User: Password:
|
|
Subscribe / Log in / New account

steg the whole os

steg the whole os

Posted Oct 10, 2008 23:36 UTC (Fri) by tmassey (guest, #52228)
In reply to: steg the whole os by surfingatwork
Parent article: ParanoidLinux: from fiction to reality

I think you miss the point.

The point is not to make it so that nothing about the computer is visible. That will never work, for the reasons you hint at: you need to be able to power up the computer and let others see that it's "OK". That's called plausable deniabilit (http://en.wikipedia.org/wiki/Plausible_deniability). The ability to say, "See, look: it's a Windows computer with nothing but pictures of kittens!"

When you boot, you get Windows. When you look at the partition table, there is a single NTFS partition that contains Windows. No encryption, nothing hidden. Everything is what it is.

However, somewhere on that computer, cleverly named "Kitty Pictures.ZIP" buried *deep* within a directory that contains nothing but kitty pictures, is a 1GB file. That file is a TrueCrypt-encrypted file that contains a CoLinux partition. Within that is all of the stuff that you're trying to hide.

In theory, it might even be possible to have the "Kitty Pictures.ZIP" file be an *actual* ZIP file. Or maybe it would be more practical with an ISO file: something that is properly formatted to burn an ISO, but one of the files on the ISO is actually the file used by TrueCrypt: it just uses a specific offset within the file to store data.

The beauty of this is that it is a 100% safe, normal, "OK" Windows computer. In order to find the "badness", the person will have to find the file that you're using the hide the "bad" data (the "Kitty Pictures.zip/iso"), analyze that one file and find that it contains encrypted data. Then they have to break the encryption!

TrueCrypt adds even more plausable deniability: the ability to have two (or more) layers of encryption. The first layer is designed to contain "kinda sensitive" data (say your diary). The second (or deeper) layer contains your "real sensitive" data. That way, you can be "forced" to give up your encryption key for the only kinda sensitive data, not your *most* sensitive data.

The biggest problem that I can see is that the presence of things like TrueCrypt on the computer make it more obvious that you're trying to hide things. I don't know how to hide the very existence of TrueCrypt. But as for hiding the other things, there are ways.

It's not perfect, but even a more than casual glance is going to have a hard time finding anything...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds