CipherShed Forum

compul wrote:Im my opinion Evil Maid should definately be considered. There's enough scenarios I can imagine that scare me with it. Then again I'm paranoid. Then again that's a good thing.

You've already got (optional) off disk bootloader in the accepted proposals. Use it and your bootloader can't be infected by EvilMaids.. unless you leave your USB bootloader key where thay can access it.

This is exactly why I put it there

To be honest If i had something sufficiently sensitive that I thought EvilMaid attacks were a serious concern, my entire TrueCrypted laptop would be a decoy and all the serious work would happen under Debian booted off that USB you propose having the bootloader for TC on, but that's just me

I stated earlier that I haven't used TC in years, since everything I consider remotely sensitive is on my debian machines. So it's not just you.
It's not an assumption to work off of though.

Well what would be really cool, but probably infeasible, would be if a hidden OS could be set up on USB rather than a second partition, which would enable people to keep anything really sensitive with them, or hidden.. but that's just blue sky thinking. Unlike Linux I've always found Windows a bit hostile to letting itself be run from anything other than an internal drive though.. Plus the last thing I want to encourage is a rush to "cool new features". And that probably has security implications I haven't considered.

The assumption to work off is "Most users are locked into Windows, and don't want the learning curve for anything else even if it's better suited"

i think is getting rid of system encryption is a bad idea since windows can leaks info about your encrypted volumes encrypted OS = put on an encrypted partition not in plain text

gabranth wrote:i think is getting rid of system encryption is a bad idea since windows can leaks info about your encrypted volumes encrypted OS = put on an encrypted partition not in plain text

This is exactly why we definitely can't drop support for the encryption of the system boot drive. You have to worry about the swap file, the hibernation file, all the stuff in the Windows registry (last open files, last open programs, file paths, all kinds of stuff is stored in the registry).

If this is a survey, then my vote is definitely YES to retain partition encryption. I believe this is one of the foremost features for which people use Truecrypt. Although I suspect it will be a challenge to implement partition support for W/8 and UEFI, I feel it is of paramount importance for keeping Truecrypt (successor) viable. I also feel strongly that future versions retain backward compatibility to existing header and data structure formats.

There will undoubtedly be an urge to upgrade data on-the-fly -- such as updating the pass-phrase validation fields to accommodate enhanced security. I urge this to NOT be done automatically -- but only with user consent -- in case this data is being shared amongst a variety of systems. i.e., Confirm with the user before making any changes which are not backward compatible. Users may not always be able to synchronize software upgrades on all platforms (for a variety of technical or policy reasons). This consideration is also applicable to further newCrypt evolutionary changes.

My feelings exactly, Mac.

I've offered to maintain this functionality personally. The code doesn't seem so bad to an old geek like me who still thinks in 16-bit assembly code! Don't worry... be happy... we'll maintain it.