TrueCrypt - Free open-source disk encryption software for Windows Vista/XP, Mac OS X,

I'm not sure if this has been mentioned yet but anyone in a high risk situation should consider options such as full disc encryption to protect themselves.

http://www.truecrypt.org/

Just thought I'd point out that TrueCrypt does not protect you against the "gun to the head" or "taser to the balls" attack.

So, if MOIS or the Basij really want you to give them your encryption key, you can bet your balls (literally), that you will.

It will however, prevent acquired data from being decrypted if you say, drop a USB key or cd-rom somewhere, and if you do it right, it might look like a corrupt or blank drive -- which is probably the only way you'd get out of that situation.

^^ Might want to read the TrueCrypt docs a little closer.

Agreed, please read the documentation.

Actually it does. In one mode you can have TWO passwords. One password will decrypt to decoy porn video files (for example). The other give you the real files you are hiding. Nobody can tell if the file/disk are encrypted by Truecrypt, and if there are one or two passwords. [But then you may get taser twice even if you have only one password.]

The same thing goes for the whole OS, the real one and a decoy one. It should be somewhere in the above instructions or elsewhere.

It's also a good way to archive encrypted video and pictures, then burn the whole virtual disk into a CD or DVD. You can watch individual videos straight from the DVD after entering the key. To your enemies, they are just a stack of badly burnt DVD's, totally wasted.

I'm aware of that. And they'll ask you to present the extra key as well. They're not retarded.

And if you don't (or if there isn't a hidden alternative volume)... well... wrong answer.

this isn't much, but just incase anyone doesn't realize this....

it's probably really dumb to download truecrypt without going through a proxy. for one, MOIS could easily catch the outbound connection, and for two -- they could replace the truecrypt download with one that has some additional payload (e.g., virus, keylogger, whatever).

Tech aside, if you think "plausible deniability" is a protection against torture, you need to get out of you ivory tower and have a look around.

After a few hours of hanging upside down or a few rounds of WHERES THE INFORMATION?! BZZZT! AAAAAAAH, you're actually rather likely to want to tell a whole lot of people about your second "secret" partition.

Relatedly, you may be able to imagine what happens when they decide you probably have three such hidden partitions, not just two...

Okay, sure, plausible deniability isn't going to protect you from determined torture. But, as we've learned from Gitmo, Uzbekistan, and elsewhere, NOTHING will protect you from that. You could hand over all your information of your own accord and they will still torture you, just for kicks. That's how torture works.

In any event, if it's information that's better off being lost than falling into the hands of the authorities, booby trap your hard disk with thermite.

stop trolling and register.

When talking about apple and oranges, "protect against" could mean "might help". The point in thread is to hide your tracks, so you are not targeted in the first place.

Encryption is pretty widespread, or should be, some small high capacity portable USB drives come with it to guard against lost. These software should not be seen as having something to hide. Truecrypt can also be "installed" into portable drives, leaving no trace in the main computer, except for the encryption drives.

Transparent and on-the-fly means like logging in to see your files, logging out and they are gone. The files are always encrypted on disk, but transparent to any applications after "login".

I encrypt my private data at work, and protect sensitive company info from theft - admins, cleaners, hackers or someone just walking to my computer while I am having coffee. At home all my backups are encrypted, in older hard drives, DVDs or online storage. The things that I don't want my kids to see are encrypted, so they won't accidentally the whole thing while I'm having coffee.

My firefox profile is encrypted, so I can use all different long passwords and user names, remembered by firefox, but securely encrypted when power is off. It's also the reason I don't encrypt whole drives, when everything is exposed during power on. My family albums are supposed to be all encrypted too because if my computer is stolen or the whole drive copied online by hackers, there should not be any identifiable information.

Hidden volumes

The point of the hidden volumes is to keep authorities from knowing the data is there. They aren't going to blow your brains out for not giving you a password they dont know exists. They also don't know at that point whether you wiped the drives or not.

And seriously... you can use the CRC checksums to determine whether your download matches the one on the website or not.

Agreed, The reality is if you are going to get tortured you are going to get tortured regardless. Encryption is used to protect your data so that someone else will not get caught and minimize any evidence against yourself.

Not sure about the thermite thing though

I wouldn't bet on it. It's not like they value human life to begin with.

Best plan is to not be detected having it.

Then again, that is arguably almost trivial, given that the basij are just axing computers. But the point is, if you're going to pass around data on CDs/DVDs/Flash drives, then pass them around encrypted. You'll get tortured or beaten regardless, but at least you won't screw others.

Nothing prevents them from setting up a fake truecrypt.org mirror, with a modified checksum.

The whole checksum thing assumes you have the right checksum information to begin with.

This is why you need to use a proxy to get it.

keyfile

why don't you use a keyfile, store it on floppy/usb/cd and then destroy that in case of danger?
if you do you can say: the key was there, I destroyed it, I can give you password but it's useless.

This won't stop them hating you, but protects the encrypted content, locking it forever

That's useful thinking. In the "free" world, when you pull the plug from the computer, the secrets are safe with you - Truecrypt never maintain any unencrypted copy on hard disk. But this is not the case in some countries. Tiny camera cards such as SD cards are quite handy, together with USB card readers. You can cut it up with scissors (?), light it up with a match (?) or just possibily swallow it. But you can always argue that they will ask for your backup copy and all that. If they don't believe you, nothing helps.

If you use Truecrypt from USB/SD, there should be no trace on your computer except the encrypted volumes and files that are supposed to look like random data.

Truecrypt is about affordable security - it's like log in and log out without too much effort to keep your data safe, from a small file to the whole computer.

If you really want to hide your encrypted files, there's nothing to stop you but time and effort. How many junk files do windows have? Too many. Pick some temp junk files on your computer that contains random data, best without identify headers. Create a virtual disk with file name and size similar to those junk.

One practical way is to hide your virtual disk file inside a picture, or picture albums. The virtual disk or albums can of course be stored in an online anonymous account.

Micro SD caed

Micro SD flash cards can be hidden most anywhere. Just for fun, I loaded FreeBSD with enigmail and other programs on one. You have to have a computer with USB 2, so you can boot it, and it's slow to load, but with a 4GB flash, I still had about 3GB of usable storage left. The boys can search your computer forever and find nothing.

With truecrypt, inside of the hidden volume you can hide another file with a public and private password, and inside of that file, you can hide another encrypted file, and this can continue on infinitesimally. The only limit is patience.