What is Digg?64 Comments
- Yez70, on 10/12/2007, -3/+31'I don't recall' - Famous words used by Reagan - kept him out of prison for the Iran-Contra affair just 20 years ago.
- spahn, on 10/12/2007, -3/+29this is why the 5th amendment is your friend.
- Bhima, on 10/12/2007, -1/+26that's why you should be using *deniable* encryption.
This article is ridiculously lightweight but truecrypt has this capability.
One more thing... I don't think the current admin is into all that getting warrant thing. - technosailor, on 10/12/2007, -1/+23Useful, and indeed can perhaps put off goons at the CIA. But it's really not the CIA you need to be worried about. They do stuff like satellite surveillance, witness interrogation, etc. It's the NSA that does crypto and none of these things will fool the NSA.
- Scruffydan, on 10/12/2007, -1/+15"none of these things will fool the NSA'
I would imagine that truecrypt would, if used properly - cmiz, on 10/12/2007, -0/+13It's not really a matter of fooling the NSA. Hopefully they wouldn't even know that something was there... but even if they do, a strong password and a strong encryption scheme will make it impossible for them to get their hands on your data. It doesn't matter who you are or where you work, give them enough security and brute forcing something is out of the question. The weak link in any secure system is the user.
- ZaNkY, on 10/12/2007, -2/+14Passwords are no longer safe. If HUGE rainbow tables are available online for a reasonable price (rainbowcrackonline.com, free: rainbowcrack.com, Plain-Text.info...) you can bet that the NSA AND CIA have huge rainbow tables FOR SURE.
Secure passwords and encryption are a thing of the past..... :( - trylleklovn, on 10/12/2007, -0/+11So we can expect for NSA to show up at our doorsteps, accusing us of terrorism if we digg this article?
- Scruffydan, on 10/12/2007, -1/+11and there are perfectly legitimate uses for all of those... plus i think the CIA/NSA/FBI... already knew about all of those
- leobaby, on 10/12/2007, -1/+10The same way some (sea) creatures just wait for food; they know they want it, and know it will eventually just show up.
- Urusai, on 10/12/2007, -3/+12Remember, kids, "I don't remember" is an irrefutable defense. Seriously. Trot it out the next time you're in court. This is professional legal advice you can take to the bank.
- syneo, on 10/12/2007, -0/+8> Surely with a TrueCrypt hidden volume it's easy to tell that there is another layer of encryption
Wrong. The outer volume looks like just free space and there is no indication whatsover whether the free space of the outer disk contains a hidden disk.
Read this, so you don't spread misinformation: http://www.truecrypt.org/hiddenvolume.php
PS - But if you still think "it's easy to tell", then come to my house and tell me if my TC volume contains a hidden volume. - dattaway, on 10/12/2007, -1/+9So you want the keys to decrypt this file? I don't remember creating that file in the first place. Its most likely an encrypted root kit installed by some trojan. I know nothing. Yep, that's the ticket.
They will say, "that's not good enough," but its good enough for the judge you'll eventually see. - coheedcollapse, on 10/12/2007, -3/+10A few years ago I forgot the password to the zip file containing all of my porn. (Shared computer, you know the drill, no hardcore encryption or anything) It sucked. If the cops demanded the decryption key and I was arrested over it I'd be so pissed.
Not only would i have been without my porn, but I'd be jailed. God that law is stupid. - OmegaNine, on 10/12/2007, -1/+8https://www.grc.com/passwords.htm has a much better random number generater for its passwords.
- leobaby, on 10/12/2007, -2/+9no he didnt..
"Some people like KeePass, and its a good program too. I prefer password safe..." - unloud, on 10/12/2007, -2/+8"Wow I was looking for something like steghide [...] I never even tried searching for anything like it "
How can you be looking for something if you don't search for it? - syneo, on 10/12/2007, -0/+6> what concerns me is that the existence of free space is already a giveaway.
Keep in mind that TrueCrypt is on-the-fly volume encryption (not file encryption). A TrueCrypt volume is an encrypted virtual DISK (or partition). Disks and partitions -naturally- contain plenty of free space. It means that all users of TrueCrypt have free space on their volumes. And as most users don't use hidden volumes you have plausible deniability. - TheReport, on 10/12/2007, -1/+7For all of you mac users you can easily encrypt information by simply making a new disk image in Disk Utility and choosing a password that isnt god, love, password or your username, and of course OSX also has secure empty trash which ensures that no one will ever get a hold of the files that you are erasing
I think two other goood programs for people to check out would be PeerGuardian and LittleSnitch - Daisuke, on 10/12/2007, -2/+7scruffydan is right. if they didn't know about these programs beforehand, they've got more issues to work out than just encryption programs. :P
- doctechnical, on 10/12/2007, -1/+6IANAL, and I can't remember where I read this, but it sure seemed like a cute idea: Make your passphrase the admission of a crime. Perhaps "I_shoplifted_poptarts_from_GiantToad". Then if the Gummint demmands your passphrase, plead the 5th - they can't force you to incriminate yourself.
I'd love to hear from a real lawyer if this is just poppycock or not... - MrTea, on 10/12/2007, -0/+4Wow password generators. I made my own anyway.
Does anyone know if "Eraser" actually works? - syneo, on 10/12/2007, -1/+5> Truecrypt would not save you there: if the SAS can tell that there's more data still encrypted
Yes, IF... the point is they can't.
See http://www.truecrypt.org/hiddenvolume.php - krinthekuz, on 09/16/2008, -1/+51) why is zanky getting buried? what is it with diggers and burying dislikable facts?
2) even seeded passwords are crackable using rainbow tables. if the seed is a custom constant, you just need two passwords. if the seed is a function, then it's basically another part of the encryption function, and you just need to find out what the function is. if it's a reversible function, just reverse it, but if not, just use another set of rainbow tables. key based security is just not secure. - syneo, on 10/12/2007, -1/+4If CIA is your opponent don't EVER try to hide data in pictures or audio files.
These kinds of files have distinct spectrum characteristics in the least significant bit and any basic statistical analysis will detect the presence of encrypted data.
There are many free and commercial tools that will detect and report all jpegs, wavs, bmps, etc. on your disk that contain white noise (i.e. encrypted data).
The only undetectable steganographic method today is ciphertext within ciphertext, which is what TrueCrypt hidden volume basically is. - ActivitY, on 10/12/2007, -2/+5apart from the fact that, with a warrant they can demand the keys used to encrypt the information.
look at it this way, how far would you get if you had an unbreakable safe which only you know the combo to unlock it, and you were insisting "you forget the combination"? - Petrushka, on 10/12/2007, -0/+3OK, I guess that makes sense. Especially if your TrueCrypt volume is actually a physical volume, not just a file, which is what they recommend anyway. Ta for the help with that.
- Bhima, on 10/12/2007, -1/+4I don't think it's the NSA so much as it is the NSA giving out ill gotten data to the FBI, (x)BI, State Patrol, DEA, IRS....
- inactive, on 10/12/2007, -0/+2"If CIA is your opponent don't EVER try to hide data in pictures or audio files."
OMFG don't watch too many movie kiddies ^__^
This article really funny anyway how can you make crypted storages and random generated passwords in microsucks which can come handy in IT but CIA will never interested for you. - txrat, on 10/12/2007, -0/+2Well, no, you can't
Any password you think up still has a pattern to it.
Even if it's "rrhsu37" -or the like.
Random passwords are truly random. no thought involved. no pattern. (well, it depends on the quality of the generator.. but even the worst are likely to be better than what you can think up) - montagg, on 10/12/2007, -0/+2Why isn't PGP or GnuPG listed here at all..? Not Dugg. Author obviously is not aware of the current security environment.
- floorman56, on 10/12/2007, -2/+4'I don't recall' - Famous words used by Reagan
and Hilliary during the Rose law firm investigation - Petrushka, on 10/12/2007, -2/+3@Urusai: I have to say that while I admire your confidence in the judicial system,
(a) I think it's misplaced;
(b) that's really, really crappy advice for anyone who happens to live in a jurisdiction where different laws from ones you're familiar with may apply. As, for example, the UK, where it is a jailable offence to refuse to hand over all your passwords. Truecrypt would not save you there: if the SAS can tell that there's more data still encrypted, they will get the benefit of the doubt, not the defendant;
(c) I rather suspect that the 5th amendment would collapse very quickly indeed when put under any pressure whatsoever by FISA or PATRIOT. - axxiom, on 10/12/2007, -2/+3The NSA?
You guys are paranoid. It's as if the United States is the only government that wants to know more about US Citizens.
You should be worried about the Russian and Chinese 'NSA' like organizations. We can actually change the NSA as voters, but good luck trying to do anything about the Russian or Chinese NSA. - inactive, on 10/12/2007, -1/+2As if anyone is going to bother to spy on any of you.
Agent1: "Dude, I am bored."
Agent2: "Well, what do you want to do?"
Agent1: "I know, lets go spy on some computer geeks!"
Agent2: "YEAH!"
I would be they are more likely spying on Jessica Biel, Christina Agular, Jenna Jameson and the like, than you people. - p202p, on 10/12/2007, -0/+1The NSA, CIA, FBI have more important people to observe, unless they really have something to hide that would warrant their attention. Otherwise, they don't waste their time on a bunch of paranoid computer geeks. There are nations out there who have the same capabilities as the NSA. I would be worried about them.
- Alex.w, on 10/12/2007, -2/+3I was about to say the same, Daisuke beat me to it though.
I would hope the NSA/CIA know all about these apps and the more obscure ones given their funding. It was the FBI the demonstrated cracking WEP in under 5 mins. - Mr.X, on 10/12/2007, -1/+2All the program other then hiding messages in pictures is poor programs and wont help.
for good passwords use this site:
https://www.grc.com/passwords.htm
Use this program to block government IPs:
http://phoenixlabs.org/pg2/
Corse they can use proxies... so proxy yourself too:
http://www.proxy4free.com/page1.html
Also Window washer is good for deleting data permanently and automatically or with a single key stroke:
http://www.webroot.com/consumer/products/windowwasher/?rc=4929&ac=5190515
There are a few other things you can do like maxing your firewall settings so you can't be pinged and etc. But I'll leave that for someone else that might want to add there two cents. ;) In the end if the CIA want to catch you they will... so just don't risk it. - DrOct, on 10/12/2007, -0/+1I like the content, so I dugg it, but good lord this was a poorly written article.
- Thor, on 10/12/2007, -1/+2This is lame.
I can come up with my own password that is no more breakable then any generated password.
The only true way to hide something is to delete and shred the files including any temporary files and free space. Commit the important stuff to memory. - Thor, on 10/12/2007, -0/+1If the court can force you to release your password then it likely wouldn't matter. How long would it take a program to break your example password? How many permutations can you get out of 256 characters? 256! - 7! ?
- phenolholic, on 10/12/2007, -0/+1use evidence eliminator and secure your free space. writes random blocks over and over and deletes it, that way magnetic resonancing can't extract data, and if it does, it's random 0's and 1's.
- TheWorm, on 10/12/2007, -2/+3I'd be more interested in seeing top 9 applications to help avoid the RIAA.
- Moviespo, on 10/12/2007, -0/+0What if you use somthing like this: http://www.anonymizer.com/ and store all your encrypted data on a free webhost provider .
Then when the CIA comes to your house to seize your computer and bring it back to the lab they won't find anything. - egrumling, on 10/12/2007, -0/+0"(c) I rather suspect that the 5th amendment would collapse very quickly indeed when put under any pressure whatsoever by FISA or PATRIOT"
Umm, you have that backwards. That's why the Supreme Court struck down the white house's interpretation of the law (in this case Geneva Conventions, but treaties are covered by the same sort of checks and balances, at least for now). - Petrushka, on 10/12/2007, -1/+1Indeed. If you're in a situation where your hide depends on your encryption, it's already too late -- they'll find something to pin on you regardless. Whether first or third world.
- ZaNkY, on 10/12/2007, -1/+1If you have NO idea of what the NSA is, watch the movie "Enemy of the State".
Sure it's a MOVIE, but it's not far that off ;)
And as mentioned in the article, Steganography leaves a lot of white noise and tall-tell signs of its implementation. It's only useful to pass along other computer users. NSA/CIA/ANY professional could spot a Steganographied picture with the right software, easily. - Cryptographer, on 10/12/2007, -0/+0As an academic cryptographer, I'm inclined to agree. I recently spoke with Phil Zimmermann, the father of PGP, seeking his commentary to incorporate into an article draft I'm preparing. He stated, "Design as if making a mistake will cost someone's life." That level of cryptographic competence, as evidenced by PGP's design philosophy, is nonexistent in the majority of cryptographic software that the market has to offer. Phil's attitude is what spawns good cryptography.
Oh, and for those who are on the higher end of the paranoia spectrum, in regards to alphabet soup agencies - there are almost always easier ways to get at plaintext, as opposed to cryptanalyzing the cryptography within an infrastructure. Having said that, it's safe to conclude that, in any good system, cryptography is rarely ever the weakest link. In fact, I'd be mighty impressed to see a system so secure that its developers touted the contrary.
(Also, keep in mind that whenever a cryptographic system does fail, it's usually not even because of the cryptography itself. A cryptographic implementation must be simplistic, correct, and secure, for the cryptography to have a chance at doing its job; the rate at which it isn't is alarmingly high. If it's not complexity that ruins the day, it's ridiculously lax policies for proper design.) - quarck, on 10/12/2007, -2/+2I wouldn't even entrust my life to these products in a third world totalitarian state. And their level of technological sophistication is usually much less than the services Europe, the Israeli's and the USA can bring to bear.
- lordxeon, on 10/12/2007, -1/+0im glad that there are people out there that realize that it is indeed the NSA that we should be afraid of, and not the CIA. The general public doesn't know about the NSA, and thats a problem, because if they did, they would be so much more scared of them, because the NSA is most likely the most powerful organization on the planet (unless you get into conspiracy theories, and The Masons, and things like that)
anyway, the Steghide program would probably have the best chance of being secure against the things the NSA has. But i'm not saying its perfect, anything can be cracked, anything... -
Show 51 - 64 of 64 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is