5th Amendment case in Vermont. Computer passwords and child porn

[CCinPA]

From the TrueCrypt site.

"Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a password when a user forgets it?

A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header)."

[netw0rkpenguin]

I think this is a bit different from having a master key that will work for any truecrypt volume created by anyone, by them, without their knowledge.

Quote:

Originally Posted by CCinPA

From the TrueCrypt site.

"Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a password when a user forgets it?

A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header)."

[sjl127]

Quote:

Originally Posted by netw0rkpenguin

Aren't they the company that got put to shame when it was exposed it is jsut a regular thumb drive with a program and not real hardware encryption? There were even pictures of the board to show there was no dedicated crypto chip on it? Could be another vendor but I'd look it up if I were you. If you want good hardware crypto look at flagstaff hard drives, they are a bit pricey though.

For just anonymous browsing burn yourself a live cd distro and use a proxy chain.

I should go do some work instead of dispensing infosec advise...

I don't think so, I researched ironkey before I bought it, and couldn't find anything negative about it.

for somewhat secure browsing, I use tor.

[D-FENS]

Quote:

Originally Posted by netw0rkpenguin

I'm sorry that's complete bullshit. Doing so on a linux machine is not for the faint of heart but mine is setup to require a password and a USB key, work windows laptop is setup with PGP and whole disk encryption, any moron can pay for PGP and enable it. Good luck subverting it (yes I know FBI has installed hardware loggers before int he Scaro case).

Easy there killer. There's no need to be a dick. This is PAFOA not Digg.

First off, we're talking about OS X as that is what Joe Smith uses. Secondly, no one is talking about encrypting linux. Thirdly, I have no idea why the mention of PGP. I was talking about GPG as a potential method. Finally, a few reasons why encrypting the system disk in it's entirety is bad are because the whole system would reside on a single encrypted image. That's a single point of failure. If you corrupt anything within that image, the whole disk image and, in turn, the system is useless. Also, it makes backups a pain in the ass, resulting in a higher risk of corrupting the encrypted image.

[sjl127]

Check out my ip address from my previous post, and compare it with the IP of this post. Can a moderator post them for us to see?

[sjl127]

Encryption may be good for gunowners, for when we get all ours confiscated at gun point, we have plans to make a zip gun.

[netw0rkpenguin]

Quote:

Originally Posted by sjl127

Check out my ip address from my previous post, and compare it with the IP of this post. Can a moderator post them for us to see?

I'm sure you figured out how to use a proxy. TOR is ok but its an ongoign battle. I assume you heard about the guy who recently got arrested after he published that he was reading foreign embasy emails going out hit TOR exit node. TOR is a lot better then nothing but it's not something you should rely on if your life or freedom are at stake.

I really liked the DEFCON presentation about how a sophisticated opponent that controls about 30% of the nodes can compromise the identity of the users.

[sjl127]

I haven't heard that, what happened?

[netw0rkpenguin]

Quote:

Originally Posted by D-FENS

Easy there killer. There's no need to be a dick. This is PAFOA not Digg.

First off, we're talking about OS X as that is what Joe Smith uses. Secondly, no one is talking about encrypting linux. Thirdly, I have no idea why the mention of PGP. I was talking about GPG as a potential method. Finally, a few reasons why encrypting the system disk in it's entirety is bad are because the whole system would reside on a single encrypted image. That's a single point of failure. If you corrupt anything within that image, the whole disk image and, in turn, the system is useless. Also, it makes backups a pain in the ass, resulting in a higher risk of corrupting the encrypted image.

I just don't like to see missinformation being spread. Yes you mentioned GPG, but the article is about PGP. The system disk is on encrypted disk, nothing is stopping you from using a 2nd/external disk with a separate pgp volume or even a different encryption method if you so choose. If you really want you can have multiple volumes on the same disk, encrypt the OS parititon with whole disk crypto and then if you ever need to rescue data only rescue your data partition.

If you backup your key then you should be fine. I can name dozens of things that are a single point of failure. Either your system runs or it doesnt. Windows critical files get corrupt by all sorts of bad things, having or not having whole disk crypto wont make a difference either way. Never had or seen any backup issues due to whole disk encryption.

[netw0rkpenguin]

Quote:

Originally Posted by sjl127

I haven't heard that, what happened?

http://www.securityfocus.com/news/11486
http://security4all.blogspot.com/200...-arrested.html