Nov 21, 2015 at 4:09 PM
Edited Nov 21, 2015 at 4:13 PM
I don't see where this was discussed before so I'll post it here.
I used to really like the message that popped up when an incorrect password was entered into TrueCrypt trying to mount a container.
It was this:
Incorrect password or not a TrueCrypt volume.
Simple and to the point. The reason I liked it was that it caused doubt to an attacker who had physical access to the computer and was repeatedly guessing at possible passwords on what they thought may be a TrueCrypt container/file that perhaps they were not
even trying the right file, much less the password.
I feel that VeraCrypt's same error message when entering an incorrect password kind of DOES hint that it's a container, you just haven't entered the right password yet.
As you all know it reads:
Operation failed due to one or more of the following:
- Incorrect password
- Incorrect Volume PIM number
- Incorrect PRF (hash)
- Not a valid volume
As you can see, to an unsophisticated attacker simply trying to guess passwords using birth dates, wedding dates, dog's name, etc., the very first thing that is listed is "Incorrect password". Only at the very bottom does it say "Not a valid
Furthermore, it says the source of the error message is something called "MountVolume".
To me, and surely there are others, both of those things together implies that they probably have a container, just not the right password. Like I mentioned, TrueCrypt lets you know right off the bat that you are likely 'barking up the wrong tree'.
I feel that in a way this lessens deniability. I have my containers odd sizes and odd names just for this reason. (I don't think it's very smart to create a volume of exactly 10GB and name it "MySecretFiles.crypt.")
I wouldn't want to sit in jail somewhere for some reason with someone trying to force me to open a container that they are 99% sure IS a container, when it's much easier to say "That's not a container, it's some weird Windows (or Linux) system file."
Is it possible for this particular message to be re-worded in VeraCrypt, at least so that "Not a valid volume" is at the top, possibly even in bold or larger font? And the 'source' listed from "MountVolume" (implying that it's trying it's
best to mount a volume) to "MountError" or something like that? Or even leave that "Source:" off altogether?
Thank you for your consideration.
I would like to say thank you to the skillful developers who work hard on VeraCrypt. Please keep up the good work. :)
The error message provided by VeraCrypt clearly states that "Operation failed due to
one or more of the following:". The attacker has no idea which one or a combination of the items in the error message that they failed to enter correctly or that they are attacking a VeraCrypt volume.
For example, I got the same error message you posted when I attempt to mount a JPG file that is not a VeraCrypt volume.
The "Source: MountVolume:6948" is to assist the developer in order to troubleshoot issues when people report a problem so he can focus on the location in the code.
Nov 23, 2015 at 12:34 AM
Edited Nov 23, 2015 at 12:38 AM
Indeed it is clearly stated and indeed it says one or more, however my point was that with TrueCrypt the incorrect password/not really a volume was identified as only one of two things, wrong password or not a volume. With the simple implication to an attacker
that there was a 50% chance they they were not even trying to mount an actual volume.
The VeraCrypt message, on the other hand, which coincidentally I also arrived at by both entering a wrong password and trying to mount a jpg image, has what I think are too many causes of the error message.
The wording of the message is clearly aimed at the actual, legitimate VeraCrypt user and is meant to be helpful by pointing out where you may be going wrong in your unsuccessful attempts to mount. Whereas the TrueCrypt message was kind of a "You're entering
an incorrect password or this is not even a volume. Continue trying if you wish or just give up now."
As I originally stated, the VeraCrypt message just seems to me to be giving up too much information. Not literally but by implication.
As mentioned, the very first item on the list is that an improper password is being tried. Which is great for a legitimate user but indicates to an attacker that all that is needed is continued guessing. Only at the bottom of the multi-item list is "Perhaps
this is not even a volume" listed.
Of course the wording at the very bottom is aimed at developers for debugging but it says "MountVolume", further implication of a volume trying to be mounted, the password is just wrong, so far.
It could just as easily say "0xFFDCBA49" to indicate to the developer the exact same thing.
Naturally, if this continues to cause me great angst, I can download the source code, polish up on my programming a little and change the error message myself so I won't lose sleep at night lol
I don't mean to make a big deal of it, it's just that the comparison between the TrueCrypt and the VeraCrypt "Failed to mount because..." is quite a bit different and I was imagining to myself that I was trying to attack someone's encrypted volume
and opened VeraCrypt for the first time on their machine, if I saw tha VeraCrypt style message, I would be encouraged, whereas if I saw the one offered by TrueCrypt, I'd probably just give up on the spot.
This was all brought about by me being lazy and had several TrueCrypt volumes that I hadn't converted to VeraCrypt yet (I have now, though. I didn't read the docs thoroughly enough and I didn't know it was as simple as a password change to convert them over)
and I was getting the message frequently when not remembering to tick the 'TrueCrypt Mode' box or not. So I was flipping between TrueCrypt and VeraCrypt which was about as easy as trying to remember to check the box or not. Through so much habit, it was easy
to remember which was which with TrueCrypt open.
Thank you for your input. It points out to me that I'm probably worrying over nothing. Like I said, if I was that worried about it, I could just change it myself. Which I won't, so subconsciously I apparently know it's no big deal. :)