WinPT question

[Fredrik]

I downloaded and installed the latest version of WinPT today. I generated a new key pair, and figured out how to encrypt/decrypt files using the file manager. But when I encrypt a file, the original remains. What am I supposed to to with that? Throw it in the trash? LOL, that would make it pointless to encrypt it in the first place.

I tried an older version of WinPT some time in the past. With that one, I could just right-click on a file in Explorer and choose "wipe". This time I don't get any WinPT specific items on the right-click menu. Do you know how to get those items to appear on the menu?

WinPT could probably win a contest for having the least user friendly interface. It's driving me nuts. And of course most of the information I've been able to find is in German. If you know a better free file encryption solution for Windows, I'd appreciate it if you could recommend one. If you know a good one that isn't free, I think I might be interested in that too.

 

[Christian Klippel]

Do you need file-by-file encryption? Why not crypt the whole drive instead? For example with TrueCrypt, which allows for a pre-boot authentication. You then have to enter the passphrase before it even boots. This way the whole drive/data is crypted, even temporary files and stuff.

You know, not much to gain if you encrypt single files, but they end up in some unencrypted temporary files during editing.

Greetings,

Chris

 

[Fredrik]

Do you need file-by-file encryption? Why not crypt the whole drive instead? For example with TrueCrypt, which allows for a pre-boot authentication. You then have to enter the passphrase before it even boots. This way the whole drive/data is crypted, even temporary files and stuff.

Thanks for the tip, but I would really prefer to just encrypt a few files, or a single folder, and I want those files to be impossible to read even for a person who's sitting at my computer, logged on with my username and password. (Impossible for anyone who doesn't have the password for my encryption key that is).

Hm, now I see that TrueCrypt has a feature that would work for me: "Creates a virtual encrypted disk within a file and mounts it as a real disk."

You know, not much to gain if you encrypt single files, but they end up in some unencrypted temporary files during editing.

This is true, but it sounds like a problem that can be solved. Isn't there a file encryption program that includes a solution to that problem?

 

[Christian Klippel]

Hm, now I see that TrueCrypt has a feature that would work for me: "Creates a virtual encrypted disk within a file and mounts it as a real disk."

Yes, it does that. You create a so-called container which is encrypted, and that is mounted as a regular drive, giving you an extra drive letter. Use that to store all your sensitive files. You may create another one just for stuff like the temporary files and swapfile (if needed), but i don't know if you can define a folder for Windows to store temporary stuff.

You can even go a step further and add a second, hidden container in the already created one. This way you get "plausible deniability". You use two separate passphrases, one for the "outer", and one for the "inner" container. Depending on which passphrase you enter, you get one of these containers mounted.

Since no one can say if there is an inner container present, you can simply hand out the passphrase for the outer one if pressed to do that, containing only a few harmless files, while the real sensitive stuff is in the inner container, which can not be seen.

Greetings,

Chris

 

[Dogbreath]

I've been using Truecrypt for several years now. I keep a file on my USB drive. Years ago I kept my passwords in a text file. Then I thought I lost my thumb drive. I was close to freaking. I did find my drive in a pants pocket, but decided then that I needed a better solution. I found Truecrypt, which is real nice because the Truecrypt volumes can be accessed on different operating systems. But remember when using encryption - http://www.xkcd.com/538/

 

[Fredrik]

TrueCrypt is a good solution for me. It does everything I want it to, except give me an easy way to delete files securely. I chose another solution for my passwords: PasswordSafe. That was another suggestion I found in these forums.

 

[Christian Klippel]

TrueCrypt is a good solution for me. It does everything I want it to, except give me an easy way to delete files securely.

Well, since the TrueCrypt volume is crypted, there is no real need to have them erased "securely". From the outside, the TrueCrypt volume looks like random data. And since no one else except you is usually having access to the inside of it, it's not much of an issue.

I chose another solution for my passwords: PasswordSafe. That was another suggestion I found in these forums.

I can not recommend such things at all. It simply means that any potential attacker only needs to hack one single password. The whole security of everything that stores passwords in there depends on the implementation and security of that single application. It gets a bit better if you store the password-file of that app on an encrypted volume, but still the remaining stuff depends on that single point of potential failure.

You know, cryptography can be a good thing, but any little flaw in the implementation of the used algorithms can easily compromise the whole thing. In any case, if you want good security, memorize your passwords, instead of throwing them all in one place.

Greetings,

Chris

 

[Fredrik]

Well, since the TrueCrypt volume is crypted, there is no real need to have them erased "securely". From the outside, the TrueCrypt volume looks like random data. And since no one else except you is usually having access to the inside of it, it's not much of an issue.

I meant that it doesn't seem offer a way to wipe a file that isn't on the TrueCrypt volume. With the older version of WinPT I could right-click on any file in Explorer and just choose "wipe".

I can not recommend such things at all. It simply means that any potential attacker only needs to hack one single password. The whole security of everything that stores passwords in there depends on the implementation and security of that single application. It gets a bit better if you store the password-file of that app on an encrypted volume, but still the remaining stuff depends on that single point of potential failure.

Then I'd have to type in two passwords every time I want to access it. That would be really annoying.

In any case, if you want good security, memorize your passwords, instead of throwing them all in one place.

Agreed, but you know what people usually do when they have to remember their passwords: We use the same password for many different things. And that could mean e.g. that someone at the online electronics store where you bought a new mouse is able to clean out your online poker account. We also choose passwords that are easy to remember, like h0bb1t or starTr3k, and that of course reduces the security even further.

 

[Christian Klippel]

I meant that it doesn't seem offer a way to wipe a file that isn't on the TrueCrypt volume. With the older version of WinPT I could right-click on any file in Explorer and just choose "wipe".

Ah, OK. True, it doesn't do any wiping at all.

Then I'd have to type in two passwords every time I want to access it. That would be really annoying.

Agreed, but you know what people usually do when they have to remember their passwords: We use the same password for many different things. And that could mean e.g. that someone at the online electronics store where you bought a new mouse is able to clean out your online poker account. We also choose passwords that are easy to remember, like h0bb1t or starTr3k, and that of course reduces the security even further.

I guess it boils down to how much security one wants and/or needs. I use different passwords almost everywhere. My TrueCrypt volumes have really long passphrases, >40 characters actually. Yes, i too use an "wallet" program that stores all of my online passwords. However, it's data-file sits on a TC volume, and uses another really long password. So i have at least two long passphrases to enter before i can access it.

Also, i have all my temporary folders, browser-cache, etc. sitting on a TC volume. Nothing that stores any sensitive data is unencrypted here. Call me paranoid, but with all that anti-terror nonsense going on i'd really like to be on the safe side. I don't want anyone to be able to access my data, except me.

Greetings,

Chris

 

[Fredrik]

I use different passwords almost everywhere. My TrueCrypt volumes have really long passphrases, >40 characters actually.

Is a long password that can easily be remembered, like "onceuponatimetherewasafairyprincewhosenamewasarthuraldrigdge", better than a shorter one (say 8-10 characters) that consists of random characters?

I wonder how many nerds there are who feel that they need a 40-character password for better security, and then choose the first 40 decimals of pi.

Also, i have all my temporary folders, browser-cache, etc. sitting on a TC volume. Nothing that stores any sensitive data is unencrypted here.

That's pretty interesting, but are you sure you're getting all of it? I mean, some of that stuff isn't easy to find. Index.dat is a good example. That file is hidden, so it doesn't even show up in Explorer. If I remember correctly, it doesn't show up even if you choose to display all files.

Call me paranoid, but with all that anti-terror nonsense going on i'd really like to be on the safe side. I don't want anyone to be able to access my data, except me.

Encryption may not help if you travel in and out of the USA. Apparently, they don't need a warrant or even a reason to suspect you to examine your laptop. If it's encrypted, they can have a judge order you to decrypt it, and if you don't comply with an order from a judge, (s)he can apparently keep you locked up for as long as (s)he wants without a trial.

 

[Christian Klippel]

Is a long password that can easily be remembered, like "onceuponatimetherewasafairyprincewhosenamewasarthuraldrigdge", better than a shorter one (say 8-10 characters) that consists of random characters?

When it comes to attempting to crack an encryption, then yes. Just because words make sense to us, or blocks of characters appear random, doesn't matter much. For the encryption, it's all just an array of bytes. In general, shorter passwords are easier to hack than longer ones.

That's pretty interesting, but are you sure you're getting all of it? I mean, some of that stuff isn't easy to find. Index.dat is a good example. That file is hidden, so it doesn't even show up in Explorer. If I remember correctly, it doesn't show up even if you choose to display all files.

Well, i'm on Linux. I don't have to bother with where files are supposed to go, because i can make links that point to an encrypted space instead. On Unixoid systems, a link is _really_ a link. It is completely transparent to the application, and redirects any i/o for that file to where you want. Not like on Windows, where a .lnk is just a file itself, and of little use actually, since it has to be interpreted.

Also, on Unixoid systems you deal with a completely different structure when it comes to file system layout. There is no awkward registry to deal with, no working-data from programs spread all over, etc. There is a clearly defined temporary storage place, and program data for a user always ends up in that user's home directory. All of which in turn can be mounted on an encrypted space.

In short, while there is some standard as to where goes what on a unix-like OS, you are completely free to link and mount to setup whatever _real_ structure you need/want. It does not matter if /home is just a directory inside a partition, or a different partition on a different harddisk. Same goes for files. They can be really there, or just be linked to somewhere else.

Encryption may not help if you travel in and out of the USA. Apparently, they don't need a warrant or even a reason to suspect you to examine your laptop. If it's encrypted, they can have a judge order you to decrypt it, and if you don't comply with an order from a judge, (s)he can apparently keep you locked up for as long as (s)he wants without a trial.

Yes, and that is why TrueCrypt's concept of hidden containers is so useful. It gives you plausible deniability. You have a crypted volume, which is visible. Inside that you have a hidden volume, that is invisible. Since the outer volume is encrypted, it appears to be completely filled with random data. So there is no chance to find the hidden volume. Depending on which password you give during mounting, you get access to either the outer or the hidden volume.

Now store all your sensitive data and passwords on that hidden volume, and a set of "safe" data and passwords on the outer volume. If pressed to tell a password, you simply hand out the one for the outer volume. That one will mounted then, and is completely unsuspicious. Since no one can prove the existence of the hidden volume, no one can press you to give a password for such a thing.

Greetings,

Chris

 

[Ducky]

We also choose passwords that are easy to remember, like h0bb1t or starTr3k, and that of course reduces the security even further.

SONFOFAB----


Great now everyone can access my porn accounts...

/me starts changing his passwords...

 

[Fredrik]

Yes, and that is why TrueCrypt's concept of hidden containers is so useful. It gives you plausible deniability. You have a crypted volume, which is visible. Inside that you have a hidden volume, that is invisible. Since the outer volume is encrypted, it appears to be completely filled with random data. So there is no chance to find the hidden volume. Depending on which password you give during mounting, you get access to either the outer or the hidden volume.

Now store all your sensitive data and passwords on that hidden volume, and a set of "safe" data and passwords on the outer volume. If pressed to tell a password, you simply hand out the one for the outer volume. That one will mounted then, and is completely unsuspicious. Since no one can prove the existence of the hidden volume, no one can press you to give a password for such a thing.

This is pretty cool, but I've been reading the documentation about this, and there seems to be a weakness:

If you want to mount an outer volume and protect a hidden volume within using cached passwords, then follow these steps: Hold down the Control (Ctrl) key when clicking Mount (or select Mount with Options from the Volumes menu). This will open the Mount Options dialog. Enable the option 'Protect hidden volume against damage caused by writing to outer volume' and leave the password box empty. Then click OK.

It sounds like the guy who forced you to give him a password has an easy way to find out if there's a hidden volume. He just tells TrueCrypt to use the cached password, and now he can see that there's a hidden volume just by trying to write to different parts of the outer volume and sometimes getting an error message. I hope I have just misunderstood this.

This is the page I'm quoting from.

 

[Christian Klippel]

It sounds like the guy who forced you to give him a password has an easy way to find out if there's a hidden volume. He just tells TrueCrypt to use the cached password, and now he can see that there's a hidden volume just by trying to write to different parts of the outer volume and sometimes getting an error message. I hope I have just misunderstood this.

Well, not really. First, this one only applies if you want to protect the hidden volume from overwriting it if you write to the outer volume. If you make the outer volume big enough to hold some files (to make it look plausible), plus the space you want for the hidden volume, you don't need that protection. Simply be careful to not write too much data to the outer volume.

Note the following passages from the same page, which are bolded there:

Note that TrueCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume).

Important: When an adversary asks you to mount an outer volume, you, of course, must not mount the outer volume with the hidden volume protection enabled. You must mount it as a normal volume (and then TrueCrypt will not show the volume type "Outer" but "Normal"). Note that during the time when an outer volume is mounted with the hidden volume protection enabled, the adversary can find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is dismounted).

This means that on the next boot (or after unmounting the volumes), there is no way to tell if there is a hidden volume. The options given in the mount dialog are always there, since TC does not know what is there and what not until it is mounted.

Greetings,

Chris

 

[Fredrik]

I realized that if that password cache is cleared on each reboot, there is no problem.

I'll explain what I meant anyway, since you didn't understand what I thought the problem was. The person holding a gun to your head (or the airport security people threatening legal action) can check the hidden volume protection box for you, before he demands that you type in the password. Yes, you can say that there is no hidden volume, and you can use the password for the outer volume when you mount the encrypted file system, but you can't stop him from making sure that that box is checked when you do that. So if the password for the hidden volume is in the cache when you do this, you're screwed.

Again, if the cache is cleared on reboot, this is not a problem (at least not at an airport). For some reason I didn't think of that before I asked the question. I didn't see anything in the documentation about when the cache is cleared, but since it would be insanely stupid to have it anywhere but in RAM, I think it's a safe bet that that's where it is. It seems weird to me to even have a password cache though.

 

[Christian Klippel]

I realized that if that password cache is cleared on each reboot, there is no problem.

I'll explain what I meant anyway, since you didn't understand what I thought the problem was. The person holding a gun to your head (or the airport security people threatening legal action) can check the hidden volume protection box for you, before he demands that you type in the password. Yes, you can say that there is no hidden volume, and you can use the password for the outer volume when you mount the encrypted file system, but you can't stop him from making sure that that box is checked when you do that. So if the password for the hidden volume is in the cache when you do this, you're screwed.

Again, if the cache is cleared on reboot, this is not a problem (at least not at an airport). For some reason I didn't think of that before I asked the question. I didn't see anything in the documentation about when the cache is cleared, but since it would be insanely stupid to have it anywhere but in RAM, I think it's a safe bet that that's where it is. It seems weird to me to even have a password cache though.

Right. Since i never use that caching feature, i have no idea how it is actually used. My guess is that it belongs to the pre-boot stuff, where you enter the password in the TC bootloader, to mount an encrypted operating-system partition. That way it will remember it once the OS itself has loaded. But again, not sure exactly.

And yes, having a cache for a password is not the best way to go. Here i have my basic OS on an unencrypted volume. No need to encrypt that, nothing to secure there, and for speed reasons it's better to have it unencrypted. So, i mount my TC volumes after the OS has booted anyways.

Greetings,

Chris