| Author | Message | ||
     winhexfan Username: winhexfan Registered: N/A |
Hi Stefan I tried to post these links for you some time ago on this thread, http://www.x-ways.net/winhex/forum/messages/6/1754.html?1153047245 but I was unable to post there. I understand you had difficulties with spammers so I am pleased to see that the forum is working as normal again. http://en.wikipedia.org/wiki/Blum_Blum_Shub http://www.burtleburtle.net/bob/rand/isaac.html http://www.cs.hku.hk/~diehard/cdrom/diehard.zip The links are in relation to the following request. I understand this feature request is not your main concern with WinHex but it would make a nice feature enhancement. Also I believe it may bring new customers to your program. There is a free and open source program called Truecrypt which has the interesting feature of plausible deniability. What this means is that a user is able to have an encrypted disk in their possession and plausibly deny that it is an encrypted volume as there is nothing to distinguish it from a randomly filled drive. The only real problem with this great feature is that there are very few reasons someone would “plausibly” have a disk or drive filled with truly random data. Eraser 5.7 has a random wipe feature but this leaves the file system intact so it is of no use to Truecrypt users. DBAN also has a random wipe feature and it does wipe the file system but unfortunately it follows this random wipe with a zero wipe. So the user may unwittingly not know of this second zero wipe and try to use DBAN as their plausible deniability excuse. This of course won’t be a useful excuse. I do understand however that the author (Darik) may disable this second zero wipe in future releases but until then DBAN is no good for Truecrypt users. So as of this point in time there isn’t really much in the way of plausible deniability. This is where I believe WinHex could jump in and take advantage of this situation. If you had a CSPRNG good enough to pass Die Hard then I think you could market your program towards Truecrypt users and security conscious people. This would enable Truecrypt users to use not only hard drives but floppies and USB drives too. WinHex can wipe all these items with a CSPRNG so all the Truecrypt user has to say is that the simply wiped the drive in question with the best hex editor in the world, WinHex ! Great ! Also you could push the CSPRNG capabilities of WinHex’s deletion in your marketing and advertising. We are living in a security aware time just now and you could be the first to promote yourself. You cold offer a truly secure deletion option with this CSPRNG and attract two sets of people. The Truecrypt users and the security aware looking for a very secure deletion utility. Most people are becoming aware that a good CSPRNG is much better at wiping modern hard drives than any of the ultra paranoid voodoo 35 pass nonsense wipes anyway. I do understand that this is not really what WinHex is all about but I believe many people will be attracted to WinHex if you should choose to add this feature. I am not a programmer and so it is all very easy for me to say but as far as I understand many of the best CSPRNG are actually free and open source. I have been told that it is very nearly quite literally a copy and paste job to implement these CSPRNG’s into existing software. This sounds a little simplistic to me but you will know better. So I hope you will at least consider this feature request. I am certain if you should take the time to implement it that your program would gain many more customers and I hope much more revenue for you ! :o) Good luck and thank you for WinHex its great as it is but it could be just a little better ! Dave. | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
You are suggesting a cryptographically sound pseudo-random number generator instead of the current conventional pseudo-random number generator? OK, should be possible to implement some time. > Most people are becoming aware that a good CSPRNG is much > better at wiping modern hard drives than any of the ultra > paranoid voodoo 35 pass nonsense wipes anyway. Sorry, I don't understand why overwriting a hard disk with a CSPRNG once could be more secure than with conventional pseudo-random numbers once. | ||
| winhexfan Username: winhexfan Registered: N/A |
Hi Stefan “You are suggesting a cryptographically sound pseudo-random number generator instead of the current conventional pseudo-random number generator? OK, should be possible to implement some time.” That would be very cool. Thank you ! :o) Ha ha I write a whole page and you sum it up in one sentence ! :o) I just thought if I made my case strong enough showing why I am asking for it and why it may also be beneficial to WinHex and provide links then you may consider my request more favourably. Fortunately it seems to have worked as you are at least considering it. Great ! “Sorry, I don't understand why overwriting a hard disk with a CSPRNG once could be more secure than with conventional pseudo-random numbers once.” I am no expert in this but I will have a go at answering it. This is all very paranoid of course but this seems to sell products these days. Please remember though my reason for asking is to give Truecrypt users a plausible excuse. WinHex’s selling point about all this will be that it is a more secure wipe / data deletion than any other hex editor. Just another reason to use WinHex instead of any another hex editor ! As you are referring to this: “Most people are becoming aware that a good CSPRNG is much better at wiping modern hard drives than any of the ultra paranoid voodoo 35 pass nonsense wipes anyway.” The comment above was simply pointing out that the Guttmann 35 pass overwrite many products advertise as super secure is overkill. Even Peter Gutmann himself doesn’t think it is necessary now modern hard drives are more common. Apparently the 35 pass method was to address poorly aligned heads on old disks. So as far as I can tell the new and less paranoid thinking is that wiping a hard drive or whatever with random data is probably sufficient nowadays. I believe in theory that should a user delete or overwrite their hard drive using a predictable pattern say zeros for example that it is thought possible for a very wealthy adversary to be able to recover the data that lies beneath using an Electron Microscope. As I said all very paranoid but paranoia sells ! So to take this example to its extreme a predictable PRNG may give an adversary a slight theoretical advantage when trying to recover data from an overwritten drive using a single pass. As I said before this is over the top paranoid and you are quite correct when you question the real world advantage of this modification to your program. It’s just that this may help you and Truecrypt users. You can now market your program as having a CSPRNG for extremely secure overwriting, it may be useful for other users who need a CSPRNG for their studies or research and of course Truecrypt users could simply say they used your program to overwrite an unused drive and thus giving them plausible deniability. So hopefully Truecrypt users will show their appreciation for your efforts and purchase and promote WinHex. I would not have asked for this feature if Truecrypt was a commercial product. Having read some of your comments on this forum I see that you are open to reasonable requests if a genuine reason is given for the need for the request. As Truecrypt will not gain financially from your work or even their own I hope you understand there is no other motive for my request other than that of a genuine user. Thanks again for considering this request, you seem to be adding modifications to WinHex like crazy just recently so I do hope you will find the time to squeeze my little request in there soon ! :o) Thanks. Dave. | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
> I just thought if I made my case strong enough showing > why I am asking for it and why it may also be beneficial > to WinHex and provide links [...] That's very good, yes, thanks. > So to take this example to its extreme a predictable PRNG > may give an adversary a slight theoretical advantage when > trying to recover data from an overwritten drive using a > single pass. I don't think so, as the numbers are not secret anyway. They are the readable data on the disk, and whether it is predictable readable data or unpredicable readable data should not make a difference in this scenario. They will overwrite/distort the original data in the same way, namely with pseudo-random new bits. | ||
| winhexfan Username: winhexfan Registered: N/A |
Hi Stefan. Yes I know what you are saying and I do understand that in a real world case there is little to gain from having a CSPRNG over a PRNG. I suppose it is just a theoretical thing. However I was not “really” trying to argue the case for WinHex to have the CSPRNG because it would make deletion more secure I was asking you to consider it so it would help Truecrypt uses mainly. As long as there is a program that wipes a drive with a cryptographically secure random data pass we have plausible deniability. I believe WinHex could be the first to do that and that may bring new users and customers to your product. After writing the first request I then thought that a CSPRNG may be of use to students and the like in their studies. Anyone needing a good random source for their studies or research would be able to rely on their copy of WinHex to provide it. This is another tool that WinHex can boast about with I hope minimal extra work for you to implement it. Actually thinking about it WinHex could advertise that it has all the abilities of Eraser ! If it was possible for you to add the ability to clean the FAT directories as in my very first feature request and also implement the CSPRNG then you virtually have a portable version of Eraser ! A hex editor and security tool in one ! What a great selling point. You see it’s all coming together now isn’t it ! Ha ha. I really do hope you won’t dismiss this feature request because of the minimal deletion benefits of a CSPRNG. There are two other useful reasons to have a CSPRNG, Truecrypt users and students needing a good random source. Oh, I have just thought of another very slight advantage ! Perhaps if a user has or has had encrypted partitions on their drive and uses WinHex with a CSPRNG to delete other data on that drive it may be harder for the adversary to tell where the encrypted volume started and where the pure deletion data begins ! :o) OK I am getting desperate here :o) Please include this request and if you would like me to do some searching for you or anything not too technical just ask. Thanks :o) | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
> I was asking you to consider it so it would help > Truecrypt uses mainly I did understand that. > I do understand that in a real world case there is little > to gain from having a CSPRNG over a PRNG. I suppose it is > just a theoretical thing. No, IMO that should not even theoretically make a difference. | ||
| winhexfan Username: winhexfan Registered: N/A |
Hi Stefan “No, IMO that should not even theoretically make a difference.” Oh,…hmm…I hope I am not loosing my case for a CSPRNG in WinHex am I ? :o( You are really making me work for this feature request aren’t you ? How about the other points I made ? The students needing good random data and the Eraser stuff ? How about the bit where it might make it more difficult for an adversary to search through deleted data to try to find a previously deleted encrypted volume ? Will all that do ? Oh please can we just have a CSPRNG in WinHex I am running out of other reasons to ask for it ? It would sound cool in your advertising ! :o) WinHex the only hex editor in the world with a CSPRNG ! What would really convince you it would be worth implementing ? If I find another reason that it would be a good idea to have a CSPRNG in WinHex would you please implement it ? Please ? :o) How about if I said it made you more attractive to girls ? Just thinking a little more about it, why does DBAN, Eraser and some other commercial disk wiping programs make a big thing about having a secure random wipe with a CSPRNG ? DBAN has just recently added a CSPRNG and I believe Eraser has had one for years ! Surly there must be something in it ? Oh please can we have one ? I am a broken man, I will have to just throw myself at your mercy and beg for a CSPRNG in WinHex. If I am honest I just cannot think of another reason other than the ones I have already given. It would just be very cool if you would, you never know, that bit about the girls might work ! Thanks. :o) | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
> You are really making me work for this feature request aren’t you ? No, you don't have to argue further, thanks. I said should be possible to implement some time (although I did not concur about that secure overwrite aspect), and that hasn't changed. | ||
| winhexfan Username: winhexfan Registered: N/A |
Hi Stefan “No, you don't have to argue further, thanks.” Phew that is a relief ! I was getting a little worried for a while there. I was starting to think that you were going off the idea :o) “I said should be possible to implement some time” That’s brilliant ! Thank you so much I really appreciate it ! I won’t tell people about it yet so they don’t start to pester you which means that you can implement it at your leisure without interruption. :o) “although I did not concur about that secure overwrite aspect” Yes I noticed ! Ha ha, I still wonder why Eraser and DBAN employ it though ? Perhaps it is just sales talk even though they are free ! Anyway thank you so much for saying you will include a CSPRNG sometime. I really do hope you notice some benefits for your efforts. I and many Truecrypt users wish you all the best. Thanks. | ||
| Jens Kirschner Username: admin3 Registered: 4-2004 |
Hi Dave, I do not wish to flog a dead horse here - and as far as the feature request discussion goes, there's a herd of dead horses already - but there are a few things I'd like to ask. Before I do so, I feel I should add that I am on my own free time right now and this is not an *official* post in the name of X-Ways but personal curiosity. As for your requested feature: What difference does it make? I mean, not only will nobody be able to tell the difference between a pseudo-random data wipe and a full encryption on any given hard drive (making the current implementation of random wiping in WinHex already pretty useful for your described purpose) but is it really *that* important? You basically want a tool you would *not use* but which would in theory be able to reproduce the data created by a tool you actually *do use*. You call this plausible deniability but what you mean is you'll be able to believably lie about the question how those data came to be there. This only makes any difference in a police or corporate in-house investigation of some sort, right? Will they really believe you've randomly wiped your hard drives just to have them usable but not actually used? No data anywhere in sight but all your data-storage media just containing randomly wiped sectors? Doesn't sound very plausible to me and we haven't even reached the point of (pseudo-)randomness yet... In addition, the whole point might be plausible, but it's still a lie and depending on the type of investigation you're looking at this might be a felony... Lying to the investigators, I mean. Or worse, in court. Keeping mum is one thing, but then they'll still assume the worst out of habit... ;-) And would even be right. Frankly, having encryption isn't illegal. So denying *that* doesn't even make sense. Denying them access to your data is something different - yet still not illegal. Just don't say anything. If Truecrypt is as good as you assume and if you are using good keys, passwords, or whatever is required to access the data and don't have them lie around, I frankly don't see a point. And if you're not doing anything illegal in the first place, I don't see a point at all... | ||
| winhexfan Username: winhexfan Registered: N/A |
Hi Jens. “As for your requested feature: What difference does it make? I mean, not only will nobody be able to tell the difference between a pseudo-random data wipe and a full encryption on any given hard drive” Even I as someone very new to all this can tell the difference between random data produced by WinHex and Truecrypt. You can try it yourself if you wish by using Die hard. WinHex at the moment fails Die Hard very badly. “You basically want a tool you would *not use* but which would in theory be able to reproduce the data created by a tool you actually *do use*. You call this plausible deniability but what you mean is you'll be able to believably lie about the question how those data came to be there.” Yes that’s right, you are correct. Although I would use WinHex as well. “This only makes any difference in a police or corporate in-house investigation of some sort, right?” If you include evil regimes in third world counties investigating aid workers and reporters etc then yes. “Will they really believe you've randomly wiped your hard drives just to have them usable but not actually used?” At present I have 7 wiped hard drives ( genuinely wiped ) sitting on my shelves. If I buy or receive a second hand hard drive I always wipe it. You just don’t know what they had on it ! I also wipe drives that are not in use so as to prevent burglars, thieves etc from gaining anything from my drives should they ever be stolen. Simply deleting data within windows doesn’t actually remove the data, they need wiping. “No data anywhere in sight but all your data-storage media just containing randomly wiped sectors?” No, the user will have a normal computer operating system. Their usual files and things that are not security sensitive sat on a C drive for all to see. It would be silly to not have some prepared data ready beforehand. “In addition, the whole point might be plausible, but it's still a lie and depending on the type of investigation you're looking at this might be a felony” I wouldn’t consider a humanitarian worker lying to a brutal regime a bad thing or even a lie. I would call it self preservation in order to carry on their work. “Frankly, having encryption isn't illegal.” You have a very introverted view of the world. In other countries encryption is illegal. You seem to have the opinion that you are ok so everyone else must be. There are countries were encryption is illegal. Even worse the countries where people need it most usually have the most severe punishments for employing it ! Privacy should be a right not a luxury. You may learn something from this site. http://rechten.uvt.nl/koops/cryptolaw/ This link explains it very simply. http://rechten.uvt.nl/koops/cryptolaw/cls-sum.htm “So denying *that* doesn't even make sense.” Please see above, you have much to learn about the world around you. “Denying them access to your data is something different - yet still not illegal.” At first I thought your post was a satire or joke about paranoia but I see now that you genuinely don’t understand. It saddens me that you have little comprehension of what is going on around the world. I ask you to please spend a little time researching what happens in other countries other than your own. Some people are doing good work reporting atrocities and human rights abuses which involves them risking their lives. Are you seriously suggesting that they should tell the regime interrogator that they have chosen to not allow them to read their data and everything will be alright ? You have a quite bizarre view of the world. “Just don't say anything.” I assume this is a joke ? “I frankly don't see a point.” You have made that very clear. “And if you're not doing anything illegal in the first place, I don't see a point at all...” This is a very serious allegation you are making against people who use encryption. This tired argument is one that gets dragged out when people have no idea about security. Can I ask you to answer the following please ? Do you not have thoughts that you wish to keep to yourself ? Why do you use encryption when connecting SSL to your bank if you are not doing something illegal ? Would you feel comfortable having your medical records sent via e-mail in plain text ? Do you not mind every admin reading your e-mails you send to your family or friends ? Do you not think it wise to encrypt your financial data ? I think you would feel pretty stupid should your lap top be stolen if you didn’t. Can you really see no other use for encryption other than for illegal things ? Are you accusing the providers of PGP of conspiring with criminals ? I am sure Bruce Schneier and Phil Zimmermann would be appalled to read your accusations ! Here is a good question for people with your view on things. Can I please have a look at your phone records ? You could post them here on this forum. Just the last few days please. I would also like to see all the full phone numbers of all the people you called and all the ones that called you. Also please send me a copy of all your e-mails over the last week or so. If I don’t see them posted here I shall assume you are doing something illegal and you are using the phone and e-mail to accomplish it. You will be deliberately hiding data from me so that must be the actions of a guilty man. Do you see what I mean now ? Also I could beat this argument into the ground all day if we are going to go down the road of what criminals use. I understand bank robbers use cars so we better ban them, how about burglars using torches, screwdrivers etc ? You will very quickly get to the stage where you are going to ban food as all criminals eat !! A very strange argument indeed. This whole plausible deniability feature will simply further enhance security and give our protagonist a chance of a way out. Please don’t deny them that. I don’t mind the fact that you hadn’t thought about this subject much before posting but please don’t contribute to removing an opportunity for good people around the world to avoid imprisonment and torture for trying to do good things. The fact that you made this statement: “And if you're not doing anything illegal in the first place, I don't see a point at all...” ..tells me a considerable amount about your character as I hadn’t considered using it for anything illegal at all. I hope you now understand the importance of my feature request here and maybe you may start to get interested in what is going on around the world. Life is not as easy for some as it is for others, be grateful you live in a nice country but at least give a thought for others that do not. Dave. | ||
| Jens Kirschner Username: jenskirschner Registered: N/A |
To shorten things: I *never* meant to say I don't see the point of encryption! I see that one very clearly! I meant to say I don't see the point of plausible deniability. And, yes, the thought of terror regimes has very well occurred to me, I just did not wish to word that issue right then. Since you did, I will - very shortly - spell out the reason, why plausible deniability still has no point, with those regimes especially: Because, let's face it, they are simply not going to believe you. A regime that is used to assuming the worst from their... um... subjects, will do just that. Having a different theoretical explanation is not going to help you because they will assume you have the data they are looking for, whether you admit that or not. And if you believe you can simply lie to them and say, well, I've got nothing and that scrambled stuff you're looking at is nothing, then... maybe you are the one in need to lose some naivete. I repeat: Encryption is very much necessary, yes, but plausible deniability is only plausible to the extent of your capabilities lying to the one who's asking! I never meant more than that and I hope re-reading my post you can at least accept that I was debating the deniability issue, not encryption as such. | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
WinHex 13.4 will have the ability to wipe hard disk space with pseudo-random data that looks like highly encrypted data (quite fast) and the ability to wipe with cryptographically secure pseudo-random numbers (very slow). | ||
| winhexfan Username: winhexfan Registered: N/A |
Stefan Fleischmann : “WinHex 13.4 will have the ability to wipe hard disk space with pseudo-random data that looks like highly encrypted data (quite fast) and the ability to wipe with cryptographically secure pseudo-random numbers (very slow).” That’s great ! Excellent !! Thank you so much I will spread the word that WinHex now has this very useful feature. Thank you so much Stefan, :o) Dave. |