1 |
Nelson, |
2 |
|
3 |
Ok, I understand, thanks for clarifying. |
4 |
So we can narrow down all those scenarios to one type of attack: theft by |
5 |
third part (or yourself). |
6 |
|
7 |
It does not protect more the user while he uses it nor from potential |
8 |
"after-use" trails. Either you lose the livecd along with your identity (or |
9 |
data that leads to your identity) and you get caught or while using the |
10 |
software you get caught (like your TOR connections have been detected). |
11 |
The only purpose and advantage encryption would have is to obfuscate some |
12 |
passwords like in the firefox example you gave. |
13 |
|
14 |
Now, from a legal point of view, being caught with an encrypted material |
15 |
whether livecd or not in major countries (UK,GER,FR,US,china) requires from |
16 |
you the decryption key (us patriot act, uk RIP act, etc) or else you can |
17 |
straight take up to few years in some cases without much chance of having of |
18 |
good defense (china=torture?). So in 95% of cases you end up giving away |
19 |
your key to prove that you are not a spy from whatever organisation and that |
20 |
at least you hadn't that bad intention with your encrypted software. And you |
21 |
do handle the key in the objective of lowering the sentence you get for |
22 |
being caught in the first place. |
23 |
|
24 |
I think that encryption has nothing to do with hiding. In the contrary, it |
25 |
is like a big flag standing saying "hey look at me I got something to hide, |
26 |
come and get me!". It is just obfuscating technology. |
27 |
|
28 |
The real solution to your problem would be to use a steganographic layer ( |
29 |
http://en.wikipedia.org/wiki/Steganography ) . Not for the whole squashfs |
30 |
but only for a single file (whatever the size) inside a clear livecd. Note |
31 |
that 20% of the size of that file is really containing data, you do not want |
32 |
to push too much (50%) or we get data loss (blocks from different containers |
33 |
overwriting them) in an exponentially manner. |
34 |
|
35 |
You want to be able to *deny* that you are in possession of such material. |
36 |
Go from the basis that if you get caught you will *have to* handle your key |
37 |
away. That is real practice because you can get 5 times more being secretive |
38 |
than actual real sentence against the data you want to hide. |
39 |
A steganographic FS will allow you when being caught with your livecd of |
40 |
saying first: "it is a clear livecd!" Sounds idiotic but believe me, it is |
41 |
the best start for the official police questioning. Then in the worst case |
42 |
scenario, they find your single encrypted file and ask you for the key which |
43 |
you will provide one of the many different you have set up (properties of a |
44 |
steganographic FS), which will decrypt a part of that encrypted file, |
45 |
discovering data that will not incriminate you so far for just having a |
46 |
picture of your dog. |
47 |
Charges are dropped, you justify your secretive attitude as being respectful |
48 |
of your privacy rights and next morning you wake up in your bed! |
49 |
|
50 |
Because I want to be fair, I think having an encryption layer is great for |
51 |
catalyst, but when related to the specific purpose you described you would |
52 |
better at least give a try to a steganographic FS if you really fear the |
53 |
sentence you can get for the data you are hiding. |
54 |
|
55 |
You will not find much (I mean actual real software) besides some |
56 |
linux-2.2tweak over ext2 "proof-of-concept" (10years old not stable |
57 |
unreliable) and |
58 |
an update by some chinese with 2.4 but the whole is mainly broken and I |
59 |
guess somehow a little taboo, the projects seems dead, no main other |
60 |
projects have been replaced. |
61 |
|
62 |
You can try an implementation I have worked on few years ago. It does |
63 |
everything that I have described (in a non friendly C hardcore way) so far |
64 |
and is called denyfs. |
65 |
|
66 |
It is not a driver, and can be started in userland if the correct losetup |
67 |
and cryptsetup have been done. |
68 |
|
69 |
http://www.openchill.org/2005/06/denyfs_a_steganographic_file_s.php#more |
70 |
|
71 |
have a look there, it is not fully stable, requires manual compilation and |
72 |
configuration though it does the job (I made a quick GUI in gtk if you |
73 |
provide the gtk USE flag). Follow the howto to get a grip on it. And |
74 |
remember if you want to retrieve with a 90% probability your data as you |
75 |
have put them in the box, do not exceed 15-20% of the total size of the |
76 |
file! And even do not be surprised when it happens. |
77 |
|
78 |
Steganography is a concept that aims at small and *static* file system. Do |
79 |
not even think about putting an OS(where files are dynamically arranged |
80 |
again and again) inside a steganographic FS, it is as of the concepts and |
81 |
mathematics we have simply impossible. |
82 |
|
83 |
I didn't realized I wrote so much, I'm just passioned by this topic because |
84 |
of past experiences moving from one country to another. I am currently |
85 |
developing a Portage based GNU/Linux natively encrypted OS and I'm about to |
86 |
re open DenyFS inside that distribution by stabilizing it, hence my reason |
87 |
for being so communicative. |
88 |
|
89 |
Thanks for reading |
90 |
|
91 |
erick |
92 |
|
93 |
On 7/1/07, Nelson Batalha <nelson_batalha@××××.pt> wrote: |
94 |
> |
95 |
> Hi Erick, |
96 |
> |
97 |
> There are many uses for this! |
98 |
> |
99 |
> They mainly come from the fact that now you can have sensitive information |
100 |
> everywhere on your cd root, and not be afraid of losing your cd, either |
101 |
> physically (happens to me all the time), or in the net if you don't want an |
102 |
> open distribution. |
103 |
> |
104 |
> -Read on for examples: |
105 |
> |
106 |
> 1) If you're in a country like China and you can't have applications like |
107 |
> Tor on your desktop (suspicious), you can just make a livecd and try to |
108 |
> disguise it as something else by filling the filesystem. Also it's portable |
109 |
> and replicable. You could also encrypt your hard drive, but this way you |
110 |
> don't have to worry if they take it for testing. Specially if using luks on |
111 |
> the desktop (no plausible deniability). It's also much easier to hide a |
112 |
> mini-cd/dvd physically. |
113 |
> |
114 |
> 2) Also for instance, I'm going away next semester and I won't be taking a |
115 |
> laptop. However I would like to use gentoo, my favourite programs and have |
116 |
> my passwords stored in them (like Firefox), and transport some personal |
117 |
> and/or sensitive files. (only option is put those files in an encrypted |
118 |
> container and extract them on *every* boot). |
119 |
> |
120 |
> 3) If you're creating some official livecd and would like to test it with |
121 |
> some group, but for security reasons you prefered if nobody else tested it. |
122 |
> |
123 |
> 4) In general companies/organizations can create a easily updatable |
124 |
> portable working environment and mail it or publish it online. |
125 |
> |
126 |
> Etc. |
127 |
> |
128 |
> Take care, |
129 |
> Nelson |
130 |
> |