On Tue, Jan 14, 2014 at 2:11 AM, Arno Wagner <arno@xxxxxxxxxxx> wrote:
On Tue, Jan 14, 2014 at 06:00:23 CET, .. ink .. wrote:No, if you crypto-blank it, it will not. But you need to protect
> > > with cryptsetup,the way to do it would be:
> > > 1. start with a block device like a usb stick
> > > 2. blank it out with random data.
> > > 3. put a regular file system like vfat at the beginning of the device.
> > > 4. put an encrypted plain volume somewhere at the back of the device.
> >
> > And any reasonable disk forensics tool will find that automatically
> > and fast. My keyslot-checker could be adapted to find something like
> > that in maybe one hour.
> >
> >
> are you saying that,if i create a 100MB file with data from "/dev/urandom"
> and then put a vfat file system on it,and then i open a plain mapper at
> 50MB offset and create a second file system on the file through the
> mapper,then your keyslot-checker or any other forensic tool will be able to
> detect the presence of this plain volume?
the additional container against overwriting in some way. One
way is to not write the outer container at all. This is obvious,
as it is going to be either old and not written for a long time
or brand-new, i.e. container has been creatded for the border-
crossing. The way TC does it by preventing writes to that
area is likely to leacve traces of the failed writes.
Its possible to use the first volume normally without harming the hidden one by not filling up the out volume
to near capacity.If you dont cross past 30% volume utilization of the outer volume,then the hidden volume will be
safe.This assumes using a proper file system and fat seem to be the best one to use since its the most advanced
to near capacity.If you dont cross past 30% volume utilization of the outer volume,then the hidden volume will be
safe.This assumes using a proper file system and fat seem to be the best one to use since its the most advanced
among the simplest file systems.
The scenario i am working with says something like this,you are at a border cross with a external hard drive and there are 10 other people with external hard drives and there is a government agent who is tasked with examining external hard drives.What he may do is ask everybody to put their hard drives in a bucket and he may go through them one by one.He will take one,plug it in to a computer and look into it by doing file searches,then go to the next one and do the same.If they reach yours,plug it in and get a LUKS prompt,then they will call you up and ask you to open it,they will probably be annoyed at you for slowing them down too.Once there,bringing up the fifth amendment to the constitution or any other privacy related explanation will probably not do you any good.The more you delay them,the more they will be unhappy with you and the more unpleasant they will be.
If they have no reason to suspect you have an encrypted volume hidden at the back of a regular file system,they will not look for it or ask you about it and will just go past your hard drive uneventfully,the only time they will examine your hard drive forensically is if you are already at the backroom being interrogated while your possessions are being closely scrutinized and they will do this most likely because they already know who you are and what you could be carrying and you did something stupid to draw suspicion to your hard drive.
If asked if the drive has a hidden volume,you could then answer "yes" and proceed to do what you would have done if asked to unlock a LUKS volume or any other encrypted volume.
> If true,then i would appreciate any link to any discussion of it because iSee above.
> am unaware of it.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
