Re: TrueCrypt 4.0 Out

From: clark (clark_at_barbell.com)
Date: 11/04/05


Date: Thu, 03 Nov 2005 21:57:09 -0800

On Thu, 3 Nov 2005 19:54:50 +0100, Kristian Gjøsteen
<kristiag+news@item.ntnu.no> wrote:

>clark <clark@barbell.com> wrote:
>>On Thu, 3 Nov 2005 18:34:09 +0100, Kristian Gjøsteen
>><kristiag+news@item.ntnu.no> wrote:
>>
>>>clark <clark@barbell.com> wrote:
>>>>It looks on the surface that you are incorrect on all counts.
>>>
>>>Why? It would help if you actually point out where my mistake is.
>>
>>I think it is in the part where you claim you can distinguish
>>TrueCrypt encrypted data from random plaintext.
>>
>>Using the example of AES-256 encryption, I don't think you can
>>distinguish ANY data (no matter how you prepare it) after it has been
>>normally encrypted with TrueCrypt.
>>
>>I find it difficult to believe at this time, based on your arguments.
>>
>>They are not convincing. The design of TrueCrypt appears to prevent
>>you from succeeding at this.
>
>Actually, there is no need for you to believe anything. I have given
>enough details for anyone to actually go and do some specific writes
>to their TrueCrypt container and then check that a simple relation
>holds for the ciphertext, a relation that doesn't hold for random
>plaintext. Go back, read the details, and perform the experiment.
>(I would have done it myself if I had a computer that could run
>TrueCrypt available.)
>
>Then you can report back. There is no need to believe or disbelieve.

I think Paul Cooper stated it best in an answer to the above reply.

But I'll restate that the design of TrueCrypt appears to prevent you
from succeeding in being able to distinguish normally encrypted data
from random plaintext.

So I won't be reporting back on a test that seems pointless to run.