D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Hardware Encrypted SD

 

On 29/11/13 17:55, Daniel Robinson wrote:
> I wish to encrypt the entire OS and create a phantom OS on a partition and
> hide everything else on a lower partition.
> I read somewhere that this can be done.

No can do chief - that functionality is Windows only, which isn't going
to get you far on a Pi. I've read about people attempting to create the
hidden partition as a Linux system by using WUBI and other tools but as
far as I know, it just isn't possible to install Linux in the hidden
outer volume even on standard x86/64 architecture, let alone on ARM.

Also, your plausible deniability depends on you using the decoy lower OS
frequently so any analysis of timestamps, etc, won't reveal anything
untowards - as you want your system to be running 24/7 as a secure
mailserver, rebooting it every other day and browsing around random
websites, editing a couple of documents and generally making the decoy
partition look like it's actually being regularly used isn't an option.

On top of all that, the jury is very much out on whether Truecrypt
hidden partitions can avoid skilled forensic analysis - law enforcement
particularly are very aware of Truecrypt and it's tricks. Cold boot and
in-memory attacks are known to be able to recover Truecrypt volume keys.

So you're going to have to rethink this. LUKS is the way to go if you're
using Linux.

Cheers



reading: https://www.schneier.com/paper-truecrypt-dfs.pdf

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq