[wellylug] USB stick protection

Atom Smasher atom at smasher.org
Sun Mar 29 18:45:29 NZDT 2009 

On Sun, 29 Mar 2009, Cliff Pratt wrote:

> Atom Smasher wrote:
>> On Sun, 29 Mar 2009, Cliff Pratt wrote:
>>
>>> http://mareichelt.de/pub/texts.cryptoloop.php
>>>
>>> Though I'm not sure that TrueCrypt == truecrypt and whether the flaws
>>> are to be found in later versions of truecrypt > 4.1.
>> ======================
>>
>> first paragraph, last sentence: "Up-to-date versions of dm-crypt (with
>> LUKS) and truecrypt are also ok to use."
>>
>> also: "Unfortunately truecrypt [versions prior to 4.1] is just another 
>> broken device crypto implementation that uses good ciphers in insecure 
>> way. Specially crafted static bit patterns are easily detectable 
>> through that kind of bad crypto. Requirements: (1) used ciphers must 
>> have 128-bit block size and (2) file system where bit patterns are 
>> stored must have 2K or larger soft block size. Many popular linux file 
>> systems meet those requirements."
>>
>> the paper is about 5 years old.
>>
> Yes, but last modified last November.
=================

it's been updated but refers to an implementation error that seems to have 
been fixed in late 2005...

http://www.truecrypt.org/docs/?s=version-history

truecrypt 4.1 - November 25, 2005... "To prevent a recently discovered 
attack, which affects plausible deniability, we strongly recommend that 
you move data from your TrueCrypt volume to a new volume created by this 
version. Description of the attack: If a series of certain plaintext 
blocks is written to a mounted volume (i.e., if it is correctly 
encrypted), it is, with a very high probability, possible to distinguish 
the volume from random data. This affects volumes created by all versions 
of TrueCrypt prior to 4.1, except volumes encrypted with AES-Blowfish or 
AES-Blowfish-Serpent."


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Despite all the lives we have destroyed and all the money so
 	 ill spent, today illicit drugs are cheaper, more potent, and
 	 far easier to get than they were 35 years ago at the beginning
 	 of the war on drugs. Meanwhile, people continue dying in our
 	 streets while drug barons and terrorists continue to grow
 	 richer than ever before. We would suggest that this scenario
 	 must be the very definition of a failed public policy."
 		-- Law Enforcement Against Prohibition

More information about the wellylug mailing list