- Joined
- Jun 5, 2002
- Messages
- 1,570
"No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law
against such interference or attacks."
Article 12 Universal Declaration of Human Rights
Privacy and anonymity are very important principles associated with
both freedom of speech and democracy.
"Anonymity is a shield from the tyranny of the majority... It thus
exemplifies the purpose behind the Bill of Rights, and of the First
Amendment in particular: to protect unpopular individuals from
retaliation - and their ideas from suppression - at the hand of an
intolerant society."
Justice Stevens, McIntyre v. Ohio Elections Commission, 1996
There are many roads to security and privacy on the Net, this is one
that I have personally pursued and can recommend from my experiences.
I am not making any claim that it is the best or the only route to
privacy and security, only that it works for me.
There are countless reasons why someone may need the reassurance of
anonymity. The most obvious is as a protection against an over-bearing
Government. Many people reside in countries where human rights are
dubious and they need anonymity to raise public awareness and publish
these abuses to the world at large. This Faq is to help such people.
Changes since previous revision:
Many minor refinements over revisions 22.3/4/5 and further tidying up.
I have always striven for accuracy and I will respond to intelligent
and verifiable criticism of any inaccuracy. But please remember the
programs and choices made are mine and mine alone. By all means
choose differently if you have other preferences.
A copy of this Fac can be found here:
**broken link removed**
and here: **broken link removed**
Part 1 offers an overview approach to achieve security and anonymity.
Part 2 offers practical help with the installation of some of the
programs mentioned in Part 1. In some cases this includes detailed
setup instructions to help achieve the goal of true computer and
Internet privacy and anonymity. I assume a basic understanding of
computers, such as the ability to copy and paste and a general
knowledge of how to install programs and follow setup instructions.
Part 1 (Questions 1 to 30)
1. How does encryption work?
Essentially the plaintext is combined with a mathematical algorithm
(a set of rules for processing data) such that the original text
cannot be deduced from the output file, hence the data is now in
encrypted form. To enable the process to be secure, a key is
combined with this algorithm. This key might be a personal key for
your own use or it might be a system generated session key. In this
case, you will never need to know the key. It is only used for one
session then discarded. A new key will be generated for the next
session. Generally a personal key will be used again and again and
need the protection of a passphrase. Some programs offer a choice of
both a passphrase or a keyfile or both may be used together.
Obviously the process must be reversible, but only with the aid of
the correct key. Without the key, the process should be extremely
difficult. The mathematics of the encryption should be openly
available for peer review. At first sight this may appear to
compromise the encryption, but this is far from the case. Peer
review ensures that there are no "back doors" or crypto weaknesses
within the program. Although the algorithm is understood, it is the
combination of its use with the key that ensures secrecy.
2. I want my Hard Drive and my Email to be secure, how can I
achieve this?
You need PGP (Pretty Good Privacy) for your Email and TrueCrypt
version 4.3 (or later) for your hard drive encrypted files.
TrueCrypt is an OTF (On-The-Fly) type program. OTF means the
encrypted data is only decrypted into RAM (Random Access Memory) and
remains at all times encrypted on the drive. Thus a crash close will
not leave packets of plaintext on your drive. A very important
feature.
PGP is available for all versions of Windows, Linux, Unix, Mac and
others. The source code is available for compiling your own version
should you wish.
TrueCrypt has now matured into a truly excellent open source encryption
program. It does not display any file header info to help a snooper
identify the file's purpose. The header is encrypted and shows as
random garbage. The program will encrypt both files or a complete drive
partition. There are advantages and disadvantages to both options. I
prefer the partition option. Truecrypt does not need the partition to
be formatted, nor need it display any drive letter. So it could use
a portion of unformatted space at the end of a drive. This space can be
any size you wish. I strongly urge you to study the included manual
before using it for any critical purpose. The manual explains the use
of keyfiles in combination with your passphrase to maximize your
security.
The source code is freely available. The importance of this cannot be
too strongly stressed. It means the possibility of a hidden back-door
is reduced to a minimum.
A wholly new recommendation included since revision 22 is VMWare
Workstation 6. This has nothing whatsoever to do with encryption, but
works with Truecrypt to offer total security on your desktop or laptop
computer. Workstation 6 can create a virtual bootable operating system.
To ensure secrecy, it should be setup to boot from within your hidden
TrueCrypt encrypted drive. The method is explained within this Faq.
This offers several advantages over my previous recommended method
using DriveCrypt Plus Pack. A further advantage of VMWare Workstation
6 over DCPP is it is open source.
Note 1: PGP, although excellent at ensuring Email privacy, does
nothing for anonymity. The difference is crucial.
I will assume that anonymity is also very high on your list of needs
and so will concentrate on that issue further down the Faq.
3. What is the difference between PGP and TrueCrypt?
One of the difficulties before asymmetrical key encryption was
discovered was how to get the key to the person wanting to send you an
encrypted message. In the past trusted couriers were used to get these
secret keys to a distant location, maybe an overseas embassy. Nowadays
this is unneccessary because of the discovery of what is called public
key cryptography. Two different keys are used. One key is secret and
the other is made public. The most widespread program of this type for
private use is PGP, invented by Phil Zimmerman. In fact it has become
the de facto standard on the Net. This program is ideal for Email.
Anybody sending you mail simply encrypts their message to you with your
PGP public key. The public key is obviously not secret - in fact it
may be spread far and wide so that anybody can find it if they wish to
send you encrypted Email. The easiest way to ensure this is by sending
it to a public key server. On the other hand, some prefer not to share
their key, except within a small closed group. Your choice.
The only way to decrypt this incoming message is with your secret key.
It is impossible to decrypt using the same key that was used to encrypt
the message, the public key. Thus it is called asymmetrical encryption.
PGP is simplicity itself to install and use. It even offers to send
your newly generated public key to a key server.
For your normal hard drive encryption, you will need a symmetrical type
of encryption program. This means the same key is used for both
encryption and decryption. There are many such programs. I strongly
recommend TrueCrypt.
TrueCrypt uses the passphrase to encrypt a randomly created key. It
stores an encrypted copy of the key within the headers of the encrypted
device. It is the plaintext of the key that is used to encrypt (and
decrypt) the contents of the disk or container on an as needed basis
into RAM memory.
With PGP a public key is chosen to encrypt the message. PGP will then
generate a one time session key which it uses to encrypt the message.
This session key is then itself encrypted with the public key of the
intended recipient of the message. This encrypted copy of the session
key is then wrapped in the headers and sent along with the encrypted
copy of the message to the recipient. Only the recipient has the
private key which can decrypt this session key. If there are multiple
recipients, then this session key is encrypted to the public key of each
recipient in turn. All these different encrypted versions of the
session key are then wrapped in the headers of the message. Each
recipient can decrypt his version of the session key, which will then be
able to decrypt the message. PGP also has a keystore. The keystore is
protected by the passphrase.
The sender of a PGP message may choose to sign a message. The message
may or may not be encrypted. PGP will then encrypt the hash of the
message contents using the senders private key. His public key can then
be used by the recipient to check that his hash of the message is
identical to the original, thus proving it was made using the sender's
private key. Only one private key, the sender's, can encrypt the hash
such that it will check out correctly with the sender's public key. If
even a white space between two words is closed up in a message, the
signature will show as bad. This offers a very secure method of checking
both the accuracy and the authenticiity of a message.
Truecrypt and many other symmetrical encryption programs store the key
within the headers of the partition or container. One question often
asked by newbies is whether the passphrase is also stored somewhere
within the encrypted file. No. The passphrase is passed through a hash.
It is the hash output that is stored within the headers of the encrypted
container. The program will compare this hash with the hash it produces
from your passphrase that you type in to mount (open) the container. If
they are identical, the program will use your passphrase to decrypt the
key that the program generated to encrypt the disk or container. It is
this key that will then be used to decrypt the disk or container on the
fly. Truecrypt explains this in detail within the users manual that is
downloaded with the program. I strongly urge you to read and digest.
Hashing is a one way action only; it is impossible to derive the key
from the hash output. The hashing process is simply a way of checking
that the correct passphrase has been input. If the program was somehow
altered to force it to use an incorrect passphrase, the output would be
garbage. There is no shortcut or fix, without the correct passphrase
the output will be junk.
TrueCrypt offers the option to use a keyfile. This can be in place of or
in addition to the passphrase. Please read the manual for full
information about this very useful feature.
4. I have Windows, am I safe?
Windows is a closed source operating system which is a law to itself.
Each new update that is released by Microsoft seems to need further
updates to fix the security holes discovered in the previous releases.
It has been an ongoing process over many years with no end in sight.
These weaknesses can manifest themselves as security holes when on the
Net. A further problem with this operating system is its seeming
determination to write to your hard disk all sorts of information that
may be hidden from your view in all sorts of places that could be found
by a forensic examination of your computer.
Thus we have a two fold problem. Firstly, the problem of Windows
having the potential of security holes that might be exploited by
snoops and hackers using the Net and a different security problem of
writing all sorts of information to sometimes hidden folders that might
not be obvious from a cursory check by you, but easily found by a
forensic examination.
If you wish to protect yourself from these potential weaknesses you
need to have an effective firewall, an effective anti-virus and an
anti-spyware program. That will hopefully help to minimize the threats
from outside. That is only the start. You also need to replace your
Windows Internet Explorer browser and your Outlook or Outlook Express
Email client for something a lot more secure. I like FireFox and
Quicksilver. Even these need support by using specialist programs.
Even with Firefox or any other Web browser it is imperative that you
disable Java and Javascript.
In some countries, even this might not be enough. Such countries can
force you to hand over your passphrases to these encrypted drives by
threatening imprisonment. As more and more judicial systems seem to be
leaning ever closer to this sort of injustice (injustice because the
culprit is being forced to self-incriminate himself which is in direct
violation of Article 5 of the Bill of Rights; the right to refuse to
be a witness against oneself), so it is more and more important for
the individual to protect himself.
Because of these encroachments on our liberty I propose in this Faq a
method of plausible deniability. This means you can justify every
one of the files and folders that are on your computer. More than that
you must be able to justify every single program, naturally including
TrueCrypt and VMWare.
In the past I have strongly recommended Drivecrypt Plus Pack (DCPP).
However to use this program, or any of the encryption programs from
Securstar, it is necessary to enable both cookies and Javascript. I
can live with cookies as they can be removed immediately after use, but
I will not tolerate Javascript. These both need to be enabled to
register the program to allow continued use after its trial period has
expired. This together with it being closed source have caused me to
change my suggested solution to desktop and laptop security.
5. So what do you recommend now?
I recommend using VMWare Workstation 6 together with Truecrypt. VMWare
is expensive, around 200 US dollars. But so is DCPP. I believe VMWare
is far superior when used in conjunction with TrueCrypt. It is also
open source. It is far easier to justify having on your computer, yet
will hide your activities, provided it is setup as suggested in this Faq.
I find it far easier to use in conjunction with my usual desktop
programs. I am aware that VMWare server is free and I believe also
open source. I have not tested it.
There are many other virtual machine programs - some are free and open
source. I recommend VMWare because I have used it and I have faith in it.
VMWare is for software development engineers and IT professionals. Being
a commercial program for professionals it is more likely to be well
sorted, especially now it is at version 6. This version at last includes
full USB support - a very useful feature indeed.
Key Features:
Broadest host and guest operating system support. It runs on both
Windows and Linux host operating systems and supports most desktop and
server editions of Microsoft Windows, Linux, Solaris x86, Netware, and
FreeBSD as guest operating systems. Supports 32 and 64 bit host and
guest operating systems. Fully configurable, each virtual machine has
configurable memory size, disks and I/O devices and support for CD, DVD,
floppy and USB 2.0 devices. You can specify up to 8GB of RAM per virtual
machine
It will appear very daunting at first, but if you follow the suggested
steps, it will become relatively straight forward and even obvious after
a couple of experimental uses. Importantly, everything is done in RAM
and within your encrypted TrueCrypt drive. Despite Windows saving
snippets of your activities, it matters not a jot, because everything it
writes is within your encrypted drive. A very elegant solution to the
problem of how to keep control of Windows.
6. How does this system work?
A detailed setup procedure follows later in the Faq, but briefly:
VMWare Workstation 6 will allow you to create a new bootable Windows (or
Linux or Solaris) operating system, after having already booted into
Windows or Linux in the usual way. It is necessary to open your
Truecrypt container or partition from within Windows first, but that is
the limit of your liability. Meaning that you then start VMWare
Workstation 6 and choose to boot into your virtual Windows from within
your now opened Truecrypt drive. There is always the slight risk of a
Trojan or Tempest attack. To minimize this risk, you must choose a good
firewall and anti-spyware program. I recommend Zonealarm for this.
Note: There are many effective firewall and anti-spyware programs.
Zonealarm has the merit of being very easy to use and is strongly
recommended especially for that reason.
The VMWare program installation can and should be within your usual
desktop. This might sound alarming, but it is not a problem. What
is important is that your VMWare virtual machine must be installed
within your secret TrueCrypt drive. This might sound confusing, but
VMWare creates a virtual machine which is the tool that handles the
guest operating system. Your usual desktop or laptop is referred to
as the host.
Once a virtual machine has been created by VMWare, it is then used to
install a fresh copy of your chosen operating system. This might be
Windows or Linux or even Solaris. This new operating system will
automatically be installed and run from wherever you installed the
virtual machine. In this case, within a TrueCrypt container. After
it is mounted, this container which might be a file or even a whole
partition, will appear as a new drive with its own designated drive
letter to Windows. After booting into your TrueCrypt virtual machine,
you will see in "My Computer" a similarly designated drive C. This is
not your original boot drive C. It is a virtual drive that exists
within your TrueCrypt virtual machine only. This virtual drive has no
contact with your orignal bootable drive C whatsoever. This cannot be
stressed too strongly.
To help with plausible deniability, you should have another virtual
machine (you can have as many as you wish) which should be your honeypot
version. This should be installed within its default location on your
desktop within "My Documents".
Whereas your truly secret virtual machine must be installed within a
TrueCrypt container.
You only need to create the virtual machine once. Likewise, you only
need to install your Windows (or whatever) operating system once. This
is because you can import a once created virtual drive to any other
drive as many times as you wish. You can change several parameters at
this time, including the size of the virtual hard drive you have already
created. All your programs that are recommended further down the Faq,
will be installed only into your truly secret virtual operating system.
Once setup, you will then use it exactly as you would your usual desktop.
This means you boot into your Windows/Linux desktop, then you open your
TrueCrypt drive, then start VMWare, open your Virtual Machine by
navigating to it in your TrueCrypt drive, then starting it by clicking on
"Power on this virtual machine". You shut down by reversing this
procedure.
Note 1: It is possible to tell VMWare to look outside its own specially
created virtual drive, to read other drives contents. Meaning it could
write to these other drives. I would only do that if you are sure you
know what you are doing. No harm is done by keeping all your data
within the VMWare virtual drive. I strongly urge you to do this unless
or until you are a true expert in its use.
Note 2: It is important to tell VMWare not to share its memory with
its host (the host is your usual desktop or laptop operating system).
7. Could I boot off a CD or DVD?
Yes. Using BartPE (do a search on the Web if you wish to find out
more). I found it very slow. Too slow for my purposes. The VMWare
documentation talks of creating an ISO file from your virtual machine
and presumably burning to CD or to an USB stick and then using it to
boot. However, this CD/DVD or USB stick will not be encrypted and is
therefore a possible subject for forensic examination in the case of a
search. In any case it will be very slow in use, as is the BartPE.
Of course you could use it as the basis for a honeypot boot system.
8. How difficult is it to break into TrueCrypt or PGP?
Very difficult, in fact for all practical purposes, it is considered
impossible. In most cases, the weakest link will be your passphrase,
or being compromised by a hardware key-logger through not having good
security on your desktop. From time to time non-expert net users make
speculative suggestions that the American intelligence agencies have
already cracked these programs. FUD - Fear, Unease, Despair. Probably
put out by these self same agencies to try and detract you from using
these programs. Cryptanalysts are certain that these modern programs
with large key sizes of around 256 bits are impossible to crack into
with todays technology, or even whatever is on the horizon. Even with
the future of quantum computers, which should be able to factor very
large primes very quickly, this may well affect PGP but not TrueCrypt.
The likely weakest link will be your passphrase.
Your passphrase should be long. Every extra character you enter makes
a dictionary search for the right phrase twice as long. Each time a
bit is added it doubles the number crunching time to crack into the
program. If you also use a keyfile, this will make it even harder.
Of course an attacker cannot know whether or not you have incorporated
a keyfile with your passphrase. This vastly increases the difficulty
level of cracking into your TrueCrypt container.
Each keyboard character roughly equates to 8 bits, and is represented
on the drive as two hexadecimal characters. This suggests a 20
character passphrase is roughly equal strength to the encryption. In
practice, probably not. A keyboard has around 96 different combinations
of key strokes, thus multiplying this number by itself 20 times is a
hugely large combination, ensuring a high probability of defeat at
guessing a passphrase. But few people can remember a truly random 20
character passphrase. So most people use a less than random one. This
means it should be longer to help compensate for this lack of entropy.
9. What about simple file by file encryption?
I recommend either PGP Tools which comes free with PGP or Kremlin. Of
course this is not necessary for files within your encrypted drive.
But is essential to clear files off your computer that are outside your
encrypted drive. Fortunately, if you follow my suggested method, there
should be no traces of any of the activities you perform within your
TrueCrypt virtual machine. As already explained, your guest operating
system (the VMWare virtual machine) cannot see your usual C drive, or
indeed any other of your drives unless you tell it to do so.
PGP Tools is a long winded process just to encrypt a single file, as it
asks you to first choose a key before entering the passphrase. Kremlin
is quicker because it allows you to right click on the file to be
encrypted, a password box opens and that is it. It also similarly
allows you to wipe any file by right clicking. This can also be done
by PGP. Another recommended program to erase individual files is Eraser.
10. Can I encrypt files on a floppy or USB stick?
Yes, use TrueCrypt or PGP Tools or Kremlin.
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law
against such interference or attacks."
Article 12 Universal Declaration of Human Rights
Privacy and anonymity are very important principles associated with
both freedom of speech and democracy.
"Anonymity is a shield from the tyranny of the majority... It thus
exemplifies the purpose behind the Bill of Rights, and of the First
Amendment in particular: to protect unpopular individuals from
retaliation - and their ideas from suppression - at the hand of an
intolerant society."
Justice Stevens, McIntyre v. Ohio Elections Commission, 1996
There are many roads to security and privacy on the Net, this is one
that I have personally pursued and can recommend from my experiences.
I am not making any claim that it is the best or the only route to
privacy and security, only that it works for me.
There are countless reasons why someone may need the reassurance of
anonymity. The most obvious is as a protection against an over-bearing
Government. Many people reside in countries where human rights are
dubious and they need anonymity to raise public awareness and publish
these abuses to the world at large. This Faq is to help such people.
Changes since previous revision:
Many minor refinements over revisions 22.3/4/5 and further tidying up.
I have always striven for accuracy and I will respond to intelligent
and verifiable criticism of any inaccuracy. But please remember the
programs and choices made are mine and mine alone. By all means
choose differently if you have other preferences.
A copy of this Fac can be found here:
**broken link removed**
and here: **broken link removed**
Part 1 offers an overview approach to achieve security and anonymity.
Part 2 offers practical help with the installation of some of the
programs mentioned in Part 1. In some cases this includes detailed
setup instructions to help achieve the goal of true computer and
Internet privacy and anonymity. I assume a basic understanding of
computers, such as the ability to copy and paste and a general
knowledge of how to install programs and follow setup instructions.
Part 1 (Questions 1 to 30)
1. How does encryption work?
Essentially the plaintext is combined with a mathematical algorithm
(a set of rules for processing data) such that the original text
cannot be deduced from the output file, hence the data is now in
encrypted form. To enable the process to be secure, a key is
combined with this algorithm. This key might be a personal key for
your own use or it might be a system generated session key. In this
case, you will never need to know the key. It is only used for one
session then discarded. A new key will be generated for the next
session. Generally a personal key will be used again and again and
need the protection of a passphrase. Some programs offer a choice of
both a passphrase or a keyfile or both may be used together.
Obviously the process must be reversible, but only with the aid of
the correct key. Without the key, the process should be extremely
difficult. The mathematics of the encryption should be openly
available for peer review. At first sight this may appear to
compromise the encryption, but this is far from the case. Peer
review ensures that there are no "back doors" or crypto weaknesses
within the program. Although the algorithm is understood, it is the
combination of its use with the key that ensures secrecy.
2. I want my Hard Drive and my Email to be secure, how can I
achieve this?
You need PGP (Pretty Good Privacy) for your Email and TrueCrypt
version 4.3 (or later) for your hard drive encrypted files.
TrueCrypt is an OTF (On-The-Fly) type program. OTF means the
encrypted data is only decrypted into RAM (Random Access Memory) and
remains at all times encrypted on the drive. Thus a crash close will
not leave packets of plaintext on your drive. A very important
feature.
PGP is available for all versions of Windows, Linux, Unix, Mac and
others. The source code is available for compiling your own version
should you wish.
TrueCrypt has now matured into a truly excellent open source encryption
program. It does not display any file header info to help a snooper
identify the file's purpose. The header is encrypted and shows as
random garbage. The program will encrypt both files or a complete drive
partition. There are advantages and disadvantages to both options. I
prefer the partition option. Truecrypt does not need the partition to
be formatted, nor need it display any drive letter. So it could use
a portion of unformatted space at the end of a drive. This space can be
any size you wish. I strongly urge you to study the included manual
before using it for any critical purpose. The manual explains the use
of keyfiles in combination with your passphrase to maximize your
security.
The source code is freely available. The importance of this cannot be
too strongly stressed. It means the possibility of a hidden back-door
is reduced to a minimum.
A wholly new recommendation included since revision 22 is VMWare
Workstation 6. This has nothing whatsoever to do with encryption, but
works with Truecrypt to offer total security on your desktop or laptop
computer. Workstation 6 can create a virtual bootable operating system.
To ensure secrecy, it should be setup to boot from within your hidden
TrueCrypt encrypted drive. The method is explained within this Faq.
This offers several advantages over my previous recommended method
using DriveCrypt Plus Pack. A further advantage of VMWare Workstation
6 over DCPP is it is open source.
Note 1: PGP, although excellent at ensuring Email privacy, does
nothing for anonymity. The difference is crucial.
I will assume that anonymity is also very high on your list of needs
and so will concentrate on that issue further down the Faq.
3. What is the difference between PGP and TrueCrypt?
One of the difficulties before asymmetrical key encryption was
discovered was how to get the key to the person wanting to send you an
encrypted message. In the past trusted couriers were used to get these
secret keys to a distant location, maybe an overseas embassy. Nowadays
this is unneccessary because of the discovery of what is called public
key cryptography. Two different keys are used. One key is secret and
the other is made public. The most widespread program of this type for
private use is PGP, invented by Phil Zimmerman. In fact it has become
the de facto standard on the Net. This program is ideal for Email.
Anybody sending you mail simply encrypts their message to you with your
PGP public key. The public key is obviously not secret - in fact it
may be spread far and wide so that anybody can find it if they wish to
send you encrypted Email. The easiest way to ensure this is by sending
it to a public key server. On the other hand, some prefer not to share
their key, except within a small closed group. Your choice.
The only way to decrypt this incoming message is with your secret key.
It is impossible to decrypt using the same key that was used to encrypt
the message, the public key. Thus it is called asymmetrical encryption.
PGP is simplicity itself to install and use. It even offers to send
your newly generated public key to a key server.
For your normal hard drive encryption, you will need a symmetrical type
of encryption program. This means the same key is used for both
encryption and decryption. There are many such programs. I strongly
recommend TrueCrypt.
TrueCrypt uses the passphrase to encrypt a randomly created key. It
stores an encrypted copy of the key within the headers of the encrypted
device. It is the plaintext of the key that is used to encrypt (and
decrypt) the contents of the disk or container on an as needed basis
into RAM memory.
With PGP a public key is chosen to encrypt the message. PGP will then
generate a one time session key which it uses to encrypt the message.
This session key is then itself encrypted with the public key of the
intended recipient of the message. This encrypted copy of the session
key is then wrapped in the headers and sent along with the encrypted
copy of the message to the recipient. Only the recipient has the
private key which can decrypt this session key. If there are multiple
recipients, then this session key is encrypted to the public key of each
recipient in turn. All these different encrypted versions of the
session key are then wrapped in the headers of the message. Each
recipient can decrypt his version of the session key, which will then be
able to decrypt the message. PGP also has a keystore. The keystore is
protected by the passphrase.
The sender of a PGP message may choose to sign a message. The message
may or may not be encrypted. PGP will then encrypt the hash of the
message contents using the senders private key. His public key can then
be used by the recipient to check that his hash of the message is
identical to the original, thus proving it was made using the sender's
private key. Only one private key, the sender's, can encrypt the hash
such that it will check out correctly with the sender's public key. If
even a white space between two words is closed up in a message, the
signature will show as bad. This offers a very secure method of checking
both the accuracy and the authenticiity of a message.
Truecrypt and many other symmetrical encryption programs store the key
within the headers of the partition or container. One question often
asked by newbies is whether the passphrase is also stored somewhere
within the encrypted file. No. The passphrase is passed through a hash.
It is the hash output that is stored within the headers of the encrypted
container. The program will compare this hash with the hash it produces
from your passphrase that you type in to mount (open) the container. If
they are identical, the program will use your passphrase to decrypt the
key that the program generated to encrypt the disk or container. It is
this key that will then be used to decrypt the disk or container on the
fly. Truecrypt explains this in detail within the users manual that is
downloaded with the program. I strongly urge you to read and digest.
Hashing is a one way action only; it is impossible to derive the key
from the hash output. The hashing process is simply a way of checking
that the correct passphrase has been input. If the program was somehow
altered to force it to use an incorrect passphrase, the output would be
garbage. There is no shortcut or fix, without the correct passphrase
the output will be junk.
TrueCrypt offers the option to use a keyfile. This can be in place of or
in addition to the passphrase. Please read the manual for full
information about this very useful feature.
4. I have Windows, am I safe?
Windows is a closed source operating system which is a law to itself.
Each new update that is released by Microsoft seems to need further
updates to fix the security holes discovered in the previous releases.
It has been an ongoing process over many years with no end in sight.
These weaknesses can manifest themselves as security holes when on the
Net. A further problem with this operating system is its seeming
determination to write to your hard disk all sorts of information that
may be hidden from your view in all sorts of places that could be found
by a forensic examination of your computer.
Thus we have a two fold problem. Firstly, the problem of Windows
having the potential of security holes that might be exploited by
snoops and hackers using the Net and a different security problem of
writing all sorts of information to sometimes hidden folders that might
not be obvious from a cursory check by you, but easily found by a
forensic examination.
If you wish to protect yourself from these potential weaknesses you
need to have an effective firewall, an effective anti-virus and an
anti-spyware program. That will hopefully help to minimize the threats
from outside. That is only the start. You also need to replace your
Windows Internet Explorer browser and your Outlook or Outlook Express
Email client for something a lot more secure. I like FireFox and
Quicksilver. Even these need support by using specialist programs.
Even with Firefox or any other Web browser it is imperative that you
disable Java and Javascript.
In some countries, even this might not be enough. Such countries can
force you to hand over your passphrases to these encrypted drives by
threatening imprisonment. As more and more judicial systems seem to be
leaning ever closer to this sort of injustice (injustice because the
culprit is being forced to self-incriminate himself which is in direct
violation of Article 5 of the Bill of Rights; the right to refuse to
be a witness against oneself), so it is more and more important for
the individual to protect himself.
Because of these encroachments on our liberty I propose in this Faq a
method of plausible deniability. This means you can justify every
one of the files and folders that are on your computer. More than that
you must be able to justify every single program, naturally including
TrueCrypt and VMWare.
In the past I have strongly recommended Drivecrypt Plus Pack (DCPP).
However to use this program, or any of the encryption programs from
Securstar, it is necessary to enable both cookies and Javascript. I
can live with cookies as they can be removed immediately after use, but
I will not tolerate Javascript. These both need to be enabled to
register the program to allow continued use after its trial period has
expired. This together with it being closed source have caused me to
change my suggested solution to desktop and laptop security.
5. So what do you recommend now?
I recommend using VMWare Workstation 6 together with Truecrypt. VMWare
is expensive, around 200 US dollars. But so is DCPP. I believe VMWare
is far superior when used in conjunction with TrueCrypt. It is also
open source. It is far easier to justify having on your computer, yet
will hide your activities, provided it is setup as suggested in this Faq.
I find it far easier to use in conjunction with my usual desktop
programs. I am aware that VMWare server is free and I believe also
open source. I have not tested it.
There are many other virtual machine programs - some are free and open
source. I recommend VMWare because I have used it and I have faith in it.
VMWare is for software development engineers and IT professionals. Being
a commercial program for professionals it is more likely to be well
sorted, especially now it is at version 6. This version at last includes
full USB support - a very useful feature indeed.
Key Features:
Broadest host and guest operating system support. It runs on both
Windows and Linux host operating systems and supports most desktop and
server editions of Microsoft Windows, Linux, Solaris x86, Netware, and
FreeBSD as guest operating systems. Supports 32 and 64 bit host and
guest operating systems. Fully configurable, each virtual machine has
configurable memory size, disks and I/O devices and support for CD, DVD,
floppy and USB 2.0 devices. You can specify up to 8GB of RAM per virtual
machine
It will appear very daunting at first, but if you follow the suggested
steps, it will become relatively straight forward and even obvious after
a couple of experimental uses. Importantly, everything is done in RAM
and within your encrypted TrueCrypt drive. Despite Windows saving
snippets of your activities, it matters not a jot, because everything it
writes is within your encrypted drive. A very elegant solution to the
problem of how to keep control of Windows.
6. How does this system work?
A detailed setup procedure follows later in the Faq, but briefly:
VMWare Workstation 6 will allow you to create a new bootable Windows (or
Linux or Solaris) operating system, after having already booted into
Windows or Linux in the usual way. It is necessary to open your
Truecrypt container or partition from within Windows first, but that is
the limit of your liability. Meaning that you then start VMWare
Workstation 6 and choose to boot into your virtual Windows from within
your now opened Truecrypt drive. There is always the slight risk of a
Trojan or Tempest attack. To minimize this risk, you must choose a good
firewall and anti-spyware program. I recommend Zonealarm for this.
Note: There are many effective firewall and anti-spyware programs.
Zonealarm has the merit of being very easy to use and is strongly
recommended especially for that reason.
The VMWare program installation can and should be within your usual
desktop. This might sound alarming, but it is not a problem. What
is important is that your VMWare virtual machine must be installed
within your secret TrueCrypt drive. This might sound confusing, but
VMWare creates a virtual machine which is the tool that handles the
guest operating system. Your usual desktop or laptop is referred to
as the host.
Once a virtual machine has been created by VMWare, it is then used to
install a fresh copy of your chosen operating system. This might be
Windows or Linux or even Solaris. This new operating system will
automatically be installed and run from wherever you installed the
virtual machine. In this case, within a TrueCrypt container. After
it is mounted, this container which might be a file or even a whole
partition, will appear as a new drive with its own designated drive
letter to Windows. After booting into your TrueCrypt virtual machine,
you will see in "My Computer" a similarly designated drive C. This is
not your original boot drive C. It is a virtual drive that exists
within your TrueCrypt virtual machine only. This virtual drive has no
contact with your orignal bootable drive C whatsoever. This cannot be
stressed too strongly.
To help with plausible deniability, you should have another virtual
machine (you can have as many as you wish) which should be your honeypot
version. This should be installed within its default location on your
desktop within "My Documents".
Whereas your truly secret virtual machine must be installed within a
TrueCrypt container.
You only need to create the virtual machine once. Likewise, you only
need to install your Windows (or whatever) operating system once. This
is because you can import a once created virtual drive to any other
drive as many times as you wish. You can change several parameters at
this time, including the size of the virtual hard drive you have already
created. All your programs that are recommended further down the Faq,
will be installed only into your truly secret virtual operating system.
Once setup, you will then use it exactly as you would your usual desktop.
This means you boot into your Windows/Linux desktop, then you open your
TrueCrypt drive, then start VMWare, open your Virtual Machine by
navigating to it in your TrueCrypt drive, then starting it by clicking on
"Power on this virtual machine". You shut down by reversing this
procedure.
Note 1: It is possible to tell VMWare to look outside its own specially
created virtual drive, to read other drives contents. Meaning it could
write to these other drives. I would only do that if you are sure you
know what you are doing. No harm is done by keeping all your data
within the VMWare virtual drive. I strongly urge you to do this unless
or until you are a true expert in its use.
Note 2: It is important to tell VMWare not to share its memory with
its host (the host is your usual desktop or laptop operating system).
7. Could I boot off a CD or DVD?
Yes. Using BartPE (do a search on the Web if you wish to find out
more). I found it very slow. Too slow for my purposes. The VMWare
documentation talks of creating an ISO file from your virtual machine
and presumably burning to CD or to an USB stick and then using it to
boot. However, this CD/DVD or USB stick will not be encrypted and is
therefore a possible subject for forensic examination in the case of a
search. In any case it will be very slow in use, as is the BartPE.
Of course you could use it as the basis for a honeypot boot system.
8. How difficult is it to break into TrueCrypt or PGP?
Very difficult, in fact for all practical purposes, it is considered
impossible. In most cases, the weakest link will be your passphrase,
or being compromised by a hardware key-logger through not having good
security on your desktop. From time to time non-expert net users make
speculative suggestions that the American intelligence agencies have
already cracked these programs. FUD - Fear, Unease, Despair. Probably
put out by these self same agencies to try and detract you from using
these programs. Cryptanalysts are certain that these modern programs
with large key sizes of around 256 bits are impossible to crack into
with todays technology, or even whatever is on the horizon. Even with
the future of quantum computers, which should be able to factor very
large primes very quickly, this may well affect PGP but not TrueCrypt.
The likely weakest link will be your passphrase.
Your passphrase should be long. Every extra character you enter makes
a dictionary search for the right phrase twice as long. Each time a
bit is added it doubles the number crunching time to crack into the
program. If you also use a keyfile, this will make it even harder.
Of course an attacker cannot know whether or not you have incorporated
a keyfile with your passphrase. This vastly increases the difficulty
level of cracking into your TrueCrypt container.
Each keyboard character roughly equates to 8 bits, and is represented
on the drive as two hexadecimal characters. This suggests a 20
character passphrase is roughly equal strength to the encryption. In
practice, probably not. A keyboard has around 96 different combinations
of key strokes, thus multiplying this number by itself 20 times is a
hugely large combination, ensuring a high probability of defeat at
guessing a passphrase. But few people can remember a truly random 20
character passphrase. So most people use a less than random one. This
means it should be longer to help compensate for this lack of entropy.
9. What about simple file by file encryption?
I recommend either PGP Tools which comes free with PGP or Kremlin. Of
course this is not necessary for files within your encrypted drive.
But is essential to clear files off your computer that are outside your
encrypted drive. Fortunately, if you follow my suggested method, there
should be no traces of any of the activities you perform within your
TrueCrypt virtual machine. As already explained, your guest operating
system (the VMWare virtual machine) cannot see your usual C drive, or
indeed any other of your drives unless you tell it to do so.
PGP Tools is a long winded process just to encrypt a single file, as it
asks you to first choose a key before entering the passphrase. Kremlin
is quicker because it allows you to right click on the file to be
encrypted, a password box opens and that is it. It also similarly
allows you to wipe any file by right clicking. This can also be done
by PGP. Another recommended program to erase individual files is Eraser.
10. Can I encrypt files on a floppy or USB stick?
Yes, use TrueCrypt or PGP Tools or Kremlin.