ea57176532ddf0881ca98427937d4a@dizum.com:

You obviously still haven't enrolled in that remedial reading course.

Regards,

Cyberiade.it Anonymous Remailer
02-09-08, 01:34 PM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it:
>
> > nemo_outis wrote:
> >
> >> There must - necessarily! - be a small amount of unencrypted code on
> >> the boot/system volume. This is invariably located on track 0.
> >
> > Nope! I fact with *true* whole disk encryption there is absolutely no
> > unencrypted information on a device at all.
>
> Uhh, doofus, Windows cannot boot from a completely encrypted disk because
> there's nothing to decrypt those first bytes to even get the process

Wrong!

Windows can trivially boot from a completely, 100% end to end including
sector 0, encrypted drive without modifying Windows at all, without
using any external bootstrapping at all, and without using any stupid
"boot sector copying" scheme.

Your problem is your narrow little mind sonny. Ponder it a bit longer
for my amusement and then I'll give you the facial. :)

Anonymous
02-09-08, 01:38 PM
nemo_outis wrote:

> nobody@aes256.cn (Anonymous) wrote in news:f0c6f944956a469714d047cbab689929
> @aes256.cn:
>
> > None of that has anything at all to do with what the guy was
> > talking about. Nobody is even suggesting the use of Truecrypt would
> > be hidden, he's talking about hardening Truecrypt's plausible
> > deniability by using hidden volumes to create two completely
> > separate encrypted OS installs, and using the password mechanism as
> > a sort of boot loader. Is such a thing possible?
> >
> > Please..... if you don't understand the question don't try and give
> > an answer.
>
>
> I understand the question very well.
>
> And my answer is twofold:
>
> 1) I cannot currently be done with Truecrypt
>
> 2) That it cannot be done is no loss since it's a silly idea in the first
> place.

So you're saying Truecrypt's hidden volumes are a silly idea?

Fascinating.

Oh wait, you're just being a vindictive little snipe because you got
your ass handed to you over your Bestcrypt foible, and you mistakenly
though you were striking back. You know full well the ability to create
a "hidden system" volume would be near perfect plausible deniability
because by the very definition of hidden volume as Truecrypt provides,
it would be impossible to know if/where that volume existed, and not
having the "host" volume mounted at all would mean nothing could leak
to that copy of an OS across the encrypted boundrary. Additionally, the
two password scheme used by normal hidden volumes would both protect
the hidden volume, and provide a sort of "dead man" that could easily
destroy the hidden evidence through normal use of the host volume.

Pitty such a poetically secure isn't possible. Or is it? Did you
actually try it, or is this just another nemo_outhouse crapper load of
guesses and wishes?

Nomen Nescio
02-09-08, 02:30 PM
nospamatall wrote:

> Sebastian G. wrote:
> > Anonymous wrote:
> >
> >
> >>> Maybe you're just stupid. Why do you narrow your views to one
> >>> drive? You can have two or more. One contains the operating
> >>> system, does the pre-boot stuff and has an identifyable partition
> >>> table. The second drive is meant to store data, and is fully
> >>> encrypted, including the partition table.
> >>
> >> Maybe you're just a lying sack, desperately trying to change the
> >> rules to try and win a point.
> >>
> >> Can you install an OS to ANY device that's been encrypted by
> >> Truecrypt? No.
> >
> >
> > That has never been a requirement.
>
> You can install an OS and then encrypt the whole drive.

Actually, no you can not. If you do this, you destroy the operating
system and everything else on the drive. Truecrypt has no
non-destructive encrypting tools *except* for the system partition tool.

> Maybe you can do
> the other thing too, but I doubt we would find out anything useful from
> these folks!

Nope. There's no way to bootstrap a Truecrypt encrypted device. They
can't even really be mounted properly. This is one of the key things
that tells you Truecrypt isn't a FD OTFE tool.

If the explanation in their own words isn't enough for you that is. ;)

Nomen Nescio
02-09-08, 02:40 PM
nemo_outis wrote:

> You still don't understand that Bestcrypt Volume Encryption can provide
> OTFE protection for full HDs? Then go read the site documentation again -
> maybe this time even a moron like you will get it.

WE did read it kiddo, and even quoted it here. In stark contrast to
your made up horse flop as a matter of fact. There's only one moron
not "getting things" here, and that moron is you. The fact that you're
snipping like a coward and pasting like a kindergartner tells us even
you realize this, whether you're man enough to admit it or not.

It's probably comforting to bluster about how you "swat" people all the
time, but reality is a whole different matter. Jetico's own (actual)
words displayed prominently on their official web site plainly delineate
between various types of OTFE, clearly state which one their product
is, and even goes so far as warning readers that it's important to
understand the difference.

The sooner you grow up and come to terms with that latter bit of advice
the better off you'll be. The longer you put it off, the more you'll be
on the receiving end of the swatter. Either way. Up to you. :)

Ari
02-09-08, 03:26 PM
On Sat, 9 Feb 2008 06:05:47 +0000 (UTC), Anonymous wrote:

>> a good thing. Keeping your ill-thought-out gibberings
>> off sci.crypt would in particular be appreciated.
>
> You could always try alt.whining.cunts.moderated.
>
> It's that way ------------------------------------->

I looked over there and all I found was
alt.anonymous.overblownegoswhothinktheyareimportant and
alt.corp.anonymous-posters.notselfemployed.paychecktakers
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

Ari
02-09-08, 03:27 PM
On Sat, 09 Feb 2008 17:41:28 GMT, nemo_outis wrote:

> No, Sebastian, by far the most plausible reason for every drive on a
> computer being filled with random junk is that encryption is being used.
>
> Regards,

********, Usenet posts.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

Ari
02-09-08, 03:33 PM
On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:

> That's really funny coming from someone whose idea of "secure" is
> hiding something in a sock drawer.

Depends on where the sock drawer resides. For you, yes, totally insecure.
Since you sleep on your hobo bag in the alley.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

nemo_outis
02-09-08, 03:34 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:58cb2973f6b9fe4344a708161da63134@dizum.com:

You read it again and yet you still don't get it. Then go read the site
documentation again - maybe this time even a moron like you will get it.

Regards,

nemo_outis
02-09-08, 03:36 PM
Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:

Windows cannot boot from a completely encrypted disk because there's
nothing to decrypt those first bytes to even get the process started.

Regards,

nemo_outis
02-09-08, 03:39 PM
Anonymous <xor@hermetix.org> wrote in
news:35c8a5a05a21073fe24f8fe89666ea2b@hermetix.org:

While it is far from the only thing you are confused and in error about,
you seem to have confused and conflated the concept of not being possible
to apoodictically prove that encryption is being used with plausible
deniability.

Regards,

Henrique Mandalin
02-09-08, 03:39 PM
Ari wrote:
> On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
>
>> That's really funny coming from someone whose idea of "secure" is
>> hiding something in a sock drawer.
>
> Depends on where the sock drawer resides. For you, yes, totally insecure.
> Since you sleep on your hobo bag in the alley.

It would be interesting to hear how you know that fact, if it is, in
fact, a fact.

Henrique

Nomen Nescio
02-09-08, 04:00 PM
nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:82ea57176532ddf0881ca98427937d4a@dizum.com:
>
> You obviously still haven't enrolled in that remedial reading course.

You obviously don't have the guts to do anything but snip entire posts
so you can ignore (actual, not made up) cites, and fling little bits of
your own brand of **** just to try and get a last word in.

Cheer up little Nemo, I'll allow you that small luxury soon enough.

But not just yet.

*snicker*

http://www.jetico.com/bcve_web_help/html/01_introduction/02_what_is_ve.htm

Very first paragraph...

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

Suck that one again, bitch.

Cyberiade.it Anonymous Remailer
02-09-08, 04:07 PM
Sebastian G. wrote:

> Anonymous wrote:
>
> > Sebastian G. wrote:
> >
> >> Anonymous wrote:
> >>
> >>
> >>>> Nonsense. Microsoft has only disabled this option by default, since
> >>>> they don't want to support such configurations.
> >>> Maybe you can explain teh difference between "crippled" and "disabled"?
> >>
> >> Documentation and partial support.
> >
> > Telling someone their leg is irreparably broken and handing the a set
> > of crutches doesn't make them any less crippled or disabled.
>
>
> Making bad analogies doesn't make your point any less moot.

Denying the obvious and quibbling like a school girl over meaningless
semantics doesn't make YOU appear clever. In spite of what you think.

>
> > You're engaging in a semantics quibble that doesn't even exist, but
> > then you seem to enjoy that sort of thing. Never have to admit you were
> > wrong about something if you just make up the rules as you go, now do
> > you? :(
>
>
> Well, then tell me just one thing: If it was really crippled, then why was I
> able to unleash this functionality with nothing but a text editor and an
> archiver (for unpacking and optionally repacking the CABinet archives)?

Obviously, your text editor and achiever were all the tools needed You
"fixed" something just like a doctor might re-break a leg and set it
properly to correct some crippling disability.

Assuming anything you say is factual of course. *shrug*

Free clue: Disabled and crippled are synonymous, whether you're able to
comprehend that by analogy or not.

Anonymous
02-09-08, 04:11 PM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:615b7tF1sfp4gU3@mid.dfncis.de:
>
> > nemo_outis wrote:
> >
> >
> >>> Additionally, if you do the pre-boot stuff, the MBR
> >>> containing this code would also differ from random data. But
> >>> TrueCrypt does not permit storing the MBR on another media
> >>> and do some redirection.
> >>
> >> Yes, Truecrypt has not COMPLETELY redesigned Windows' boot
> >> process to accomodate a kook like you.
> >
> >
> > Two obvious things:
> >
> > - This is not a limitation of Windows' boot process. Why do you
> > think it is?
> >
> > - storing the initial boot loader on another media to avoid
> > running a potentially modified bootloader from the disk in
> > neither unknown nor unusual, so it's no wonder that some
> > products actually implement this
>
> How can you be this stupid, Sebastian? No matter how easy you
> think it is, no matter how badly you want it, the plain fact of
> the matter is that WINDOWS DOESN'T DO IT!

Not only does Windows "do it", the process is well documented on
the MSDN web sapce and even supported with several different
developer kits depending on what your target is. Not that they're
strictly necessary either from a technical, or a licensing
standpoint.

>
> Regards,
>

Nomen Nescio
02-09-08, 04:20 PM
nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:9c560c5e4d435ab2734ae2e076739ea3@dizum.com:
>
> Back again with the same ********? You get the same answer as
> last time.
>
> If you have some argument to show how an unencrypted partition
> table would permit decrypting the contents of of an encrypted
> partition, then make it. If not, then, as I have repeatedly
> suggested: Do be a good little moron and **** off.

You've already been given a cite explaining exactly how and why
unencrypted partition tables are a risk. How they can in FACT aid
in the cryptanalysis of an encrypted volume, and you damned well
know it or you wouldn't have made a pathetic attempt to twist
things into some discussion of absolutes.

Your willingness to make fool of yourself through blatant
dishonesty is fast becoming your most defining quality nemo.

Anonymous
02-09-08, 04:21 PM
Ari wrote:

> On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
>
> > That's really funny coming from someone whose idea of "secure"
> > is hiding something in a sock drawer.
>
> Depends on where the sock drawer resides. For you, yes, totally
> insecure. Since you sleep on your hobo bag in the alley.

but my socks are all bar code encrypted. and everyone knows bar code
encryption is safe enough to secure 40 acre nuclear test facilities.

Anonymous
02-09-08, 04:56 PM
Henrique Mandalin wrote:

> Ari wrote:
> > On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
> >
> >> That's really funny coming from someone whose idea of "secure"
> >> is hiding something in a sock drawer.
> >
> > Depends on where the sock drawer resides. For you, yes, totally
> > insecure. Since you sleep on your hobo bag in the alley.
>
> It would be interesting to hear how you know that fact, if it is,
> in fact, a fact.

Ari is acutely allergic to facts.

>
> Henrique
>

Anonymous
02-09-08, 04:56 PM
Henrique Mandalin wrote:

> Ari wrote:
> > On Sat, 9 Feb 2008 06:15:31 +0000 (UTC), Anonymous wrote:
> >
> >> That's really funny coming from someone whose idea of "secure" is
> >> hiding something in a sock drawer.
> >
> > Depends on where the sock drawer resides. For you, yes, totally insecure.
> > Since you sleep on your hobo bag in the alley.
>
> It would be interesting to hear how you know that fact, if it is, in
> fact, a fact.

It's a fact Ari's facts and real facts are factually two different
things, in fact.

>
> Henrique
>

George Orwell
02-09-08, 05:01 PM
nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>
> Windows cannot boot from a completely encrypted disk because there's
> nothing to decrypt those first bytes to even get the process started.

Nope! Sorry, but your **** retentivness is making you miss something so
obvious I'm actually surprised I've strung you along this long. Figured
you'd have stumbled across the answer by now, especially since someone
else already hinted at it.

If you ask really nice I'll clue you in. :)

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell
02-09-08, 05:16 PM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:bf6ea79edec361e1aad589185e7d1167@mixmaster.it:
>
> > nemo_outis wrote:
> ...
> >> As for an unencrypted partition table disclosing info, that
> >> trivial info is useless for decrypting the contents of the
> >> partitions or even inferring the nature of what is contained
> >> in them.
>
> > I see. So now you believe you're smarter than all the encryption
> > and cryptanalysis experts that ever lived, combined.
>
>
> You see little and comprehend less.

You snip like a little ****ing coward and hope nobody sees any of
it. Isn't working. Here it is again coward:

http://www.jetico.com/bcve_web_help/index.php?info=html/01_introduction/02_what_is_ve.htm

"We call encryption software working with volumes Volume Encryption
software. Note that if Volume Encryption software encrypts a volume
consisting of a single partition, for the user it will give the same
result as Partition Encryption software. If a single partition
occupies the whole hard drive, Volume Encryption will be equal both
to Whole Disk Encryption and Partition Encryption. Encrypting of
basic partition C: on Figure 3 below illustrates that."

"Volume Encryption software works with volume as with a single
portion of data. Volume is always in one of the two definite
states: if password is not entered, the whole volume is not
accessible. If the user enters the proper password and opens the
volume, all its parts, even stored on different hard drives, become
accessible. In our opinion, working with volumes is more native
both for the user and computer, because it is a volume that stores
a complete filesystem structure and a complete tree of the user's
files. As in the modern world single volume stores data scattered
on a number of physical disks, it is more convenient and safe to
manage a volume, rather than work with every physical drive
separately."

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

George Orwell
02-09-08, 05:16 PM
Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > If you have some argument to show how an unencrypted partition
> > table would permit decrypting the contents of of an encrypted
> > partition, then make it.
>
>
> It doesn't. What it permits is to differ the encrypted disc from
> random data, and it permits knowledge about the partitioning of
> the volume inside the encrypted container.

Which can, potentially, lead to several attack vectors.

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Cyberiade.it Anonymous Remailer
02-09-08, 05:22 PM
Ari wrote:

> On Sat, 09 Feb 2008 17:41:28 GMT, nemo_outis wrote:
>
> > No, Sebastian, by far the most plausible reason for every drive
> > on a computer being filled with random junk is that encryption
> > is being used.
> >
> > Regards,
>
> ********, Usenet posts.

especially ones by kikes about bar code crypto and 40 acre nuclear
test facilities.

Sebastian G.
02-09-08, 05:23 PM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:615b23F1sfp4gU2@mid.dfncis.de:
>
>> Such a modification is even explicitly intended by Microsoft, it's
>> called an "unattended setup".
>
> It's not the unintended setup that's unsupported ny Microsoft, but setup to
> a removable drive (e.g., USB)


Unsupported, not crippled.

> Yes, blatantly implausible ones.


Just call them "standard practices" and troll away, please!

Sebastian G.
02-09-08, 05:27 PM
nemo_outis wrote:


>> - This is not a limitation of Windows' boot process. Why do you think
>> it is?
>>
>> - storing the initial boot loader on another media to avoid running a
>> potentially modified bootloader from the disk in neither unknown nor
>> unusual, so it's no wonder that some products actually implement this
>
> How can you be this stupid, Sebastian? No matter how easy you think it
> is, no matter how badly you want it, the plain fact of the matter is that
> WINDOWS DOESN'T DO IT!


Windows obviously does it for unencrypted media, and for encrypted media PGP
WholeDisk has been working with this for quite a while. Now will you finally
stop ignoring trivial facts? There's nothing special with that this simply
works, it's so trivial that even the programmers from Microsoft implemented
it. In fact, its hard to implement a boot loader which does not support
being stage 2.

Sebastian G.
02-09-08, 05:30 PM
Anonymous wrote:


>> Which is wrong again. For all those FDE products which use CBC
>> mode, the swap file is likely to contain an IV, which leaks the
>
> Which doesn't matter one ****ing bit because unless it's mounted,
> it's encrypted.

>

> What an idiot.


The only idiot here is you, because you can't read. The fact that data is
leaked even though the pagefile is on the encrypted volume is exactly the issue!

>> first block of data for every CBC block. For LRW, swapping out an
>> empty page with the LRW tweak key at the beginning or the end
>> will allow an attacker to retrieve the LRW tweak, and therefore
>> distinguishing the encrypted volume from random data. For ESSIV
>> it's the same.

Sebastian G.
02-09-08, 05:31 PM
Cyberiade.it Anonymous Remailer wrote:

> nemo_outis wrote:
>
>> George Orwell <nobody@mixmaster.it> wrote in
>> news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it:
>>
>>> nemo_outis wrote:
>>>
>>>> There must - necessarily! - be a small amount of unencrypted code on
>>>> the boot/system volume. This is invariably located on track 0.
>>> Nope! I fact with *true* whole disk encryption there is absolutely no
>>> unencrypted information on a device at all.
>> Uhh, doofus, Windows cannot boot from a completely encrypted disk because
>> there's nothing to decrypt those first bytes to even get the process
>
> Wrong!
>
> Windows can trivially boot from a completely, 100% end to end including
> sector 0, encrypted drive without modifying Windows at all, without
> using any external bootstrapping at all, and without using any stupid
> "boot sector copying" scheme.


OK, now I'm interested: How is this supposed to work? If everything is
encrypted, where's the code for the decryption?

Sebastian G.
02-09-08, 05:36 PM
nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>
> Windows cannot boot from a completely encrypted disk because there's
> nothing to decrypt those first bytes to even get the process started.

This decryption can be provided by an additional, removal media. The media
only decrypts the the boot loader mini driver, which is turn will decrypt
the relevant files, boot up the Windows kernel and pass over control to the
actual decryption driver.

TrueCrypt does not support this scheme. PGP Whole Disk Encryption does, and
some other claim to do so as well.


Indeed, in his special limitation where no such external boot loader is
used, it's of course nonsense.

Sebastian G.
02-09-08, 05:43 PM
Cyberiade.it Anonymous Remailer wrote:


> Denying the obvious and quibbling like a school girl over meaningless
> semantics doesn't make YOU appear clever. In spite of what you think.


If it's really crippled, then why does Microsoft WinPE toolkit explicitly
support this operation?

>> Well, then tell me just one thing: If it was really crippled, then why was I
>> able to unleash this functionality with nothing but a text editor and an
>> archiver (for unpacking and optionally repacking the CABinet archives)?
>
> Obviously, your text editor and achiever were all the tools needed You
> "fixed" something just like a doctor might re-break a leg and set it
> properly to correct some crippling disability.


No. If it was crippled, then these tools wouldn't have been sufficiet. I'd
have needed a disassembler and a hex editor to alter the code.

The only thing I altered were public configuration options, which do exist
exactly for the purpose of configurability.

Nomen Nescio
02-09-08, 06:00 PM
nemo_outis wrote:

Good grief! That was such a lexically desperate cluster**** it's tough
to know for sure, and your testosterone levels have dropped so far
you can't handle quoting anything so htere's no context, but apparently
you're so flustered you're cowering back behind your (HEY LOOK OVER
THERE EVERYONE!) == (good security) crap again.

Once again dullard, "plausible" is a subjective term with no absolutes
that aren't defined on a case by case basis, in a subjective manner.
Even Truecrypt acknowledges this on the own web site.

Wanna be bitch slapped with another cite today grasshopper?

*evil snicker*

Cyberiade.it Anonymous Remailer
02-09-08, 06:08 PM
Sebastian G. wrote:

> nemo_outis wrote:
>
>
> > If you have some argument to show how an unencrypted partition
> > table would permit decrypting the contents of of an encrypted
> > partition, then make it.
>
>
> It doesn't. What it permits is to differ the encrypted disc from
> random data, and it permits knowledge about the partitioning of
> the volume inside the encrypted container.

Only half right. Knowing what type of data might be contained in an
encrypted volume does in general assist in cryptanalysis. Some
forms of this attack are known as "watermarking". Taken to the
extreme it's called a "known plaintext" attack. You have heard
those terms before, haven't you?

And yes, before we start quibbling about the differences so
you can ignore the obvious similarities, those differences exist.
However not as markedly as you may suspect at first jerk. Knowing
that an encrypted volume contains in fact can lead to an actual
known plaintext attack if you're aware of the encrypted volume's
topography (freely published knowledge in this case), and have
knowledge of where certain things will reside within that volume.
Since Windows places certain things in specific areas of a disk,
knowing what's contained inside that encrypted volume enables an
easier collation, and ultimately, the possibility of a successful
attack.

Not that I'm aware of any sort of exploitable known plaintext
weakness in Truecrypt of course. I believe it to be quite secure.
But in general this demonstrates one possible weakness that might
be introduced in a plaintext partition table scenario. And if you
really consider things broadly, it spotlights why OTP is considered
the only truly unbreakable form of encryption. If a ciphertext can
potentially be "anything", it's impossible to even know if you've
successfully decrypted it or not. ;)

Anon
02-09-08, 06:22 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:82ea57176532ddf0881ca98427937d4a@dizum.com:

> nemo_outis wrote:
>
>> >> Bestcrypt Volume Encryption for Windows is among the most advanced
>> >> full-HD OTFE encryption systems. Not only can it encrypt all HD
>> >> partitions on all HDs (including the boot/system one) it supports
>> >> complete encyption of spanned, mirrored, and striped volumes, as
>> >> well as RAID 5 volumes. It also supports physical tokens in
>> >> addition to a password/passphrase for additional security.
>> >>
>> >> http://www.jetico.com/bcve.htm
>> >
>> > That paragraph doesn't exist at all on that page. Or anywhere else
>> > on Jetico's site that I can find.
>>
>> Of course, you ****ing moron, that paragraph is mine, in my words -
>> there are no quotation marks, no "Jeticos says" in it. It's a
>> simple description and characterization of the program clearly
>> provided by me, the author of the post, the fellow with his name in
>> the "From" header - just as anyone who wasn't a moron like you would
>> expect. You've just failed to comprehend plain English - yet again.
>
> I almost feel sorry for you. Even you had to cringe when you made the
> decision to try and float such a whopper.
>
> *snicker*
>
> Nobody is going to buy it liar. If you're going to play that way
> you're going to at least play on some level above "imbecile". Come up
> with a credible lie. Maybe "Oh, they must have just changed that page
> when they released 5.0" or something. It wouldn't really help all that
> much because the link you provided says exactly the opposite of the
> lie you tried to tell, but at the bottom end of the evolutionary
> ladder you would, at least, stand out among your peers.
>
You simply mistook his statement for a quote, and you can't seem
to see that his explanation makes perfect sense.

It was not in quotes or set off by indentation, and he never claimed
it was a quote.

What is your problem?

"*snicker*"

Oh, and that's me, quoting you.

*snicker*

and then me giggling like a stupid idiot.

Sebastian G.
02-09-08, 06:22 PM
Cyberiade.it Anonymous Remailer wrote:

> it spotlights why OTP is considered
> the only truly unbreakable form of encryption. If a ciphertext can
> potentially be "anything", it's impossible to even know if you've
> successfully decrypted it or not. ;)


OTP's security comes from the fact that knowing the message doesn't change
the a priory probability of the plaintext. It never claimed that all
plaintexts are equally likely.

George Orwell
02-09-08, 06:47 PM
nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>
> Windows cannot boot from a completely encrypted disk because there's
> nothing to decrypt those first bytes to even get the process started.

Wanna bet? If I post a link that proves Windows can boot
from a 100% encrypted device, including the MBR, WITHOUT
using any other software or copying any information at
all to or from anywhere, will you put on your clown suit
and dance for us, then leave?

>
> Regards,
>

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Anonymous
02-09-08, 07:00 PM
Sebastian G. wrote:

> Cyberiade.it Anonymous Remailer wrote:
>
> > nemo_outis wrote:
> >
> >> George Orwell <nobody@mixmaster.it> wrote in
> >> news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it:
> >>
> >>> nemo_outis wrote:
> >>>
> >>>> There must - necessarily! - be a small amount of unencrypted code on
> >>>> the boot/system volume. This is invariably located on track 0.
> >>> Nope! I fact with *true* whole disk encryption there is absolutely no
> >>> unencrypted information on a device at all.
> >> Uhh, doofus, Windows cannot boot from a completely encrypted disk because
> >> there's nothing to decrypt those first bytes to even get the process
> >
> > Wrong!
> >
> > Windows can trivially boot from a completely, 100% end to end including
> > sector 0, encrypted drive without modifying Windows at all, without
> > using any external bootstrapping at all, and without using any stupid
> > "boot sector copying" scheme.
>
>
> OK, now I'm interested: How is this supposed to work? If everything is
> encrypted, where's the code for the decryption?

Come on, you can figure it out before Nemo I'll bet. ;)

And at that point you'll begin to grasp the meaning of full disk
encryption too. :)

nemo_outis
02-09-08, 07:10 PM
Keep rereading it until you understand it - eventually you may get it.

Regards,

nemo_outis
02-09-08, 07:12 PM
Anonymous <nobody@aes256.cn> wrote in
news:467a6c3e67d87672537f410df031956d@aes256.cn:

No, Windows boots from the system drive.

You can hack Windows to do otherwise. I myself have used bit & pieces of
the PE kit and embedded version to do just that - but it's a hack.

Regards,

nemo_outis
02-09-08, 07:13 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:6270a31775d25da7059bfd247d8d8412@dizum.com:

Back again with the same ********? You get the same answer as last time.

If you have some argument to show how an unencrypted partition table would
permit decrypting the contents of of an encrypted partition, then make it.
If not, then, as I have repeatedly suggested: Do be a good little moron and
**** off.

Regards,

nemo_outis
02-09-08, 07:15 PM
George Orwell <nobody@mixmaster.it> wrote in
news:69260f18808f2e54180e245439fe6696@mixmaster.it:

If you have something to say, say it.

Then, if it's not utter nonsence, I may reply.

Regards,

nemo_outis
02-09-08, 07:16 PM
George Orwell <nobody@mixmaster.it> wrote in
news:2f232c66d7dd1e5ccf22d1b0cb3ad90b@mixmaster.it:

You still have figured things out? You'd better reread it yet again.

Regards,

nemo_outis
02-09-08, 07:18 PM
"Sebastian G." <seppi@seppig.de> wrote in
news:616neqF1thrluU2@mid.dfncis.de:

>> It's not the unintended setup that's unsupported ny Microsoft, but
>> setup to a removable drive (e.g., USB)
>
> Unsupported, not crippled.

More quibbling and caviling, Sebastian. Microsoft does NOT support Windows
configured in such ways. In short, it's a hack, Sebastian.

Regards,

nemo_outis
02-09-08, 07:19 PM
"Sebastian G." <seppi@seppig.de> wrote in
news:616nm0F1thrluU3@mid.dfncis.de:

Micrsoft ionly supports Windows booting from the system disk - anything
else is a hack.

Regards,

nemo_outis
02-09-08, 07:24 PM
"Sebastian G." <seppi@seppig.de> wrote in
news:616o5pF1thrluU6@mid.dfncis.de:

> nemo_outis wrote:
>
>> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it>
>> wrote in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>>
>> Windows cannot boot from a completely encrypted disk because there's
>> nothing to decrypt those first bytes to even get the process started.
>
> This decryption can be provided by an additional, removal media. The
> media only decrypts the the boot loader mini driver, which is turn
> will decrypt the relevant files, boot up the Windows kernel and pass
> over control to the actual decryption driver.
>
> TrueCrypt does not support this scheme. PGP Whole Disk Encryption
> does, and some other claim to do so as well.

Yes, but this is a hack of Windows, Sebastian.

I've hacked Windows in similar ways myself - I have a stripped down
version of XP that boots from a USB stick. Very handy for
diagnostics/recovery when things go awry.

And, of course, one can do adiitional hacks so that the initialization
code on one device (e.g., a USB stick) hands off the rest of Windows
operation to a separate volume (commonly a RAM disk, but potentially a
HD).

But these are hacks of Windows, Sebastain - completely unsupported.

Regards,

nemo_outis
02-09-08, 07:24 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:0c1c7bde2e1352bf6ab6f2bb1ddf5e1e@dizum.com:

Are you still blithering on?

Regards,

nemo_outis
02-09-08, 07:27 PM
George Orwell <nobody@mixmaster.it> wrote in
news:c55c038c9722894a88f01af8c6244801@mixmaster.it:

If you have something to say, then say it.

Until then (and probably even after) you're just noise on the channel.

Regards,

Nomen Nescio
02-09-08, 07:40 PM
Sebastian G. wrote:

> Cyberiade.it Anonymous Remailer wrote:
>
> > it spotlights why OTP is considered
> > the only truly unbreakable form of encryption. If a ciphertext can
> > potentially be "anything", it's impossible to even know if you've
> > successfully decrypted it or not. ;)
>
>
> OTP's security comes from the fact that knowing the message doesn't change
> the a priory probability of the plaintext. It never claimed that all
> plaintexts are equally likely.

No, that's EXACTLY what H(M) = H(M | C) means, if you actually
understand it. Since a priory probability and a posteriori probability
are equal a given ciphertext could in fact decrypt to... anything.
Given the appropriate pad of course.

For someone who tries to paint themselves as possessing some level of
understanding with respect to crypto and general security by slinging
around terms, you really don't grasp much any of it with any REAL
understanding, do you?

Cyberiade.it Anonymous Remailer
02-09-08, 07:54 PM
nemo_outis wrote:

> Keep rereading it until you understand it - eventually you may get it.

Read what, coward? This?

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

*snicker*

Cyberiade.it Anonymous Remailer
02-09-08, 08:09 PM
Sebastian G. wrote:

> nemo_outis wrote:
>
> > Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
> > in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
> >
> > Windows cannot boot from a completely encrypted disk because there's
> > nothing to decrypt those first bytes to even get the process started.
>
> This decryption can be provided by an additional, removal media. The media

Nope. Not even close.

Anonymous
02-09-08, 08:15 PM
nemo_outis wrote:

<snip a'la nemo>

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

*snicker*

nemo_outis
02-09-08, 08:31 PM
Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote in
news:a964c9301e9397099e2bddc3bb6136cd@remailer.cyberiade.it:

> "The chapter explains why BestCrypt Volume Encryption (a line in
> BestCrypt family of encryption software products) has got Volume
> Encryption name. Many people may think that Volume Encryption is the
> same as Partition Encryption or even Whole Disk Encryption. Sometimes
> it is really so, but not always, and it is worth to learn about the
> difference."

You continue not to understand what Bestcrypt says. Now, if it were only a
question of your continued lack of understanding I would allow you to
wallow in your ignorance forever, since you're not worth the sweat off my
balls.

However, in case anyone else is taken in by your foolishness, let me point
out to them that Bestcrypt talks about - hell, brags about! - providing
"volume encryption" because Bestcrypt uses volume in the "Microsoft sense"
to refer to a storage entity (a volume) that can (inter alia) be stored
across (i.e., span) multiple partitions and even *MULTIPLE hard drives*
including the volume as a mirror, stripe or RAID 5.

Regards,

nemo_outis
02-09-08, 08:32 PM
Anonymous <xor@hermetix.org> wrote in news:d904e9efeb6af2a0cce14df80011c913
@hermetix.org:

Reread it again - you still don't understand it.

Regards,

George Orwell
02-09-08, 08:32 PM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:69260f18808f2e54180e245439fe6696@mixmaster.it:
>
> If you have something to say, say it.

No, you have to ask nicely first. Shouldn't be necessary because it's
so obvious, but hey... if you're just to stupid to figure it out you're
just to stupid. Guess there's nothing we can do about your genetics.

*shrug*

We can try to train some manners into you though. So sit up straight
and pretend you're really not the emotional equivalent of a seven year
old, and ask.

Have that nose ready.

>
> Then, if it's not utter nonsence, I may reply.

You must be getting a bit flustered. Not only are you running away from
posts, your spelling and grammar are really starting to suck hind tit.

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

anonymous@remailer.hastio.org
02-09-08, 08:59 PM
In article <9add438392ef222c5502081bb6856eac@dizum.com>
Nomen Nescio <nobody@dizum.com> wrote:
>
> Sebastian G. wrote:
>
> > Cyberiade.it Anonymous Remailer wrote:
> >
> > > it spotlights why OTP is considered
> > > the only truly unbreakable form of encryption. If a ciphertext can
> > > potentially be "anything", it's impossible to even know if you've
> > > successfully decrypted it or not. ;)
> >
> >
> > OTP's security comes from the fact that knowing the message doesn't change
> > the a priory probability of the plaintext. It never claimed that all
> > plaintexts are equally likely.
>
> No, that's EXACTLY what H(M) = H(M | C) means, if you actually
> understand it. Since a priory probability and a posteriori probability
> are equal a given ciphertext could in fact decrypt to... anything.
> Given the appropriate pad of course.
>
> For someone who tries to paint themselves as possessing some level of
> understanding with respect to crypto and general security by slinging
> around terms, you really don't grasp much any of it with any REAL
> understanding, do you?

The British merchant navy used OTP (maybe still do) for GBMS and GACQ
messages. The pads were stored in the Captain's safe with a copy
in the radio officer's safe. Despite the restrictions on radio officer's
having to be of British nationality and requiring screening before being
issued with their PMG Certificates, the British authorities always made
an exception for Irish (Eire) nationals. Even during the darkest days of
the troubles in Northern Ireland (Ulster), Irish qualified radio officers
were still recruited and therefore given access to these pads. It is
inconceivable that not one single Irish national radio officer did not
copy these pads.

This suggests that OTP's are only as secure as the methodology of
securing them against being compromised. Arguments of their security
are of no avail against allowing an attacker access to them.

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.

Anonymous
02-09-08, 09:16 PM
nemo_outis wrote:

<snip a'la nemo>

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

*snicker*

Nomen Nescio
02-09-08, 09:20 PM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:616neqF1thrluU2@mid.dfncis.de:
>
> >> It's not the unintended setup that's unsupported ny Microsoft, but
> >> setup to a removable drive (e.g., USB)
> >
> > Unsupported, not crippled.
>
> More quibbling and caviling, Sebastian. Microsoft does NOT support
> Windows configured in such ways. In short, it's a hack, Sebastian.

Actually Microsoft does in deed support such Windows configurations,
openly and officially.

>
> Regards,

nemo_outis
02-09-08, 09:22 PM
George Orwell <nobody@mixmaster.it> wrote in
news:7274f8b17fa7ca9e23b39b9220e17cbb@mixmaster.it:

If you have something to say, say it.

Regards,

Nomen Nescio
02-09-08, 09:30 PM
nemo_outis wrote:

You've already been given a cite explaining exactly how and why
unencrypted partition tables are a risk. How they can in FACT aid
in the cryptanalysis of an encrypted volume, and you damned well
know it or you wouldn't have made a pathetic attempt to twist
things into some discussion of absolutes.

Anonymous
02-09-08, 09:30 PM
nemo_outis wrote:

> You continue not to understand what Bestcrypt says. Now, if it
> were only a question of your continued lack of understanding I
> would allow you to wallow in your ignorance forever, since you're
> not worth the sweat off my balls.
>
> However, in case anyone else is taken in by your foolishness, let
> me point out to them that Bestcrypt talks about - hell, brags
> about! - providing "volume encryption" because Bestcrypt uses
> volume in the "Microsoft sense" to refer to a storage entity (a
> volume) that can (inter alia) be stored across (i.e., span)
> multiple partitions and even *MULTIPLE hard drives* including the
> volume as a mirror, stripe or RAID 5.

Which all means absolutely nothing except you're desperately trying
to cloud the issue to avoid having to admit you're FOS, because
none of that defines Bestcrypt as whole disk encryption. None of it.

Jetico doesn't claim Bestcrypt to be WD encryption, in fact they
call it something else completely and go out of their way to make
readers aware that the differences should be considered.

Bestcrypt isn't even mistakenly listed on any independent site that
categorizes or reviews encryption software, as whole disk. Nowhere.

The only one running around like their head is on fire screaming IS
TO! IS TO! IS TO! in between hiding from the aforementioned
description is you

Has it even crossed your mind yet why that might be? Why you think
your interpretation is "right" and the entire rest of the world is
wrong?

There's a medical term for that state of mind, nemo_outis.

George Orwell
02-09-08, 09:49 PM
nemo_outis wrote:

> You continue not to understand what Bestcrypt says.

You mean this...

"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."

*snicker*

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Nomen Nescio
02-09-08, 10:10 PM
nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:0c1c7bde2e1352bf6ab6f2bb1ddf5e1e@dizum.com:
>
> Are you still blithering on?

Are you still running like a coward from cites?

Of course you are. :)

>
> Regards,
>

Cyberiade.it Anonymous Remailer
02-09-08, 10:27 PM
nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:7274f8b17fa7ca9e23b39b9220e17cbb@mixmaster.it:
>
> If you have something to say, say it.

No, you have to ask nicely first. Shouldn't be necessary because it's
so obvious, but hey... if you're just to stupid to figure it out you're
just to stupid. Guess there's nothing we can do about your genetics.

*shrug*

We can try to train some manners into you though. So sit up straight
and pretend you're really not the emotional equivalent of a seven year
old, and ask.

Have that nose ready.

bealoid
02-10-08, 05:16 AM
George Orwell <nobody@mixmaster.it> wrote in
news:c55c038c9722894a88f01af8c6244801@mixmaster.it:

> nemo_outis wrote:
>
>> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
>> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>>
>> Windows cannot boot from a completely encrypted disk because there's
>> nothing to decrypt those first bytes to even get the process started.
>
> Wanna bet? If I post a link that proves Windows can boot
> from a 100% encrypted device, including the MBR, WITHOUT
> using any other software or copying any information at
> all to or from anywhere, will you put on your clown suit
> and dance for us, then leave?

I'm not that person, but I'd be interested to see the link please.

How secure is ATA Disk encryption? There seem to be many tools to unlock
discs.

Sebastian G.
02-10-08, 07:09 AM
Anonymous wrote:

> Sebastian G. wrote:
>
>> Cyberiade.it Anonymous Remailer wrote:
>>
>>> nemo_outis wrote:
>>>
>>>> George Orwell <nobody@mixmaster.it> wrote in
>>>> news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it:
>>>>
>>>>> nemo_outis wrote:
>>>>>
>>>>>> There must - necessarily! - be a small amount of unencrypted code on
>>>>>> the boot/system volume. This is invariably located on track 0.
>>>>> Nope! I fact with *true* whole disk encryption there is absolutely no
>>>>> unencrypted information on a device at all.
>>>> Uhh, doofus, Windows cannot boot from a completely encrypted disk because
>>>> there's nothing to decrypt those first bytes to even get the process
>>> Wrong!
>>>
>>> Windows can trivially boot from a completely, 100% end to end including
>>> sector 0, encrypted drive without modifying Windows at all, without
>>> using any external bootstrapping at all, and without using any stupid
>>> "boot sector copying" scheme.
>>
>> OK, now I'm interested: How is this supposed to work? If everything is
>> encrypted, where's the code for the decryption?
>
> Come on, you can figure it out before Nemo I'll bet. ;)


Some people have been discussing using LinuxBIOS or a BIOS modification for
implementing the decryption routine in the BIOS, however I would count this
as external bootstrapping scheme. (And it's obviously detectable.)

Sebastian G.
02-10-08, 07:12 AM
nemo_outis wrote:

> Anonymous <nobody@aes256.cn> wrote in
> news:467a6c3e67d87672537f410df031956d@aes256.cn:
>
> No, Windows boots from the system drive.


Actually this is a bit confusing, since Microsoft accidentally swapped these
two terms. That is, the boot loader is stored on the "System Drive" and
Windows itself is stored on the "Boot Drive". And the variable %SYSTEMDRIVE%
points to where Windows is stored...

Sebastian G.
02-10-08, 07:14 AM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:616nm0F1thrluU3@mid.dfncis.de:
>
> Micrsoft ionly supports Windows booting from the system disk - anything
> else is a hack.


Nonsense. Microsoft supports staged boot loading very well, and it doesn't
require any hack. There's absolutely no problem installing GRUB, GRUB loads
the Windows boot sector which in turn load NTLDR and so on.

Sebastian G.
02-10-08, 07:19 AM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:616o5pF1thrluU6@mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it>
>>> wrote in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>>>
>>> Windows cannot boot from a completely encrypted disk because there's
>>> nothing to decrypt those first bytes to even get the process started.
>> This decryption can be provided by an additional, removal media. The
>> media only decrypts the the boot loader mini driver, which is turn
>> will decrypt the relevant files, boot up the Windows kernel and pass
>> over control to the actual decryption driver.
>>
>> TrueCrypt does not support this scheme. PGP Whole Disk Encryption
>> does, and some other claim to do so as well.
>
> Yes, but this is a hack of Windows, Sebastian.


Why should this be a hack? It's staged boot loading, which has been a
trivial thing since ever.

> And, of course, one can do adiitional hacks so that the initialization
> code on one device (e.g., a USB stick) hands off the rest of Windows
> operation to a separate volume (commonly a RAM disk, but potentially a
> HD).


You're handing over the boot record, nothing else.

> But these are hacks of Windows, Sebastain - completely unsupported.

So it's a pure wonder that the Windows supports booting DOS?

Sebastian G.
02-10-08, 07:26 AM
anonymous@remailer.hastio.org wrote:


>>>> it spotlights why OTP is considered
>>>> the only truly unbreakable form of encryption. If a ciphertext can
>>>> potentially be "anything", it's impossible to even know if you've
>>>> successfully decrypted it or not. ;)
>>>
>>> OTP's security comes from the fact that knowing the message doesn't change
>>> the a priory probability of the plaintext. It never claimed that all
>>> plaintexts are equally likely.
>> No, that's EXACTLY what H(M) = H(M | C) means, if you actually
>> understand it. Since a priory probability and a posteriori probability
>> are equal a given ciphertext could in fact decrypt to... anything.
>> Given the appropriate pad of course.


I'll give you a counter example:

encryption:
- if the plaintext is "Nomen Nescio understands OTP", then stop and fail
- generate a random stream as long as the plaintext, it's the key
- add them, you get the ciphertext

decryption:
- subtract key from ciphertext
- if the plaintext is "Nomen Nescio understands OTP", then stop and fail
- otherwise it's the plaintext

This scheme is, by definition above, a OTP. Yet the plaintext "Nomen Nescio
understands OTP" is impossible and no ciphertext can decrypt to this.

Sebastian G.
02-10-08, 07:34 AM
anonymous@remailer.hastio.org wrote:


>>>> >>>> it spotlights why OTP is considered
>>>> >>>> the only truly unbreakable form of encryption. If a ciphertext can
>>>> >>>> potentially be "anything", it's impossible to even know if you've
>>>> >>>> successfully decrypted it or not. ;)
>>> >>>
>>> >>> OTP's security comes from the fact that knowing the message doesn't
change
>>> >>> the a priory probability of the plaintext. It never claimed that all
>>> >>> plaintexts are equally likely.
>> >> No, that's EXACTLY what H(M) = H(M | C) means, if you actually
>> >> understand it. Since a priory probability and a posteriori probability
>> >> are equal a given ciphertext could in fact decrypt to... anything.
>> >> Given the appropriate pad of course.


I'll give you a counter example:

encryption:
- if the plaintext is "Nomen Nescio understands OTP", then stop and fail
- generate a random stream as long as the plaintext, it's the key
- add them, you get the ciphertext

decryption:
- subtract key from ciphertext
- if the plaintext is "Nomen Nescio understands OTP", then stop and fail
- otherwise it's the plaintext

This scheme is, by definition above, a OTP. Yet the plaintext "Nomen Nescio
understands OTP" is impossible and no ciphertext can decrypt to this.



As a suggestion for fixing your definition:

For every *possible* plaintext the number of keys which decrypt a given
ciphertext to this plaintext are the same.

\exist d=const \forall p,c |K|=d | \forall k \iselem K dec(c,k)=p

Sebastian G.
02-10-08, 07:35 AM
bealoid wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:c55c038c9722894a88f01af8c6244801@mixmaster.it:
>
>> nemo_outis wrote:
>>
>>> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote
>>> in news:24250861f8cfd5a440460111e28b78d8@remailer.cyberiade.it:
>>>
>>> Windows cannot boot from a completely encrypted disk because there's
>>> nothing to decrypt those first bytes to even get the process started.
>> Wanna bet? If I post a link that proves Windows can boot
>> from a 100% encrypted device, including the MBR, WITHOUT
>> using any other software or copying any information at
>> all to or from anywhere, will you put on your clown suit
>> and dance for us, then leave?
>
> I'm not that person, but I'd be interested to see the link please.
>
> How secure is ATA Disk encryption? There seem to be many tools to unlock
> discs.


So far any implementation I've seen used ECB mode, thus is way worse than an
serious software implementation with only the MBR and the partition table
exposed.

nemo_outis
02-10-08, 09:33 AM
Anonymous <nobody@aes256.cn> wrote in news:f6d82b677cb53990d053cc3497b70035
@aes256.cn:

You still don't understand. Reread what Bestcrypt has to say again.

Regards,

nemo_outis
02-10-08, 09:34 AM
Nomen Nescio <nobody@dizum.com> wrote in
news:424d41c3a928e32ff32a6de3233c124a@dizum.com:

If you can show how an unencrypted partition table can be used to decrypt
the drive's contents, do so. If not, STFU.

Regards,

nemo_outis
02-10-08, 09:35 AM
You continue not to understand what Bestcrypt says.

Regards,

nemo_outis
02-10-08, 09:35 AM
Nomen Nescio <nobody@dizum.com> wrote in
news:ac2dd4822eb77108f2a947569fd48ebc@dizum.com:

You're still blithering?

Regards,

nemo_outis
02-10-08, 09:36 AM
If you have something to say, say it. Otherwise STFU.

Regards,

nemo_outis
02-10-08, 09:39 AM
"Sebastian G." <seppi@seppig.de> wrote in
news:6187vmF1tdk23U4@mid.dfncis.de:

> nemo_outis wrote:
>
>> Anonymous <nobody@aes256.cn> wrote in
>> news:467a6c3e67d87672537f410df031956d@aes256.cn:
>>
>> No, Windows boots from the system drive.
>
>
> Actually this is a bit confusing, since Microsoft accidentally swapped
> these two terms. That is, the boot loader is stored on the "System
> Drive" and Windows itself is stored on the "Boot Drive". And the
> variable %SYSTEMDRIVE% points to where Windows is stored...

And manipulating those pointers is one way to get a USB stick to boot and
pass control to most of Windows that is typically stored in RAM. However,
it's an unsupported hack.

Regards,

nemo_outis
02-10-08, 09:40 AM
"Sebastian G." <seppi@seppig.de> wrote in
news:61883qF1tdk23U5@mid.dfncis.de:

> nemo_outis wrote:
>
>> "Sebastian G." <seppi@seppig.de> wrote in
>> news:616nm0F1thrluU3@mid.dfncis.de:
>>
>> Micrsoft ionly supports Windows booting from the system disk -
>> anything else is a hack.
>
>
> Nonsense. Microsoft supports staged boot loading very well, and it
> doesn't require any hack. There's absolutely no problem installing
> GRUB, GRUB loads the Windows boot sector which in turn load NTLDR and
> so on.

No, that's an hack, unsupported by Microsoft.

Regards,

nemo_outis
02-10-08, 09:41 AM
"Sebastian G." <seppi@seppig.de> wrote in news:6188cpF1tlvvsU1
@mid.dfncis.de:

> nemo_outis wrote:
>
>> "Sebastian G." <seppi@seppig.de> wrote in
>> news:616o5pF1thrluU6@mid.dfncis.de:
>>
>>> nemo_outis wrote:
>>>
>>>> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it>
>>>> wrote in news:24250861f8cfd5a440460111e28b78d8
@remailer.cyberiade.it:
>>>>
>>>> Windows cannot boot from a completely encrypted disk because there's
>>>> nothing to decrypt those first bytes to even get the process
started.
>>> This decryption can be provided by an additional, removal media. The
>>> media only decrypts the the boot loader mini driver, which is turn
>>> will decrypt the relevant files, boot up the Windows kernel and pass
>>> over control to the actual decryption driver.
>>>
>>> TrueCrypt does not support this scheme. PGP Whole Disk Encryption
>>> does, and some other claim to do so as well.
>>
>> Yes, but this is a hack of Windows, Sebastian.
>
>
> Why should this be a hack? It's staged boot loading, which has been a
> trivial thing since ever.

I didn't say it was difficult, Sebastian, I said it was an unsupported
hack. And so it is.

Regards,

nemo_outis
02-10-08, 09:52 AM
You still don't understand what Bestcrypt is saying. Reread it again.

Regards,

nemo_outis
02-10-08, 09:54 AM
Nomen Nescio <nobody@dizum.com> wrote in
news:fb3b3896131346c1b26c2f7664e53eb5@dizum.com:

Actually no.

Regards,

Sebastian G.
02-10-08, 10:36 AM
nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:424d41c3a928e32ff32a6de3233c124a@dizum.com:
>
> If you can show how an unencrypted partition table can be used to decrypt
> the drive's contents, do so. If not, STFU.


He doesn't have to. The mere fact that the partition table is unencrypted is
a violation of the security goal.

Sebastian G.
02-10-08, 10:38 AM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:6187vmF1tdk23U4@mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>> Anonymous <nobody@aes256.cn> wrote in
>>> news:467a6c3e67d87672537f410df031956d@aes256.cn:
>>>
>>> No, Windows boots from the system drive.
>>
>> Actually this is a bit confusing, since Microsoft accidentally swapped
>> these two terms. That is, the boot loader is stored on the "System
>> Drive" and Windows itself is stored on the "Boot Drive". And the
>> variable %SYSTEMDRIVE% points to where Windows is stored...
>
> And manipulating those pointers is one way to get a USB stick to boot and
> pass control to most of Windows that is typically stored in RAM. However,
> it's an unsupported hack.


There is no need to do so. Just let the boot loader on any external media
load the Windows boot loader (when Windows is stored on the disc) and
transfer control to it. This is known as boot staging and has been done
since over thirty years, is absolutely nothing special and requires no
manipulation.

Sebastian G.
02-10-08, 10:40 AM
nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:61883qF1tdk23U5@mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>> "Sebastian G." <seppi@seppig.de> wrote in
>>> news:616nm0F1thrluU3@mid.dfncis.de:
>>>
>>> Micrsoft ionly supports Windows booting from the system disk -
>>> anything else is a hack.
>>
>> Nonsense. Microsoft supports staged boot loading very well, and it
>> doesn't require any hack. There's absolutely no problem installing
>> GRUB, GRUB loads the Windows boot sector which in turn load NTLDR and
>> so on.
>
> No, that's an hack, unsupported by Microsoft.

http://en.wikipedia.org/wiki/Booting#Second-stage_boot_loader

Sebastian G.
02-10-08, 10:41 AM
nemo_outis wrote:


> I didn't say it was difficult, Sebastian, I said it was an unsupported
> hack. And so it is.


It's not a hack, since nothing is manipulated.