| 1 |
I would like to quote these two statements: |
| 2 |
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS#Two_things_to_remember |
| 3 |
|
| 4 |
Thanks for your help, but: |
| 5 |
|
| 6 |
> It does not protect more the user while he uses it nor from |
| 7 |
> potential "after-use" trails. |
| 8 |
|
| 9 |
So? Was I supposed to release a complete secure solution right now? :P |
| 10 |
|
| 11 |
> Either you lose the livecd |
| 12 |
> along with your identity (or data that leads to your identity) and |
| 13 |
> you get caught or while using the software you get caught (like |
| 14 |
> your TOR connections have been detected). The only purpose and |
| 15 |
> advantage encryption would have is to |
| 16 |
> obfuscate some passwords like in the firefox example you gave. |
| 17 |
|
| 18 |
The idea is that with this livecd you're on the move, boot the cd, use |
| 19 |
tor and go away asap once finished. Make sure all your sensible data |
| 20 |
is sent in a package just before leaving. If you lose it or someone |
| 21 |
looks at it, it won't suspect much. |
| 22 |
|
| 23 |
> The real solution to your problem would be to use a steganographic |
| 24 |
> layer ( http://en.wikipedia.org/wiki/Steganography[1] ) . |
| 25 |
|
| 26 |
It's not like I didn't remembered steganography, read below. |
| 27 |
|
| 28 |
> You will not find much (I mean actual real software) besides some |
| 29 |
> linux-2.2 tweak over ext2 "proof-of-concept" (10years old |
| 30 |
> not stable unreliable) |
| 31 |
|
| 32 |
False? Look for TrueCrypt. |
| 33 |
|
| 34 |
> I think that encryption has nothing to do with hiding. In the |
| 35 |
> contrary, it is like a big flag standing saying "hey look at |
| 36 |
> me I got something to hide, come and get me!". It is just |
| 37 |
> obfuscating technology. |
| 38 |
|
| 39 |
Using the crypt_silent option how likely are you of being catched? |
| 40 |
Just put some binaries of emacs and so on on the root, and demonstrate |
| 41 |
in the fake root that's what is for. It is a good hiding technique I |
| 42 |
think, but not perfect. |
| 43 |
|
| 44 |
The thing is, given the low probability of being catched, either by |
| 45 |
having the squashfs with Steganography or not, some large file would |
| 46 |
be there, and if they're good enough to realize it is a bootable |
| 47 |
livecd and it is forcing a fake boot, then they're good enough to see |
| 48 |
a big closed file is there. |
| 49 |
|
| 50 |
Unless one did multiple hidden volumes inside this one, or just hide |
| 51 |
some files inside the root. But we're back to less usability and we're |
| 52 |
being forced to use truecrypt (I don't see a currently free maintained |
| 53 |
option). |
| 54 |
|
| 55 |
If we accept the Truecrypt restrictions (haven't read everything, but |
| 56 |
it's not gpl so I assume they're more restrictive :P), we could |
| 57 |
implement these several layers of encryption and increase |
| 58 |
functionality with some scripts hidden in a pen for example. But to |
| 59 |
put any programs like firefox+torplugin+tor+privoxy in them, and |
| 60 |
separate in small files, that's a lot of work. This implementation is |
| 61 |
good enough for most cases. Also Luks is well maintained and GPL. |
| 62 |
|
| 63 |
> Now, from a legal point of view, being caught with an encrypted |
| 64 |
> material whether livecd or not in major countries |
| 65 |
> (UK,GER,FR,US,china) requires from you the decryption key |
| 66 |
|
| 67 |
Fine for me, don't do anything illegal in free countries. As for the |
| 68 |
China example, just do as on my second point and use the following |
| 69 |
idea: encrypt with luks as it is, and for the more sensitive files you |
| 70 |
can use stenography using stenography software in a separate volume |
| 71 |
(like a usb pen). If they ask you for the key, give it to them and |
| 72 |
show just some more innocent files you were hiding. |
| 73 |
|
| 74 |
It's better then have the cd almost all open, again, because you may lose it. |
| 75 |
|
| 76 |
Let me know if I'm wrong or if you have more ideas ;) |
| 77 |
|
| 78 |
Cheers, |
| 79 |
Nelson |
| 80 |
-- |
| 81 |
gentoo-catalyst@g.o mailing list |
Archives