Nov 27, 2015 at 10:07 AM
Edited Nov 27, 2015 at 10:12 AM
VC is a wonderful product indeed, it employs different techniques, such as PIM, hidden volumes, hidden OS, cascading algorithms, hashing function choice, etc. It is, in my opinion, a great encryption solution for everyday use. By everyday, I mean, to have
it on your PC and encrypt your working data with it. There are of course many different types of attacks (cold boot, evil maid, etc) as well as the danger of important files, when mounted (decrypted) being transmitted over the network (internet),
but still - it is a great encryption solution.
However, what if you would want to store an important VC container somewhere for a long time? Say in a bank vault... or even worse, online (ie into a cloud).... for your backup purposes probably..... Unfortunately, in today's world all these places are risky
- your bank vault can be opened and the content taken away (even without your knowledge, let alone consent), the same goes for online storage. So, in fact, you have to presume, that your data may and will fall eventually into
your worst enemy's hands. So what do you do? I hear you thinking now, ok, I will make a triple AES-Twofish-Serpent container with a long password and/or large number of iterations, burn it on DVD and put it in my bank's safe deposit box. Fine,
thats great... however..... Will you feel safe if you know that all your private life, in text and images, although in a VC container, is in the hands of the NSA or someone with unknown for you resources and no time limit at all... to reveal your "everything"
and use it against you......
VC is extremely complicated software, all these nice features that it incorporates come at a price.... the TC audits missed a few important and critical bugs although the software was online for ages (open source).... there are tons of program lines and understanding
each and every one of them is virtually impossible. In all this ocean of coding, chances are real, that in future, a new bugs or vulnerabilities will be discovered. With all due respect to idrassi and the TC developers alike, VC is just
too complicated to be 100% certain it encrypts the way it should!
So what would I and probably other users find very useful, is a really simple program, capable of encrypting files (in our case VC containers)
in place, bit by bit. The program should be extremely unsophisticated and
standalone; There should be no hashing, no iterations, no salt, no cascading - nothing! Just plain and simple encryption with a cipher of choice (i would say Serpent). Without all enhancement options as salt and hash, it means it will produce:
same_plaintext+same_password=same_cyphertext. A very similar (in fact identical) approach was used in the 1990's when a program TinyIdea was written in assembler. This is what we need now - rewritten (preferably in asm) to be used in modern (ie 64 bits) systems
and with appropriate cypher algorithm (not patented like IDEA, which was in the 90s hyped by its use in the PGP). I believe that later, a similar TinyBlowfish and others were released, but i have never tried them. Our new program, lets call it TinyVera, should
be best written in assembly and be extremely short, simple and fast. TinyIdea's .com executable was only 500 bytes (yes -
bytes, it could fit on one sector under fat). We need something similar as an added protection to VC containers, stored for the future, 100% bug-free, backdoor-free. Of course, I hear you saying, without hashing and salting etc, it will be vulnerable
- well, not really, with a good long password, it will be safer than anything else. And because the code will be extremely clean and short, an audit will be really feasible for almost anybody with minimal programming skills.
I would love something like that to be made by a well known and respected programmer with encryption background, such as idrassi, and the name TinyVera would fit it perfectly (for the Russian speaking readers, it will nicely associate with the movie "Маленькая
Вера".... and the fight against the system that limits basic civil liberties) :)