encrypted disc hint (what encryption?)

Robert Connolly robert at linuxfromscratch.org
Fri Jun 3 22:26:50 PDT 2005


I've thinking about disk encryption with deniability; to be able to deny the 
encrypted data exists.

If the real system is not encrypted it will be difficult to hide encrypted 
data in freespace without having the system overwrite the freespace in normal 
operation.. I think the solution is to install a decoy system to the 
beginning of the drive, and boot an encrypted system which uses losetup 
offsets. The offsets will be in the free space of the decoy partition, 
starting a bit after the last used sector of the decoy system. If /tmp is 
mounted to tmpfs, the decoy should be able to boot without damaging the 
encrypted system.

Making a bootdisk, or flash, for the encrypted system is a separate issue. 
Without any intervention, the system will boot the decoy. With the boot disk 
the encrypted system can be mounted. From the encrypted system the decoy 
system can also be mounted to copy decoy email and web cache to it, at 
regular intervals, so that the decoy looks like its being used; and the 
writes can be contained in the beginning of the disk.

Aside from the bootdisk, the only thing suspicious from a raw-read would be 
that the freespace is full of randomized data.

Hiding the keychain needs more imagination, like a modified knoppix iso 
(another decoy).. something with loop-aes drivers, and gpg, that isn't 
suspicious.

robert



More information about the hlfs-dev mailing list