[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 29/11/13 17:55, Daniel Robinson wrote: > I wish to encrypt the entire OS and create a phantom OS on a partition and > hide everything else on a lower partition. > I read somewhere that this can be done. No can do chief - that functionality is Windows only, which isn't going to get you far on a Pi. I've read about people attempting to create the hidden partition as a Linux system by using WUBI and other tools but as far as I know, it just isn't possible to install Linux in the hidden outer volume even on standard x86/64 architecture, let alone on ARM. Also, your plausible deniability depends on you using the decoy lower OS frequently so any analysis of timestamps, etc, won't reveal anything untowards - as you want your system to be running 24/7 as a secure mailserver, rebooting it every other day and browsing around random websites, editing a couple of documents and generally making the decoy partition look like it's actually being regularly used isn't an option. On top of all that, the jury is very much out on whether Truecrypt hidden partitions can avoid skilled forensic analysis - law enforcement particularly are very aware of Truecrypt and it's tricks. Cold boot and in-memory attacks are known to be able to recover Truecrypt volume keys. So you're going to have to rethink this. LUKS is the way to go if you're using Linux. Cheers reading: https://www.schneier.com/paper-truecrypt-dfs.pdf -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq