Skip

Autoplaying an Encrypted Thumb drive
January 31, 2007 1:55 PM   Subscribe

Autoplaying an Encrypted Thumb drive: Step by step instructions to get a thumb drive encrypted with TrueCrypt to automatically mount on Windows when inserted. Truecrypt requires Administrative Access.
posted by Mitheral (15 comments total) 9 users marked this as a favorite

 
For a moment, I thought this could be the most evil device ever invented: a black box that automatically plays its hidden contents as soon as you plug it into a PC. Fortunately, you have to know (and type) the password first.
posted by b1tr0t at 2:04 PM on January 31, 2007


As he mentions in the February 7, 2006 update, when he wrote this he hadn't yet found the "Traveller Mode" section in the manual, which explains how TrueCrypt can do all of this for you.

I'm using TrueCrypt 4.1 (current is 4.2a), and for what it's worth I spent a bit of time a while ago figuring out how to pack as much info as possible onto a Traveller Disk. The winning formula (again, for version 4.1) is:

(disk capacity in bytes) / 1024 - 1032

I.e. that's the size, in KB, of the volume you should create on the drive before running "Traveller Disk Setup". (And for nitpickers, the above formula assumes your disk capacity is evenly divisible by 1024, which is a pretty good assumption.)
posted by forblaga at 2:19 PM on January 31, 2007


Oh, and that's if you don't include the TrueCrypt Volume Creation Wizard on the Traveller Disk.
posted by forblaga at 2:21 PM on January 31, 2007


I thought I came to Metafilter to get away from Digg.
posted by dmd at 2:43 PM on January 31, 2007


Also encrypt your entire Windows profile and encrypt your swap file.
posted by aye at 2:58 PM on January 31, 2007


I thought I came to Metafilter to get away from Digg.

What, are you saying you've already reddit?

posted by cortex at 3:02 PM on January 31, 2007


I mean, we could talk about something else. Airplanes? Do you want to talk about Boeing? Boeing?
posted by cortex at 3:09 PM on January 31, 2007


I'm just saying that it seems the decay, rot and kuro5hin have really started to set in around here.

The next thing you know people are going to start posting links to slash fiction. Dotty, I know.
posted by dmd at 3:17 PM on January 31, 2007


I don't know. I feel that the conversation has gained a sort of plasticity. But then, I've never met a chat I didn't like.
posted by cortex at 3:32 PM on January 31, 2007


dmd writes "The next thing you know people are going to start posting links to slash fiction."

I promise, no slash fiction ever from me.
posted by Mitheral at 5:46 PM on January 31, 2007


What the hell is the point of doing that?

That said, truecrypt is totally sweet. But it doesn't let you nest encrypted volumes like Russian dolls.
posted by delmoi at 6:31 PM on January 31, 2007


Honestly, I was happy to see a bit of tech here presented in a simple "Here's a way to do something both reasonable and practical." Metafilter is where I come to get away from the impracticality of slashdot and the breathless uselessness of digg.

Also, I use a disk in traveler mode pretty regularly -- Truecrypt is the only technology of its kind I put much stock in since it doesn't have a vendor lock-in dark side. I do wish they would hurry up with the other platforms, though.
posted by abulafa at 6:33 PM on January 31, 2007


delmoi - not sure what you're looking for.

TrueCrypt supports a "plausible deniability" feature (two encrypted segments in the same volume with different keys -- one to reveal under duress, the other not to -- the hidden volume ostensibly hard to discover in the entropy of the first).

You can also just create a new tc volume in a mounted tc volume -- I use that strategy for storing dangerous malware in the equivalent of blisterpack.

Or do you want multiple volumes in different encryption envelopes with the same key?
posted by abulafa at 6:37 PM on January 31, 2007


TrueCrypt supports a "plausible deniability" feature (two encrypted segments in the same volume with different keys -- one to reveal under duress, the other not to -- the hidden volume ostensibly hard to discover in the entropy of the first).

Right, but I'd like to have the ability to create a third hidden volume inside the second, and a fourth inside of that, and so on, ad infinitum. People pressuring you might assume you have a hidden volume, but how many levels deep can they keep making that assumption? A turtles all the way down approach takes the deniablilty from plausible to near certain.
posted by delmoi at 7:27 PM on January 31, 2007


"Plausible Deniability" mode isn't nested at all, and I think people have a mis-understanding of what it means. You're not creating one crypted volume within another, you're creating two crypted volumes side-by-side but as part of the same *.tc file. Each one can then have a separate password, but when the volume is mounted you only get asked for one. That way if somebody puts a gun to your head you could type in the password to the dummy one (hopefully pre-filled by you with official-looking junk) and they won't even know that there was another password you could have typed at the same prompt that gave access to another volume in which you keep the genuinely secure content. It's a form of steganography in that according to theory you shouldn't be able to find out that there were two actual volumes through any method except insider knowledge. The alternative that delmoi seems to be suggesting is more cryptographic layer upon cryptographic layer like a matryoshka (russian nesting) doll, which can be done by inserting the *.tc into the mounted volume of another *.tc with a different passcode. All you have to do is put it at 3 (or more) layers and occasionally name layers with some other extension to increase the likelihood they'll be thrown off.
posted by mystyk at 8:45 PM on January 31, 2007


« Older Sand art by Ilana Yahav   |   Clean as a Whistle. Sharp as a Tack Newer »


This thread has been archived and is closed to new comments



Post