/g/ - Technology

install openbsd

[Make a Post]
[X]





Full-disk encryption Nanonymous No.9618 [D][U][F][S][L][A][C] >>9658 >>9663
File: 29d1c66686c7880b554d5fccd9950c58a27d9d82541d76e3cf6e352bf50d77fe.png (dl) (87.94 KiB)
hey, /tech/ let's talk about encryption!
I'm acquainted with the likes of cryptsetup, LUKS, VeraCrypt (?TrueCrypt 7.1 is bad somehow?). I understand the risks of full-disk encryption and norman's reaction to encrypted hard drive volumes.

What happens when you are confronted by the police/nwo forces? Vera/Truecrypt has hidden volumes which represent themselves as binary blobs in the system, which have a false key that unencrypts decoy data. Does LUKS achieves that? As far as i'm concerned only 1 volume is encrypted past grub-level machinations. Grub asks passwords to volumes that are basically visible to him. But what if i wish to shrink/extend volume? Where is that metadata stored? LUKS2 setup works horrendously with grub, requiring some tinkering which should not be there in the first place. Does LUKS header get updated when i introduce changes into my drive/volume?

What if there is a boot-level pre-grub solution which asks a password to unencrypt your hard-drive (like most manufacturers provide out of the box), but with several possible hidden volumes and decoy data unencrypted instead. Like:
1) i boot up computer (normal procedure)
2) it asks for a hard-drive pass
3a) i provide it with a real pass that unencrypts real operating volume
3b) i provide it with a pass for decoy to be detected and unencrypted
3c) i provide it with a pass quietly shredding all the valuable data on the hard drive, while leas provide me donuts
4) stop operating, clear cash, swap and ram
5) non-dumb leas check my hard drive capacity is actually twice the size of the volume and crush my nuts in jail

inb4: > lol tor+cp
fbi, get out of your phones! we are living in dystopian world where data hoarding is considered a crime! (Hello, communismus!) I am not afraid of confronting the police on the street, the question is what happens when they blow out your door at 5 A.M.? You can't be always prepared to be that guy "i know those thing look like computers, they are totally not!". DEFCON proved that even physical destruction (using a fucking termite!) still leaves enough hard drive plates/flash memory chip transistors intact, allowing "interested parties" to snoop into your volumes after you have dealt with them. Shredding is the only solution, but it must be queit (as proposed above). Should i just start to write drivers to make my own solution for my notebook or is there an option?


tldr(too much mumble): is there working boot-level full-disk encryption with hidden decoy volumes solution?

Nanonymous No.9620 [D]
The "hidden decoy" volumes that you mention are not always a good idea.
In some jurisdictions, you may be held indefinitely until you provide the passphrase to decrypt a device. The plausible deniability that you want may not be a good idea. You may end up in a situation where there is no volume where law enforcement believes there may be one, and then you will be fucked.

Nanonymous No.9621 [D]
https://albinoloverats.net/projects/stegfs
http://tsmolen.eu/fuyoal/
https://en.wikipedia.org/wiki/Deniable_encryption

>is there working boot-level full-disk encryption with hidden decoy volumes solution?
tl;dr: No. Current hardware does a poor job at securing the boot and current tools don't have formal proofs and don't work with FIDO U2F devices such as Nitrokey (Veracrypt has limited support for it IIRC, but only works on linux). We'll have to wait until CASCADES/Ibex+Keystone/OpenTitan+Betrusted+oreboot+linuxboot+SABLE+seL4-rumpkernels is a thing.

Nanonymous No.9627 [D] >>9663
When people do forensics on your computer they simply make a report from an off the shelf digital forensics software. Unless you are someone important they will not waste time coding special software to get at your data. Nonstandard file systems / encryption can go a long way.

Nanonymous No.9658 [D] >>9663
>>9618
Just having and watching CP should not be illegal! I didn't rape any girls or boys! Even I didn't touch none of them!

They're just pictures or videos. Why are just pictures or videos illegal?

Nanonymous No.9659 [D] >>9663
>What if there is a boot-level pre-grub solution which asks a password to unencrypt your hard-drive
You could probably roll your own with something like Tinycore and VMs or some baremetal solution. I imagine it wouldn't be too difficult if that's all you want to accomplish and I imagine it would also be pretty popular.

You could also boot into some tiny OS, write the keys to the real partition either on disk or in memory (not sure if possible), reboot and unlock the real partition on boot.

Just a few thoughts.

Nanonymous No.9663 [D][U][F] >>9664 >>9680 >>9689
File: 9bccd052476b80522265a9252b16a79d12d77600cadccbea3aea7e53d628370b.pdf (dl) (2.35 MiB)
>>9618
>?TrueCrypt 7.1 is bad somehow?
Truecrypt is abandoned and has bugs. Veracrypt is a fork maintained by different people.

>cryptsetup, LUKS
* dm-crypt is Linux disk encryption implemented in the kernel.
* LUKS (Linux Unified Key Setup) is a *header* which goes infront of dm-crypt data to hold metadata like encryption algorithm and keyslots (for multiple passwords) etc.
* cryptsetup is the userspace tool for encryption/decrypting dm-crypt data and (optionally) dealing with LUKS headers

For deniable encryption you need to use plain dm-crypt without LUKS (`cryptsetup create...`). Make use you fill the disk with random data first, and then it won't be obvious the disk is encrypted, it will just look like it's been wiped and unused. Or use LUKS with a detached header (`cryptsetup luksOpen --header...`) and then store the header somewhere secret, maybe with stego.

>Vera/Truecrypt has hidden volumes which represent themselves as binary blobs in the system, which have a false key that unencrypts decoy data.
Hidden volumes are 2 encrypted filesystems taking up the same physical space on a disk. When you use the outer key, you get the fake data and the inner sections look like uninitialized data.

The problem with hidden volumes is you can't write to the outer volume without overwriting stuff in the hidden volume. So when you show the outer volume and it has only 10 files from 2012 and the rest of the 1TB disk is "free space" then your plausible deniability gets thin. Also, Veracrypt's hidden volume feature is very famous, so just having Veracrypt installed could lead people to assume you have hidden volumes.

>What if there is a boot-level pre-grub solution which asks a password to unencrypt your hard-drive
A simpler solution for a "hidden" OS is to boot from live system with USB/PXE, decrypt the drive manually by typing the cryptsetup command, then run a virtual machine stored on the encrypted partition.

Live systems run in RAM so when you power off the machine there will be no evidence of you decrypting the data. That's important if you want to deny that the data is encrypted or pretend you don't know the password.

>>9658
>Just having and watching CP should not be illegal! I didn't rape any girls or boys! Even I didn't touch none of them!
Kids are abused in the creation of CP. By consuming the content you are creating demand for more abuse. There are many good arguments for and against the specific details but that's the overall logic you need to understand.

>>9627
>When people do forensics on your computer they simply make a report from an off the shelf digital forensics software. Unless you are someone important they will not waste time coding special software to get at your data. Nonstandard file systems / encryption can go a long way.
Tech workers are typically geeks motivated by intellectual challenges. Law enforcement investigators are also motivated by a sense of justice. I wouldn't count on doing something obscure or weird to throw them off, it could also make them double down on you.

>>9659
>You could also boot into some tiny OS, write the keys to the real partition either on disk or in memory (not sure if possible), reboot and unlock the real partition on boot.
You don't need to reboot. You can boot into an initramfs, decrypt the real root filesystem and then switch_root(8) to it. Here is a guide if you want to learn, https://www.jootamam.net/howto-initramfs-image.htm.

Note that embedding the decryption command into the init script destroys your plausible deniability. To make this work as a "hidden" OS you need to memorize the decryption commands and type them manually on each boot. Or maybe find a way to plausibly encrypt a second init script (stego?).

There was also a good talk from Blackhat Europe last year about a different approach. He basically uses stego to hide a chain of executables on the disk. They start out tiny and build in size and each one automatically finds the next until eventually you end up with the whole OS decrypted and ready to go. The slides are attached.

Nanonymous No.9664 [D] >>9668
>>9663
>Tech workers are typically geeks motivated by intellectual challenges. Law enforcement investigators are also motivated by a sense of justice.
Even if they wanted to do so, they may not even be able to. You are assuming that these people can do more than run prebuilt tools and analyze the data they spit out. Most of the time they are dealing with people who store cp on flash drive in \things\don't click\cp\cp or looking at logs showing that a specific user copied cofidential files onto a flash drive.
>I wouldn't count on doing something obscure or weird to throw them off
It is not as much to throw them off, but for it to be too much work than it is worth. The forensics team is not going to be paid anymore for this analysis than normal, so they will try to avoid doing things which takes several orders of magnitude longer.
>it could also make them double down on you.
It would depend on how badly they want what is on your disk as evidence. I am sure there are people that could figure out your scheme, but is your case worth it?

Nanonymous No.9668 [D]
>>9664
The point is they're not necessarily motivated only by economics. You will also find ego driven investigators who do free overtime just to unravel your obfuscated setup and prove how smart they are.

Especially if, like you say, most of the time they are working on dull straightforward investigations, that one guy doing something different and interesting might get a lot of attention.

Anyway, assuming all your adversaries are just trained monkeys clicking buttons on encase and fucking off at 5pm is not a healthy threat model.

Nanonymous No.9680 [D]
>>9663
>Kids are abused in the creation of CP.
citizens are abused by contraband data laws

Nanonymous No.9689 [D] >>9721
>>9663
I never paid for CP. The creators sell it to buyers. I just saw leakages from them free.

Nanonymous No.9721 [D]
>>9689
>I never paid for CP. The creators sell it to buyers. I just saw leakages from them free.
This place is slow so it's probably ok to detour a bit.

If you ever got stuff from a file locker site or three digit chan then you probably gave money in the form of ads and captchas and javascript cryptomining. If you got stuff from bittorrent then you had to seed it to other people at least while you download.

You don't need money to incentivize people anyway. Look at twitch, as long as there's an audience people will stream. If you think hard enough then basically any interaction with CP incentivizes more.

Nanonymous No.9735 [D] >>9743 >>9763
Thanks for the thoughtful replies and valuable feedback by gray-hatter. Additional thanks to our brave feds! Who needs file encryption if not pedos, right?

After additional digging, turns out VeraCrypt allows some sort of MBR level password asking. FAQ mentions that it only works with windows (not tinkering with it anyway), so it actually makes vera a sort of portable LUKS for media drives. For me who has huge collection of both pdfs and illegal memes (which are in any euroshit country anyway), the only remaining option would be to either eat a dick or start rolling your own solution.

Quick sum up of what i've gathered from this thread:
1) Steganography is a viable solution to store sub-kilobytes documents and pass databases inside meme jpg images. But any script-kiddie tier utility detects encryption noise easily.

2) Create encrypted+hidden containers renaming them to Microsoft_Office_2010_PRO_Repack_by_C001K1D.iso and store a bunch of documents there. But the probability of overwriting hidden data with gibberish that you must occasionally renew seems too high, especially on modern wear-leveling SSDs.

3) Utilizing a solution which requires external flash drive with key to be present to even ask a password during grub/boot sequence. Not that many encryption utilities provide this level of true secrecy.

4) A simple live linux decrypting valuable info/init scripts would do just fine. Yes, you can even switch root and actually load into your shadow system. All while usual system would boot into some windows7 installation (don't forget to use it occassionally!).

5) Some hard drives sport not just AES encryption accelerator (whatever that supposed to mean), but also on the fly encyrption and ask credentials during boot-level hard drive access time. Their firmware is an encrypted mess ofc, but.. could someone inject their own solution into it? Stinkpads have bios version 'unlocked' by few autists. And that probably takes raw MBs of data, i'm sure firmware for hard drives/ssds could be hijacked the same way (if given enough autist-hours).

N) Unreasonable way is to roll a new bsd/linux like operating system. It is unreasonable because neither me or you will ever deal with all that driver fuckery of modern systems. Graphical output is a king nowadays, but to get it up and running would require either dedicated autist squad or forth-like guru who has nothing to do in his free time.

Correct me if you notice any mistake.

Nanonymous No.9743 [D]
>>9735
>2) Create encrypted+hidden containers renaming them to Microsoft_Office_2010_PRO_Repack_by_C001K1D.iso
Files like .iso are not just binary start to finish, they have headers and a specific internal structure to follow. If you have an unmountable ".iso" file then that's a red flag.

>5) Some hard drives sport not just AES encryption accelerator.. could someone inject their own solution into it?
The problem with brewing your own solution is how do you document / develop it? LEA raid means they take everything, including the source code you wrote for your super secret hidden crypto.

Nanonymous No.9763 [D]
>>9735
>It is unreasonable because neither me or you
>forth-like guru who has nothing to do in his free time.

Whoa back up friend. If I really wanted a super secret decryption scheme that only I and the most dedicated of autistic faggots could crack I'd totally do it. True secrecy comes at a price; what is your threat-model?