Hiding files inside images (Steganography)

fergalr wrote: »

The owner of the volume could plausibility deny it, but the adversary will still suspect the existance of the message; so truecrypt, as a whole system, doesn't offer steganography.

Ill tell you what, make some memory dumps compress and encrypt them for security and add all your files in there for any serious software developer memory dumps are quite common and quite large in size good luck for anyone shifting through that load of muck! And not to mention if there is 20 memory dumps gl finding the right one!

srsly78 wrote: »

Fergal TrueCrypt lets you give a "fake password" for $5 wrench scenarios, this gives access to a fake "secret" partition.

First off, to the best of my knowledge:

- For a given truecrypt container, there can be one 'standard' 'outer' volume, and one 'inner' 'hidden' volume.

- The truecrypt docs refer to those as 'standard' and 'hidden' volumes.
http://www.truecrypt.org/docs/hidden-volume


So, you are saying, that you just give the password to the 'standard' 'outer' volume, and all your worries are over, Truecrypt has successfully protected you, and hence is equivalent to steganography?


My point is, that in this unfair and nasty world that we live in, if a bad guy is standing over you with a wrench, and you give him the password to the 'standard' volume, do you think all your worries are over? S/He decrypts the volume, and says 'Oh, that doesnt have the files we are looking for. Sorry about that, you can go now.'? Or, do you think they will say 'oh, I see you are using software which supports an additional hidden volume. Please give me the password for it.'


Now, thankfully, I live in a nice country like Ireland, where I would only be using truecrypt to stop someone who stole my laptop looking at my personal files, and where $5 wrenches are rare.

But, there are people who live in nastier parts of the world. If you live in one of those parts, the plausibility deniability of Truecrypt isn't going to help you, if the bad guys take your computer and see at the .tc files.


You might say 'well, perhaps if they just see jpegs on your computer, they'll suspect you have data hidden in the jpegs, and will interrogate you anyway?'

However, I would say that the [probability_of_hidden_data, given truecrypt] is very much greater than the [probability_of_hidden_data, given jpegs on computer]. I think it'd be hard to argue with that.


We are into pretty abstract distinctions, in questions of degree of security here. Thankfully.

Dermot Illogical wrote: »

The installer won't work offline. Is it set up to phone home or something?

Edit: It's trying to connect to bi.bisrv.com if I'm reading wireshark correctly. What's that about?

Heh the plot thickens, as this all been an elaborate ruse?