Re: "New powers for police to hack your PC"

On Wed, 02 Feb 2011 10:13:42 +0000, Phil Stovell
<phil@xxxxxxxxxxxxxxxxxxxxx> wrote:

Put all your terrophile photography in a hidden container on a TrueCrypt
volume. It also runs on Windows, but one cannot be certain Windows doesn't
phone home with your passphrases.

I've looked at the source code for TrueCrypt, and it is unlikely that
Windows would know when you are entering your pass phrase in order to
select those keystrokes for special attention. But for the paranoid,
use a keyfile together with your passphrase. The keyfile can be kept
on a memory stick or card, on a different encrypted container, or
anywhere else. Keep the key file with you at all times, and you can
ensure that nobody can open your container in your absence even if
they know your passphrase. You could similarly use a security token
or smartcard.

If plod/MI5 perform a dawn raid to grab your PC, then they will also
search you and your house and seize all memory cards and computer
media they find, so in that case they will have your keyfile as well.
You could stick it in an obscure location (either physically or in a
file system) and hope plod/MI5 will not know it is needed or find it,
or you could keep it close to you at all times on a CD or floppy so as
to be able to physically destroy it before plod/MI5 have a chance to
stop you. Another possibility is to store your key file on an
overseas server and only download it when you need to use it, and wipe
it from your local system immediately after you mount your container.
Yet another possibility is to remember a few specific bytes in your
keyfile, and change them to something else using a hex editor such as
"debug". Then copy the keyfile to a temporary file and edit it back
to its correct value every time you need to use it, again wiping the
temporary file afterwards.

It's all to little avail in the UK however, because plod will charge
you under RIPA section 3 if you do not provide them with the means to
decode the file. OTOH if you destroy the keyfile *before* receiving a
section 3 notice, AFAIAA you cannot be convicted of failing to hand
over the key (but could possibly be charged for PCJ if it can be
proven that a crime actually exists).

--
Cynic


.

Relevant Pages

  • Re: "New powers for police to hack your PC"
    ... It also runs on Windows, but one cannot be certain Windows ... a keyfile together with your passphrase. ... If plod/MI5 perform a dawn raid to grab your PC, ...
    (uk.legal)
  • Re: gnugpg question
    ... > key pair to successfully encrypt and decrypt on the box I created it. ... > export the key pair and import it into the pgp tools on a windows box. ... > passphrase was incorrect. ...
    (Security-Basics)
  • Re: Passphrases in Windows ??
    ... > You can use long passwords though, my password on one of my secure Windows ... > Servers is actually a passphrase that is about 50 characters long. ... > Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.win2000.security)
  • [Full-disclosure] Windows XP Home LSA secrets stores XP login passphrase in plain text
    ... OK, I setup Windows XP Home, did the regular securing up, like for example setting that users must use passwords and usernames to sign in, use control+alt+delete to sign in, disabled automatic login to Windows etc. etc. Rebooted, changed my account X passphrase, then rebooted again. ... Then I signed in to other admin level account and ran Cain & Abel and used it to dump LSA secrets...wellwellwell...Windows stores my account X Windows XP login passphrase in plaintext in DefaultPassword field! ... My Windows XP should NOT store any Windows passphrases in clear text on the hdd, but only stores the passphrases hash...UNLESS specific settings are set. ...
    (Full-Disclosure)
  • Re: geli keys
    ... The geliman page suggests initializing a geli provider with a ... random keyfile (geli init -K). ... It also asks for a passphrase by ...
    (freebsd-questions)