Silk Road forums

Discussion => Security => Topic started by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 10, 2012, 10:37 pm

Title: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 10, 2012, 10:37 pm
A simple google search gives you a nice little blend of either outdated or (possibly) intentionally misleading information about the reliability of Truecrypt.

https://encrypted.google.com/search?q=crack+truecrypt&gbv=1&sei=aALVT5qWLIy78gO33LCiAw&hl=nl&sa=X&nfpr=&spell=1

Page 1 gives you results from: "Not even the FBI can crack truecrypt" to "Schneier research team cracks TrueCrypt"

Yet my questions refer to one I found on Wilder's: "Passware Kit Forensic Decrypts TrueCrypt Hard Disks in Minutes"

http://www.prnewswire.com/news-releases/passware-kit-forensic-decrypts-truecrypt-hard-disks-in-minutes-89502507.html"

Old news I know, but this particular attack seems to leave mainly those using Apple hardware vulnerable by utilizing a Firewire port to obtain passwords and encrypted data. Just another reason to always shut down your computer entirely if/after/when you have been up to some good, and with this part being particularly comforting of course:

"The software, which can also run in portable mode from a USB drive, is capable of finding encrypted data and recovering file and website passwords without making any changes to the target computer."

Which leads me to a couple questions. For centuries, spreading misinformation has been one of the most often utilized, simplest, and cheapest methods to infiltrate and disrupt an enemy and it's network, in this instance, these forums, and S...k Ro...d itself. With the world-wide scale of the marketplace, the budget, man-hours, and international cooperation to attempt using Tor/GPG-cracking, brute-force, global Tor-traffic analysis, ect, is (most) likely not a serious concern for most members (unless you are actively involved in hosting and running these domains of course).

In that spirit, and with level of technology we have available to us today, the easiest and most financially feasible way to attempt to disrupt a global network such as ours is by intentionally feeding misinformation to all those who read these forums, and the internet in general.

1. How might that analogy relate to the variety of opinion's on a Page 1 Google search about TrueCrypt? Should TC be trusted? Or not? [Regardless of the fact that secure, physical storage of USB/SD cards, ect, is equally important as the encryption that protects the information inside them.

2. And secondly, with (most) any computer/server being vulnerable to RAM freeze-spray attacks (which can also allow an adversary to obtain passwords and bypass encryption), I was curious if the “Use secure virtual memory” option available to OSX users in System Prefs. in anyway helps protect from such an attack?

Apple states that by checking this option, it allows one to: "...encrypt any information from random-access memory written to the hard disk by virtual memory."

Does this mean that the contents of the RAM would be encrypted in such a case, and not plain-text, which is (from my understanding) how this attack is effectively used ? Would/does this option provide any protection from freeze-spray attacks?

Later!

☀ℇɣểἠ℉℧ℜƮℍƺ℞☀
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: oscarzululondon on June 11, 2012, 12:39 am
I've been looking at this myself recently as an attack vector and it isn't just Apple OS X that's vulnerable to this form of attack, Windows and most GNU / Linux operating systems both are too. BSD usually isn't, but that's because BSD is tighter than a nuns arse and a different matter.

1. How might that analogy relate to the variety of opinion's on a Page 1 Google search about TrueCrypt? Should TC be trusted? Or not? [Regardless of the fact that secure, physical storage of USB/SD cards, ect, is equally important as the encryption that protects the information inside them.

No. There have been Law Enforcement back doors in TrueCrypt for around 4 years now. At the time 4 years ago it was plastered all over the internet, but now when I perform searches for it not a lot comes up, although you can find information if you dig around enough. If you are using a GNU / Linux OS (Ubuntu for example) there are far better encryption methods than TrueCrypt included for free anyway. That's why I always chuckle when I read a "I'm using Ubuntu etc and need help using TrueCrypt. It's a bit like owning a Ferrari and asking why your Ford tires aren't very good on it.

2. And secondly, with (most) any computer/server being vulnerable to RAM freeze-spray attacks (which can also allow an adversary to obtain passwords and bypass encryption), I was curious if the “Use secure virtual memory” option available to OSX users in System Prefs. in anyway helps protect from such an attack?

For the things we do here definitely. If you work for any kind of government institution or research facility this feature is in fact enabled by default. Enabling secure virtual memory won't protect you 100%, but it's a step in the right direction.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: goturprints on June 11, 2012, 02:10 am
im sure the dea and cia will kick ur shit in and then freeze your fucking pc...lol

its the stupid little shit that el' get u clipped!
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 11, 2012, 02:49 am
Thanks oscar...

I believe "Use secure virtual memory" is enabled by default these days, no? Either way, I'm certain there are SR opi-fans across the globe, all accidentally nodding out in front of their screens as we speak, completely unaware of the (possible?) protection that simple button may be providing them then? ;)

I don't think there are backdoors written into TrueCrypt itself though as it is Opensource. However, as mentioned in the link above, there are government paid/contracted company's (allegedly) cracking it and selling the tech to LE.

From my research on TrueCrypt, recent court cases, ect, it (should) matter if they have probable cause to believe there is information on the volume(s) related to the case in the first place, balancing with the varying Federal, yet state-level, opinions regarding constitutional rights against self-incrimination.

I'd be curious to see how 'any' encrypted disk/image/file simply titled (f.x.) "Doctor-Patient Confidentiality" would/will stand up court, regardless. That could/would be a lawsuit waiting to happen and I'd like too see any judge willing to make that ruling. That is of course, opposed to titling it: "My fav SR crack vendors" or whatever.

Later...

☀ℇɣểἠ℉℧ℜƮℍƺ℞☀
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: oscarzululondon on June 11, 2012, 03:03 am
I believe "Use secure virtual memory" is enabled by default these days, no?

No it's not

I don't think there are backdoors written into TrueCrypt itself though as it is Opensource. However, as mentioned in the link above, there are government paid/contracted company's (allegedly) cracking it and selling the tech to LE.

I've read this before here. It always surprises me as the backdoor code is obviously there to see. Will find it later for you as have been mentioning it a few times here, but it's blatantly obvious. It's like saying "Tor is open source and therefore secure" despite the fact that it was designed and started by the US and Norwegian armies:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)

I'd be curious to see how 'any' encrypted disk/image/file simply titled (f.x.) "Doctor-Patient Confidentiality" would/will stand up court, regardless. That could/would be a lawsuit waiting to happen and I'd like too see any judge willing to make that ruling. That is of course, opposed to titling it: "My fav SR crack vendors" or whatever.

You don't need to wait. These cases happen all the time. Basically in the case you mentioned the law enforcement will turn around (in the US and UK anyway) and say "OK lets let an independent barrister see the contents and decide if they are relevant". If you then refuse you are admitting guilt and if you accept the barrister decides. I personally know friends who have gone to prison because they refused to let the "independent barrister" see the contents of encrypted folders.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 11, 2012, 06:15 am
I suppose the situation is slightly different in the US, as a few password/encryption cases (mostly CP,/carder cases) has been appealed to the highest Federal courts in many individual states, but has yet to make it to the Supreme Court. Everything is still somewhat up in the air, and no law set in stone, primarily due to our constitutional right against self-incrimination. In the US, if you are married, your husband or wife cannot be forced to testify against you either. So laws vary somewhat, and somewhat A LOT, between countries...

[Dreaming of Portugal....]

But regarding the cases you are referring to in the UK, were any of the encrypted disks/folder's titled something similar to "Doctor-patient" or "Attorney-client Privileged"? I'd imagine we have somewhat similar privacy laws in that regard, and here at least there are 'very' strict rules regarding this specific information. I would just be curious to see how a title like that might affect a ruling in the US. Again, as opposed to naming your encrypted file "The best SR-H dealers list". Or whatever.

Later...

☀ℇɣểἠ℉℧ℜƮℍƺ℞☀

Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: hel on June 11, 2012, 08:47 am
Long time lurker here, I read quite a bit in the security threads, but I'm far from a computer expert...
Sorry for interrupting your knowledgable discussion with newbie questions. But I think it somewhat fits. Complain if not ;)

So now you are basically saying that one should not rely on a fully encrypted OS (I obviously use Windows since TC can only encrypt that fully).
And that laptop I use has some kind of "recovery tool" from the manufacturer (I guess you know what I mean?), that loads before the TC bootloader. I don't trust my setup very much to say the least, it's just convenient.
The laptop is just a cheap old thing I had around anyway. I can just toss or DBAN and sell it if it's a huge security risk. A lawyer charges more per hour that it is worth lol.

Should I just go back to using a TAILS Live CD on my clean new computer?

Answers very appreciated :)
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 11, 2012, 12:40 pm
hel,

I'm no computer expert either, although I (could) possibly convert MIDI into $ before you can say:

As far as I am concerned, unless you're being a dick, troll, or drug-user, you are not interrupting, you are participating. We were all newbies once, and most of us are here to help spread reliable information to counter the very 'misinformation' referenced in the title of this very thread.

But nothing is invincible.

Tails is probably a better idea than running Windows, encrypted partition or not, and a LiveOS certainly helps prevent anyone from tampering with your essentials. Booting a LiveOS from USB speeds things up significantly compared to DVD though, and allows you the option to create a partition for storage all from a single flash drive, if you choose. I personally feel there is better support for Apple software (in general), although I have not had the opportunity to tinker around much with Tails or Liberte. And Opensource or not, if oscar is correct regarding TrueCrypt, then there is likely not too much distance between the two.

Regardless, there are plenty of other encryption apps around for every OS. By running any Opensource app, you are essentially relying on a community of volunteers to do all coding, de-bugging, security updates, ect, and as dedicated as the devs may be, their budget pales in comparison to Apple's. Even then, all software (Vidalia/Tor included) has it's vulnerabilities. [GPG being (hopefully) still the exclusion to the rule].

For example, full-disk encryption is now standard with the release of Lion for OSX and it's updated FileVault. Additionally, you can create a 256-bit AES encrypted diskimage, ect, using DiskUtility (similar to TC, without the hidden-volume option). Although Apple software is not Opensource, you are essentially running the same risk, to an extent. Yet we all still have the option to run third-party software like Thunderbird, TBB, and a variety of encryption apps. Yet I would imagine Apple would need far more pressure than the creators of TC to build a standard back-door for LE, being a publicly traded, global corporation, whose software is distributed to a very dedicated, world-wide, customer base. If Apple were found to be misleading it's customers in such a way, it would certainly send them straight back on the (not so silky) road to bankruptcy. For this reason alone, I trust Apple (somewhat) more in these matters. Considering the team Steve Jobs (RIP) put together at Apple, his long-standing dedication to user privacy, his time at Sun-systems before returning to make the switch to a Unix-based OS, ect, I would find it hard to believe any such back-doors would ever be coded into any Apple software. His vision was to bring a Unix-based, user-friendly GUI to the masses for the future of humanity.

Whether it be TC, or any app, OS, what have you; governments world-wide will always be outsourcing third-parties companies to jack, crack, and hack code to or from anywhere they may choose. As soon as your OS of choice is running (or even powered down) you are vulnerable to software/hardware key-loggers, trojans, and viruses of all sorts. No one, and no app, is ever 100% safe. Even GPG is vulnerable if your private keys are not properly secured, and even then only as strong as the passwords you use to protect them.

Your best bet is just to research, research, research. Use a Unix-based OS and software that is actively being maintained, updated, and reviewed by a dedicated community. And DO NOT believe everything you read, ESPECIALLY here!

Later...

☀ℇɣểἠ℉℧ℜƮℍƺ℞☀

Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: hel on June 11, 2012, 03:36 pm
wow,  thanks for the extensive reply ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀! This is really a noob-friedly place, best forum on computer security (that I can understand) that I've ever seen. Instead of being told to read more, get lost, ..., one gets a well thought out and easy to understand reply, how cool. And you sure know more about all this than me.

Eh, it will compromise my anonymity, but I'll share what I've done so far, which is imo doable for anyone that can use a computer but never bothered to think about what it actually does. And I could be anywhere, you know...

Maybe it helps someone else researching this place, as a starting point.

So: hel's NOOB ATTEPT AT SECURELY USING SR WITH A MAC
My other computer is a Mac  - Snow Leopard, too old for Lion unfortunately. New computer was a bit exaggerated before lol. In the beginning I just used the Tor browser bundle without any additional security measures. I guess that's what many do. Then I started reading here, HD has been wiped and OS newly installed since.

I then created the Live CD, not a USB stick, because I was sceptical about installing reFIt as I read their warnings on their page. Didn't want to wreck my computer because of ignorance. So no liberte for me either.
I didn't REALLY have to save stuff, it was just a hassle importing the same keys all the time for PGP.
I just switched to the windows laptop because I was asked for my public key a few times and obviously you can't store a keypair in the RAM/CD... neither on an unencrypted USB stick, webmail, whatever.
And yeah, TAILS is just slow and I'm an impatient type so it pissed me off at times :)

I'll take a look if TAILS has its own encryption software to use for a USB stick later. Gosh why didn't I do this earlier? Should be one there right?

And you're right, in the end it's really just a decision about whom you trust, liberte/TAILS/Apple/the cloud, especially if you're not tech-savvy. Then it's all just a black box, take the risk, yet try to minimize it, and tell yourself you won't go crying if it wasn't enough and you get in trouble.

For now I think it would just look best, if shit really hit the fan, when you have an innocent unencrypted computer in your home like "everyone" and hide the Live CD and USB somewhere if not needed. Even though having TAILS and encryption is not even evidence in itself.
But you just want to play the "Help, police? DEA??!!?? Drugs??? WTF? I'm confused, do I need a lawyer, yeah I'll call someone to help me... I don't even get what you want from me??" game, right?

So now I posted too much information about me, but I think that there are not so many posts about Mac security here so I hope it helps someone maybe.

As I found SR I really really wanted it to thrive, because I believe in personal freedom and with that comes that using drugs should not be a crime! If you even want to call it that, and most on here certainly don't: it's at most self-harm, so now why punish that?

War on Drugs, lol, it's a modern day witch hunt! And witchcraft is what theiy're getting with this place as far as I'm concerned.

And about that "unless you're being ... a drug user", you do realize that this is a drug sourcing board right? ;)

hel
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: kmfkewm on June 11, 2012, 05:07 pm
Just ignore oscar he is either a troll or a law enforcement disinformation agent. Nearly everything I have seen him say about computer security is a flat out lie.

In regards to the FBI not being able to break Truecrypt but Bruce Schneier being able to, they are referring to two totally different things. Bruces team didn't decrypt encrypted Truecrypt partitions, they found a way  to show the presence of hidden partitions via operating system and application level leakage. Totally different. Nobody can directly break Truecrypt, including the NSA. The only way around it is to steal the key somehow or exploit application or OS leakage.

The key is of course stored in RAM and the crypto system is vulnerable to various forms of attack while it is mounted.

I am not sure what secure virtual memory is, maybe encrypted SWAP? Encrypted SWAP can help protect you from the key leaking to the drive from memory, although in a FDE configuration your SWAP is encrypted already anyway. But it will not protect you from the RAM freeze attacks. Your best bet against those is to use encapsulation material and a chassis with intrusion detection features that you configure to shut down into a memory wipe. If LE want to bypass Truecrypt and they know that you are using it they will have a pretty easy time to do so, but if they have a powered down machine with a Truecrypted drive and you used an even half decent password, they are going to be completely out of luck.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: oscarzululondon on June 11, 2012, 09:20 pm
Just ignore oscar he is either a troll or a law enforcement disinformation agent. Nearly everything I have seen him say about computer security is a flat out lie.

In regards to the FBI not being able to break Truecrypt but Bruce Schneier being able to, they are referring to two totally different things. Bruces team didn't decrypt encrypted Truecrypt partitions, they found a way  to show the presence of hidden partitions via operating system and application level leakage. Totally different. Nobody can directly break Truecrypt, including the NSA. The only way around it is to steal the key somehow or exploit application or OS leakage.

The key is of course stored in RAM and the crypto system is vulnerable to various forms of attack while it is mounted.

I am not sure what secure virtual memory is, maybe encrypted SWAP? Encrypted SWAP can help protect you from the key leaking to the drive from memory, although in a FDE configuration your SWAP is encrypted already anyway. But it will not protect you from the RAM freeze attacks. Your best bet against those is to use encapsulation material and a chassis with intrusion detection features that you configure to shut down into a memory wipe. If LE want to bypass Truecrypt and they know that you are using it they will have a pretty easy time to do so, but if they have a powered down machine with a Truecrypted drive and you used an even half decent password, they are going to be completely out of luck.

People should ignore me and listen to you, when you've just admitted that you don't even know what secure virtual memory is?

I am not sure what secure virtual memory is, maybe encrypted SWAP?

You're a liability. Giving people incorrect information and putting them at risk. A SWAP file is completely different from your virtual memory. You shouldn't advise people on things you don't understand.

Although in your defense, you did detail one correct method for law enforcement to gain access to an encrypted TrueCrypt partition or container, but by no means the only method.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: kmfkewm on June 11, 2012, 11:13 pm
Hm, just looked up 'secure virtual memory', and as I imagined it is the Macintosh brand name for 'encrypted swap space'. Windows calls it  'paging files'. So 'secure virtual memory' is indeed Macintosh slang for 'encrypted swap space'. Sorry I don't use a Mac so I don't know the Mac slang, but I certainly know what swap space is and as a matter of fact I correctly guessed that what they call secure virtual memory is what linux people call 'encrypted swap space'.

http://support.apple.com/kb/PH4282
Quote
Secure virtual memory encrypts data being written from random-access memory (RAM) to your hard disk. Secure virtual memory in Mac 10.7 Lion is always on, which eliminates possible security risks when swapping data between your hard disk and RAM.

Your computer’s random-access memory (RAM) contains no information when your computer is turned off. Modern computers use virtual memory to eliminate some problems formerly caused by limited memory. Virtual memory swaps data between your hard disk and RAM. If this data is unencrypted, this provides a possible security risk because sensitive information contained in your computer’s RAM would be written unencrypted to the hard disk in virtual memory and remain there until overwritten.

Sure sounds like encrypted swap space to me. Anyway thanks for proving that you are a troll in a single post.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: oscarzululondon on June 12, 2012, 12:24 am
Hm, just looked up 'secure virtual memory', and as I imagined it is the Macintosh brand name for 'encrypted swap space'. Windows calls it  'paging files'. So 'secure virtual memory' is indeed Macintosh slang for 'encrypted swap space'. Sorry I don't use a Mac so I don't know the Mac slang, but I certainly know what swap space is and as a matter of fact I correctly guessed that what they call secure virtual memory is what linux people call 'encrypted swap space'.

http://support.apple.com/kb/PH4282
Quote
Secure virtual memory encrypts data being written from random-access memory (RAM) to your hard disk. Secure virtual memory in Mac 10.7 Lion is always on, which eliminates possible security risks when swapping data between your hard disk and RAM.

Your computer’s random-access memory (RAM) contains no information when your computer is turned off. Modern computers use virtual memory to eliminate some problems formerly caused by limited memory. Virtual memory swaps data between your hard disk and RAM. If this data is unencrypted, this provides a possible security risk because sensitive information contained in your computer’s RAM would be written unencrypted to the hard disk in virtual memory and remain there until overwritten.

Sure sounds like encrypted swap space to me. Anyway thanks for proving that you are a troll in a single post.

Swap space is just one aspect of virtual memory.

http://en.wikipedia.org/wiki/Virtual_memory

Just because you've found a gold nugget doesn't mean you've found a whole gold mine. You have a very typical Windows way of thinking. You should try using a GNU / Linux or BSD Linux OS for a few months.
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀ on June 12, 2012, 02:42 am
My other computer is a Mac  - Snow Leopard, too old for Lion unfortunately.

If you can run SL you (should) be able to run Lion. Did you attempt to 10.7 install from a torrent? If so, perhaps try a different torrent. It took a few before I could find any that would work properly for either SL or Lion.

Quote
I was sceptical about installing reFIt as I read their warnings on their page.

I haven't had to use refit since 10.5. You should be able to boot from USB using SL or Lion. Simply hold down the [option] key when booting. All connected bootable drives should pop up. Pick the one you would like to boot your Mac...and walla!

Quote
I was asked for my public key a few times and obviously you can't store a keypair in the RAM/CD... neither on an unencrypted USB stick, webmail, whatever.

If you are comfortable using OSX, You can run a fully stripped down version of SL/Lion from a 16Mb flash drive without much noticable difference in speed, leaving no trace on the host computer, just like Tails/Liberte, ect. A 32 Mb card would likey be even faster, and you probably wouldn't have to worry about stripping down the OS. Either way, this way you can just store everything on one drive if your not bothered to run a LiveOS.

When installing, choose "Customize, and uncheck everything except for [Essenstial System Files], which you can't uncheck anyways. Once installed, trash every non-essential App. iTunes, iMovie, ect. Keep TextEdit and other things you will likely need. Then create a 500Mb encrypted disk image using DiskUtility and put TBB, Thunderbird, GPG keys, personal files, ect there. (I would recommend using separate, cheap 4Mb drive to store (at least) your private keys on. But that's just me.) But title your encrypted disk image something generic if you like, hide it somewhere deep. Use multiple accounts to make things even harder to find if you like (or for other fun things as well.). Using multiple flash drives/SD cards is a good way to ensure is they ever find one, you can make sure it's useless without the others. Make sure you back them up regularly as well (as most of us have likely learned the hard way as some point).

Quote
For now I think it would just look best, if shit really hit the fan, when you have an innocent unencrypted computer in your home like "everyone" and hide the Live CD and USB somewhere if not needed. Even though having TAILS and encryption is not even evidence in itself.

Keeping everything on flash drives leaves you just that. A nice clean home computer. Hiding a LiveCD in a huge CD collection is a good idea. You'd have to be pretty important for them to go looking thru every CD for hidden volumes. Especially if it professionally labeled and blends in. You could also keep a volume on your iPod, ect, ect. Mix all of those things together, and they'll have a lot of fun piecing together just about 'anything'. :)

Quote
So now I posted too much information about me, but I think that there are not so many posts about Mac security here so I hope it helps someone maybe.

There are plenty of posts here about Mac security. You just have to search, dig, and search some more. This one is good for setting up Thunderbird with GPG:

http://dkn255hz262ypmii.onion/index.php?topic=8235

However, (and I think I'll post this in the tread as it can very easily be overlooked as it's not part of the OP's post, but deep in a reply to the thread. Tormail doesn't mention it on their website either, and I know more than a few Mac users that were ripping their hair out over this very small (but essential) detail.

Every time you start Vidalia it connects to a different SOCKS port. So each time you want to run Thunderbird with Tormail, you have to go into Torbrowser Preferences -> Advanced -> Network -> Settings. Copy the SOCKS Host port number.

Then open Thunderbird (w/ Enigmail). Open Preferences -> Advanced -> Network & Disk Space -> Settings. Then Paste the SOCKS port number from TorBrowser into the SOCKS Port in Thunderbird.

It might sound complicated, but it literally takes 30 seconds once you have it figured out, and you only have to do it once per session.

Changing your MAC address is good idea as well if you want to ensure your home computer stays 'clean' and leaves no trace on any routers you may connect to. You might have to use Terminal, but luckily once you type the commands once, and you otherwise don't use Terminal, you can just use the ''up' cursor key to switch between previous commands, change the numbers in your MAC address, ect. The specific commands are in a post someone around. Just search.

Quote
And about that "unless you're being ... a drug user", you do realize that this is a drug sourcing board right? ;)

What!?! Holy shit! I'm outta here!!

Uhh....drugs are bad....mkay?

------------------

[Edit:] oscar: With 10.7, Lion does auto-encrypt swap space by default. A "Secure virtual memory" box isn't even an option to check or uncheck. You have to use command line to even disable it::

http://tech.serbinn.net/2011/disable-secure-virtual-memory-on-mac-os-x-lion-10-7/

And I do believe kmf knows a thing or two about Linux/BSD, ect.

Later...

☀ℇɣểἠ℉℧ℜƮℍƺ℞☀


Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: kmfkewm on June 12, 2012, 04:08 am
Hm, just looked up 'secure virtual memory', and as I imagined it is the Macintosh brand name for 'encrypted swap space'. Windows calls it  'paging files'. So 'secure virtual memory' is indeed Macintosh slang for 'encrypted swap space'. Sorry I don't use a Mac so I don't know the Mac slang, but I certainly know what swap space is and as a matter of fact I correctly guessed that what they call secure virtual memory is what linux people call 'encrypted swap space'.

http://support.apple.com/kb/PH4282
Quote
Secure virtual memory encrypts data being written from random-access memory (RAM) to your hard disk. Secure virtual memory in Mac 10.7 Lion is always on, which eliminates possible security risks when swapping data between your hard disk and RAM.

Your computer’s random-access memory (RAM) contains no information when your computer is turned off. Modern computers use virtual memory to eliminate some problems formerly caused by limited memory. Virtual memory swaps data between your hard disk and RAM. If this data is unencrypted, this provides a possible security risk because sensitive information contained in your computer’s RAM would be written unencrypted to the hard disk in virtual memory and remain there until overwritten.

Sure sounds like encrypted swap space to me. Anyway thanks for proving that you are a troll in a single post.

Swap space is just one aspect of virtual memory.

http://en.wikipedia.org/wiki/Virtual_memory

Just because you've found a gold nugget doesn't mean you've found a whole gold mine. You have a very typical Windows way of thinking. You should try using a GNU / Linux or BSD Linux OS for a few months.

how is this for the gold mine?

http://osxdaily.com/2010/10/08/mac-virtual-memory-swap/
Quote
Mac Virtual Memory – What it is, the Swap Location, and How to Disable Swap in Mac OS X
Oct 8, 2010 - 23 Comments

     
     

mac virtual memory I was asked recently about the Mac OS X swapfile, specifically how to disable Mac OS X swapping entirely. I decided I will take this opportunity to talk a bit about Mac virtual memory (swap), it’s location in the Mac file system, and also to explain how to disable it.
Mac OS X Swap aka Virtual Memory

You may recall that in older versions of Mac OS (OS 8 and 9) you could manually disable swapping, then called Virtual Memory, by just adjusting a setting in the Control Panels. Mac OS X is a bit different because it’s built on top of a unix core which relies heavily on swap files and paging for general memory and cache management. Because of this, swap is actually more important now than it was in prior versions of Mac OS.

Basically when your Mac needs memory it will push something that isn’t currently being used into a swapfile for temporary storage. When it needs accessing again, it will read the data from the swap file and back into memory. In a sense this can create unlimited memory, but it is significantly slower since it is limited by the speed of your hard disk, versus the near immediacy of reading data from RAM.

If you’re curious, you can check Mac OS X’s virtual memory usage using the ‘vm_stat’ command, or by using the Activity Monitor (often erroneously called the Mac task manager by Windows converts).
Mac OS X Swap File Location

If you’re curious where the swap files are stored on your Mac, they’re located at:

/private/var/vm/

This directly also contains your sleepimage file, which is essentially what your Mac has been storing in memory prior to system sleep. This file is read again when you wake your Mac up to return to it’s previous state. Anyway, back to swap files in the same directory: they are named successively swapfile0, swapfile1, swapfile2, swapfile3, swapfile4, swapfile5. You can see them for yourself with the following command:

ls -lh /private/var/vm/swapfile*

The swapfiles are generally staggered in size, ranging from 64MB to 512MB.
Disable Mac OS X Paging / Swap

Caution: I would highly recommend against modifying how Mac OS X handles memory management and swap files. Unless you know exactly what you’re doing and why, this is not a recommended adjustment. Again, if you don’t know what you’re doing, do not mess around with Mac OS X’s swapfiles or paging ability!

In the Terminal, enter the following command. This will unload the dynamic pager from the Mac OS X kernel:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

Again, this completely disables the Mac OS X paging ability, do not mess around with this for fun.

Your next step would be to remove the swapfiles that are currently stored, they are generally pretty large (it is your virtual memory after all) and take up a fair amount of disk space.

sudo rm /private/var/vm/swapfile*

That’s all there is to it.

Virtual memory apparently has several different definitions. Apple uses the term "secure virtual memory"  synonymously with the more linux sounding term "encrypted swap space"
Virtual memory does include more things than just swap, and it seems like at least some people think virtual memory is not an appropriate term to use interchangeably with swap space
but that is how it is being used by Apple. Some of the things called virtual memory have absolutely nothing to do with swap space, and some people think that these things should continue
to be called virtual memory, while swap space should be called swap space.

So although in a way you have a point, in practice  you are still wrong and a dumb fuck, because as Apple is using the term "secure virtual memory" it means "ENCRYPTED SWAP SPACE" which is what I guessed it to mean
despite never hearing encrypted swap space called "secure virtual memory" before, so in summary go fuck yourself.

ps: BSD isn't linux, shouldn't you know that before you have the freebsd mascot as your avatar?
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: hel on June 13, 2012, 09:49 am
Thank you ☀ℇɣểἠ℉℧ℜƮℍƺ℞☀  for putting so much effort in the answer. Now I'll be going to do more research. This is so much fun actually.
That is the last off-topic answer, now you can go back to discussing advanced stuff w/o distraction :)
hel
Title: Re: TrueCrypt, Misinformation & OSX protection from RAM freezing?
Post by: wakannabi on June 14, 2012, 10:30 pm
So I think the final questions are...
 Can we trust truecrypt? 
 Can we trust LUKS?
 Can we trust filevault?

I'm talking about backdoors not considering "maid" attacks or even brute force attacks (considering the passphrase is strong enough)
For example maybe a combination of some encryption forms would be the best bet.

Imagine having a windows fully encrypted with TC and then the info inside encrypted with GPG with a different password.

1- Under linux (liberte) the only encryption method is LUKS correct?
2-GPG does not support full disk encryption so we would have to encrypt the folder with the documents. This is dangerous because we can leave evidence in the memory even after encrypting the folder right?

I would really like to see an almost 100% secure method of encryption discussed by the IT experts in here so it can be used by those who really do not know who to trust.

Thanks for the informative posts so far and the healthy discussion

waka