TrueCrypt in Debian

[Polaris96]

Without speculating TOO much on this one, sickie, I don't think the actual encryption is weak. They're using the blowfish algorithm by default which is pretty secure, and they've got rsa keys and lots of the usual gizmos for a secure filesystem thrown in the pot.

That's not to say there couldn't be a back door in the code (even an inadvertant one. Something similar was found in openssl not too long ago. It happens...)

What really makes an app like TCHunt so disturbing is not that it weakens the encryption, itself, but that it reveals a partition which ought to be invisible. The whole point of deniable encryption is for the observer NOT to be able to detect the encrypted layer. If that layer can be detected at all, it ISN'T deniable encryption.

I bet TCHunt's snooping around in fuse. Most of the fuse based encrypted FS's are less secure. Thats why ecryptfs got away from fuse.

I love the IDEA of this kind of thing - it's so james bond, y'know? ecryptfs and even openssl really work good, but the idea of a "secret compartment" inside some ordinary seeming encrypted filesystem is just so damned nifty!

BTW had zero problems compiling the source code, but it's crashing because it wants gtk+ and I'm running kde, which runs under qt. Im not really sure how to fix this, yet. Might try the ubuntu package. If you need encryption NOW just grab ecryptfs. TrueCrypt's more like a nifty toy than a necessity esp in light of the existence of TCHunt.

EDIT: just turned up two new candidates for this kind of encryption. I've come across two Fs's called SFS and StegFS (both meaning "steganographic FS" I haven't tried either, yet. My source says SFS is pretty rough around the edges and StegFS is more polished. Will post more when I've tried them.

EDIT2: There's also a main repo available package called steghide that will hide data steganographically. So far as I can tell, though, it's made for hiding indivdual files, not whole Fs's. I see this as a useful tool to, say, hide all your passwords in a jpeg, etc. Again, if it looks real good I'll add more.

[BioTube]

If you REALLY want to be secure, make your encrypted filesystem ReiserFS. It's the digital version of flash paper(especially if you keep raw images using the same FS).

[Polaris96]

Not to mention that reiser is a very high performance FS. I like it much better than extn. I use reiser for "regular" files and XFS for "big" (media video) files

EDIT REGARDING STEGFS AND SFS: ok, StegFS seems to be dropped. last changes were implemented in 2004 and they say it's beta and might whack your data. ...Tennis anyone?

SFS seems windows focused and makes no mention of source code or Linux binaries.

I did, however, come across a a project called MagikFS, which isn't ready for release but sounds quite promising.

Steghide has proven extremely easy to use. I recommend it highly. With a little creativity and some bash scripting (ok maybe with a dash of perl or mysql) you can use steghide to create an invisible archive for data that will work just like a steganographic FS. I think I'm going to pursue this route and keep a weather eye on MagikFS for the future.

[sickie]

I bet TCHunt's snooping around in fuse. Most of the fuse based encrypted FS's are less secure. Thats why ecryptfs got away from fuse.

When I checked TCHunt's webpage it's windows only and volumes shouldn't be mounted for it to find them so that rules out that it's a fuse issue but. It's truecrypt methodologie itself.

[Polaris96]

Nicely done. It's too bad about TrueCrypt. I never felt the need for this kind of thing b4, but now I feel like I really want a steganographic file system. Funny how that works...

[Jackiebrown]

If you don;t use windows, you might just look at LUKS

[BioTube]

Not to mention that reiser is a very high performance FS. I like it much better than extn. I use reiser for "regular" files and XFS for "big" (media video) files.

My comment wasn't flattery: I had to reinstall Linspire every week or two because Reiser nuked everything. To be fair, though, I haven't tried Reiser4, nor do I intend to.

[Polaris96]

to each his (or her) own. I haven't had any problems with Reiser3. I don't like the CLI support for reiser4, yet. I tried it but found it pretty confusing. One thing I love about Linux is the way EVERYBODY's doing something unique - it's good for innovation.

EDIT: irt LUKS. It looks pretty good as encryption but it isn't steganographic (the data doesn't "vanish" behind other files). I like the idea of using the device mapper but I wouldn't replace ecryptfs with LUKS. Ecryptfs is main and has great support and it's very secure. I'll always use it except when I want deniability.

If you're not demanding in the amount of data you want to hide steganographically, you can REALLY do some creative stuff with steghide. I'm having lots of fun nesting it. Can't go further ... Moscow might be listening on the blue channel :p