Re: distinguishing between 'true' computer random data, and steganographic randomness

From: Paul Cooper (p_cooper_at_dsvca.org)
Date: 05/11/05

  • Next message: Paul Cooper: "Re: Cascading different algorithms?" 
    Date: Wed, 11 May 2005 23:48:38 +0200

    On 10 May 2005 16:23:11 -0700, "vedaal" <vedaal@hush.com> wrote:

    >is encrypted output indistinguishable from random data that is used
    >as 'randseed' to generate keys,
    >
    >or from other (not-so-random) data that one woulld expect to find
    >in computer hard-drive free-space,

    Yes, because they use random IVs.

    >or, more specifically,
    >from the true-crypt generated random data that fills the free space of
    >its larger container volume,
    >and the encrypted output of its second smaller hidden volume that
    >contains the 'real' data ?

    Yes, because they use random IVs. If you look at the bottom of the page
    you quote, you will see the foot note describing how the random data is
    generated:

    "* Right before TrueCrypt volume formatting begins, a temporary
    encryption key, plaintext block, IV and whitening seeds, are generated
    by the built-in random number generator (all these items are stored in
    RAM and are discarded after formatting finishes). The encryption
    algorithm that the user selected is initialised with the temporary key
    and the ciphertext blocks it produces are used to fill (overwrite) the
    free space on the volume. IVs are generated as usual (see section Modes
    of Operation in the documentation) except that the IV seed is not
    retrieved from the volume header but is generated by the random number
    generator. Whitening is also applied as usual (see section Whitening in
    the documentation) but the whitening values are derived from the value
    generated by the random number generator."

  • Next message: Paul Cooper: "Re: Cascading different algorithms?"