1 |
I would like to quote these two statements: |
2 |
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS#Two_things_to_remember |
3 |
|
4 |
Thanks for your help, but: |
5 |
|
6 |
> It does not protect more the user while he uses it nor from |
7 |
> potential "after-use" trails. |
8 |
|
9 |
So? Was I supposed to release a complete secure solution right now? :P |
10 |
|
11 |
> Either you lose the livecd |
12 |
> along with your identity (or data that leads to your identity) and |
13 |
> you get caught or while using the software you get caught (like |
14 |
> your TOR connections have been detected). The only purpose and |
15 |
> advantage encryption would have is to |
16 |
> obfuscate some passwords like in the firefox example you gave. |
17 |
|
18 |
The idea is that with this livecd you're on the move, boot the cd, use |
19 |
tor and go away asap once finished. Make sure all your sensible data |
20 |
is sent in a package just before leaving. If you lose it or someone |
21 |
looks at it, it won't suspect much. |
22 |
|
23 |
> The real solution to your problem would be to use a steganographic |
24 |
> layer ( http://en.wikipedia.org/wiki/Steganography[1] ) . |
25 |
|
26 |
It's not like I didn't remembered steganography, read below. |
27 |
|
28 |
> You will not find much (I mean actual real software) besides some |
29 |
> linux-2.2 tweak over ext2 "proof-of-concept" (10years old |
30 |
> not stable unreliable) |
31 |
|
32 |
False? Look for TrueCrypt. |
33 |
|
34 |
> I think that encryption has nothing to do with hiding. In the |
35 |
> contrary, it is like a big flag standing saying "hey look at |
36 |
> me I got something to hide, come and get me!". It is just |
37 |
> obfuscating technology. |
38 |
|
39 |
Using the crypt_silent option how likely are you of being catched? |
40 |
Just put some binaries of emacs and so on on the root, and demonstrate |
41 |
in the fake root that's what is for. It is a good hiding technique I |
42 |
think, but not perfect. |
43 |
|
44 |
The thing is, given the low probability of being catched, either by |
45 |
having the squashfs with Steganography or not, some large file would |
46 |
be there, and if they're good enough to realize it is a bootable |
47 |
livecd and it is forcing a fake boot, then they're good enough to see |
48 |
a big closed file is there. |
49 |
|
50 |
Unless one did multiple hidden volumes inside this one, or just hide |
51 |
some files inside the root. But we're back to less usability and we're |
52 |
being forced to use truecrypt (I don't see a currently free maintained |
53 |
option). |
54 |
|
55 |
If we accept the Truecrypt restrictions (haven't read everything, but |
56 |
it's not gpl so I assume they're more restrictive :P), we could |
57 |
implement these several layers of encryption and increase |
58 |
functionality with some scripts hidden in a pen for example. But to |
59 |
put any programs like firefox+torplugin+tor+privoxy in them, and |
60 |
separate in small files, that's a lot of work. This implementation is |
61 |
good enough for most cases. Also Luks is well maintained and GPL. |
62 |
|
63 |
> Now, from a legal point of view, being caught with an encrypted |
64 |
> material whether livecd or not in major countries |
65 |
> (UK,GER,FR,US,china) requires from you the decryption key |
66 |
|
67 |
Fine for me, don't do anything illegal in free countries. As for the |
68 |
China example, just do as on my second point and use the following |
69 |
idea: encrypt with luks as it is, and for the more sensitive files you |
70 |
can use stenography using stenography software in a separate volume |
71 |
(like a usb pen). If they ask you for the key, give it to them and |
72 |
show just some more innocent files you were hiding. |
73 |
|
74 |
It's better then have the cd almost all open, again, because you may lose it. |
75 |
|
76 |
Let me know if I'm wrong or if you have more ideas ;) |
77 |
|
78 |
Cheers, |
79 |
Nelson |
80 |
-- |
81 |
gentoo-catalyst@g.o mailing list |