Plausibly deniable encrypted volumes. - Security & Cryptography

Users browsing this thread: 1 Guest(s)
Long time nixers
[Disclaimer: I claim no glory here, it's been around for years.]
The FBI kicks your door in, arrests you for an alleged "cyber crime," and confiscates your computer[s.]
Since "Enhanced Interrogation" has been tacitly approved by the current regime, and you have not yet divulged any useful information via verbal / psychological assaults, the goons move forward with "Enhanced Interrogation," AKA torture.
They want the password to your TrueCrypt protected hard drive!
What to do?
Plausibly Deniable Encryption.
Basically, you place a "hidden volume" within the free space on an encrypted TrueCrypt volume. [Disk partition]
This hidden volume can contain a hidden OS where you do your dirty work, and keep potentially sensitive information.
Done right, you'll end up with a hidden operating system which is difficult to discern from the random data which fills the free space on encrypted TrueCrypt volumes.
Since this process is so involved, and potential mistakes so costly, I'll refer the reader to the TrueCrypt site for the actual tutorial:
Since you've setup a hidden OS [or 2, or 3...] and your outermost TrueCrypt volume, the one hiding the hidden OS, only contains legal - yet sensitive - data, such as financial information, divulging the password for the outermost TrueCrypt volume should not place you in any more jeopardy.
Be careful if you use porn as your baited sensitive information, as sometimes porn actors are actually underage. You don't want to end up in prison for child pornography!
So you divulge the password to your outermost TrueCrypt volume containing completely legal and innocuous data, file a lawsuit against the government, settle out of court for an undisclosed amount, move to some tropical hideaway, meet the woman of your dreams and live free for the rest of your life. safe in the knowledge that your hidden data is still hidden.
No "hacking" with the outermost TrueCrypted OS! Don't be sloppy!
Don't write data to disk while using the outer TrueCrypt OS, you might overwrite your "hidden" OS.
Take all regular precautions regarding anonymity.
BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC.
Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC.
Long time nixers
>not native linux encryption

have fun when backdoored
Long time nixers
I just set up some thermite on top of my HDD. The moment the case is open it lights the thermite and destroys the HDD in one fell swoop. No need for any encryption!
Because I am a narcissist and always need to have my two cents in on something like this, I would like to present the following points for consideration:

1) Truecrypt has never had any sort of complete or large scale code review, and while the code is open, the development process is not, so the code may or may not be receiving the review and testing it deserves. If you google for Truecrypt code reviews, at least on my end, I turn up with only this single code review, as well as a lot of conjecture. In fact, even TAILS doesn't recommend using it anymore, although this is not the only reason for that.

2) Know your risk vectors and use encryption accordingly. Hidden volumes are great for hiding information from an untrained threat, such as kidnappers, extortionists, parents/spouses, and from entities bound by the law, such as the police, FBI, and lawyers. Plausible deniability is not so great against a trained threat though, such as high tech criminals, the CIA/NSA(arguably high tech criminals), or any other government entity or LEO that operates almost completely outside the rule of law, or any entity for that matter that will simply torture you for kicks if they don't "believe" that you have given up all your hidden volumes on the drive.

TLDR: Be paranoid, and remember that no one thing is a one off solution for everything, so plan accordingly.
[Image: a0QZxXO.gif]
(15-08-2013, 10:54 PM)NeoTerra Wrote: Honestly these days sometimes physical security is better. Need something stored that is *absolutely* confidential? Print it out, seal it in a plastic tube, and bury it somewhere with GPS coordinates. No one will ever find that if you know what you're doing.

Then again if you're going to be tortured for your data, you might as well forget it, because you're basically fucked.
You could try the multi-layer approach: Encrypt the hard drive with AES 256, and inside of that use Truecrypt hidden volumes.
[Image: a0QZxXO.gif]
Long time nixers
Pretty sure the best way would simply be to have offsite data storage that is encrypted and set up with a "burn-on-discovery" type defense.