Reply
Thread Tools
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#71
Ya, I put them in a startup script in /etc/init.d I think so that they install at every boot.

BTW sorry for the lack of updates, but has anyone tried either EasyCrypt or TC5.1a in Diablo yet? I've been working on some other stuff and haven't gotten around to trying a Diablo upgrade on any of my IT's yet.
__________________
http://www.securix.net
http://www.prog.fm
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#72
Just be careful because EasyCrypt does not yet check if you're using an N800 or N810 and does not hide the fact that the N810 only has one mmc slot - and will show options for both slots regardless.

Hopefully people will find all this stuff useful. Please drop me a line with any questions, bugs, etc....
Just wanted to mention to anyone who read this and said "HUH?" that since I now have an N810, I can see that the device does indeed have an "internal" flash and an external slot, represented by the same /dev/mmcblk0 and blk1 device names. So this should work exactly as with the N800.

It just won't check if the card is actually inserted...that's the same as the N800 but for both card slots.

Sorry if I confused anyone before
__________________
http://www.securix.net
http://www.prog.fm
 
Posts: 21 | Thanked: 6 times | Joined on Apr 2008
#73
I've already put the insmods in a startup script and that works fine.

There was no confusion with the device names.

I do find that, after using EasyCrypt to mount the volume on /media/mmc1/secure, I then have to mount the partition separately using: mount /dev/mmcblk1p2 /media/mmc1/secure. This is because, when I try to mount a volume in EasyCrypt, choosing the device doesn't work for me - I can only do it by opening the crypt.tc file. It doesn't sound quite like your notes suggest, but it's working.

The other problem I still have is that, if I try connecting the N810 to an XP box via USB and then try to mount the drive using TrueCrypt, it gives me a blue screen of death on XP. The only way round this is to mount the volume on the N810 and then use WinSCP to get the data.

Paxton

P.S. Still using TC 4, cos I'm not brave enough
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#74
Originally Posted by Paxton View Post
I do find that, after using EasyCrypt to mount the volume on /media/mmc1/secure, I then have to mount the partition separately using: mount /dev/mmcblk1p2 /media/mmc1/secure. This is because, when I try to mount a volume in EasyCrypt, choosing the device doesn't work for me - I can only do it by opening the crypt.tc file. It doesn't sound quite like your notes suggest, but it's working.
Can you give me a little more info on how you have EC configured and how you formatted your card's partition (external reader on a PC, internally using command line TC)? If I can replicate what you're seeing, I can try fixing it for the next release.

The other problem I still have is that, if I try connecting the N810 to an XP box via USB and then try to mount the drive using TrueCrypt, it gives me a blue screen of death on XP. The only way round this is to mount the volume on the N810 and then use WinSCP to get the data.
Wooh, haven't tried that. What version of TC are you using on your XP box? Have you tried mounting an SD card formatted in TC using an external card reader?
__________________
http://www.securix.net
http://www.prog.fm
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#75
Originally Posted by Paxton View Post
P.S. Still using TC 4, cos I'm not brave enough
Or maybe you are? TC <= 4 (CBC mode) and 4.1 < 5.0 (LRW mode) contains known vulnerabilities. I suggest you upgrade to at least 5.0 which supports XTS mode. These later versions of TrueCrypt dropped support for earlier modes, if I remember. I'm not sure if its only for creating new, or reading/writing older images too.

LUKS + dm-crypt might also be an option. Its GPL and compatible with FreeOTFE provided your OS has a driver for the filesystem. Ext2 drivers exist for Windows.
 
Posts: 21 | Thanked: 6 times | Joined on Apr 2008
#76
I have an 8MB vfat partition on the external memory card and the rest set up as an ext2 partition. I used GParted on Debian to set these up, but had to do a mkfs.vfat to format the small partition, as GParted doesn't have that option.



I just checked on the TC on my XP box and that is 5.1a, so I need to get them both up to 5 to avoid the blue screen problem. I am using Ext2 IFS on XP btw.

Thanks for that - I will upgrade to TC 5 when I get a chance.
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#77
Originally Posted by Paxton View Post
Thanks for that - I will upgrade to TC 5 when I get a chance.
Truecrypt 6.0 (and 6.0a shortly after) was recently released, which I just used to do full drive encryption for my new Acer laptop running (aghh) Vista.

Seems to work nicely and now has the ability to hide the real OS and create a decoy OS. So if you are ever forcibly coerced to boot the OS, based on the password you issue at the pre-boot screen, you can boot the decoy and not reveal the real OS.

I'll try to recompile 6.x for Diablo soon and see what happens
__________________
http://www.securix.net
http://www.prog.fm
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#78
Plausible deniability broken in non-full disk encryption. Glanced a bit through it; doesn't seem rocket science, but something to keep in mind. 6.0a might fix some of the described issues.
 
Securix's Avatar
Posts: 107 | Thanked: 26 times | Joined on Jan 2008 @ New Jersey
#79
Ok I've compiled 6.0a for Maemo and tested with Chinook. Gotta get off my arse and install Diablo and test on that too.

Running in Chinook seems to work ok but generates some warnings about using a pre-2.6.24 kernel and also that opening a container made with any TC prior to 5.0 may exhibit poor performance.

TC6.x now has the ability to load balance the encryption overhead across multiprocessor/multicore systems. Guess N8x0 users don't need to worry about that for now. Definitely seems to make a difference on my Core2Duo laptop though.

I have posted the binary on my web site.

http://www.securix.net

If you test it, let me know how it goes....
__________________
http://www.securix.net
http://www.prog.fm
 

The Following 2 Users Say Thank You to Securix For This Useful Post:
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#80
Great!

I'm not using this program myself (yet).

Maybe its easier (read: faster on CPU, resource wise?) to have an encrypted storage online on a server, and use VPN, SSHFS or such to access it (preferably with SSH keys, or S/Key or OPIE). This way, there isn't much to lose when the device is lost either, and furthermore there is no need for plausible deniability. I'm not trying to belittle your work, just stating a possible alternative
 
Reply


 
Forum Jump


All times are GMT. The time now is 18:52.