Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Deniable encryption with Hidden Volume
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
x64l
n00b
n00b


Joined: 04 Nov 2024
Posts: 3

PostPosted: Sat Nov 09, 2024 8:31 pm    Post subject: Deniable encryption with Hidden Volume Reply with quote

Hello there everyone! This isn't a particularly Gentoo question and if such questions aren't tolerated here then I apologize.

First of all, I'm not asking this to break the law, encryption has lots of legal protection where I live, I'm just intrigued by the concept and want to experiment.

I read online that VeraCrypt, a disk/file encryption utility made primarily for Windows, has a neat feature called hidden volumes. Essentially you get one big "decoy" partition that you encrypt but one that has no important data on it, and inside of this decoy partition you create another hidden partition, that nobody can even tell it's there without its decryption key. The hidden volume has a footer at the end of the partition, rather than a header, containing some metadata, and from what I gather there's some mechanism in place to make sure that the decoy partition overwrites the hidden partition's data only as a last resort.

I am aware that VeraCrypt supports Linux too, but I'd prefer to use the "minimal standard" Linux utilities, i.e. cryptsetup and lvm. Is there any way to achieve this or something similar with them? The idea is that the hidden partition should be completely and utterly invisible, indistinguishable, that there truly wouldn't be any way to distinguish it from some random data on the hard drive.

Of course Cryptsetup with its "plain" encryption mode would have to be employed, but how would the partitions be arranged?

Obviously having a small Windows partition and the rest of the disk unallocated and filled with "random" data will be called out by anyone with an itty bit of computer knowledge and common sense.

Having a big massive file to hide the hidden OS in isn't very bright either.

I thought about installing Windows 10 on a FAT32 partition, to try and delay the overwriting of the hidden partition, and using cryptsetup's plain mode with the offset flag, but having Windows 10 set up in a FAT32 partition would certainly raise some eyebrows (and having an NTFS installation would probably overwrite the hidden partition right away).

Another way I can think of is to get the decoy OS to only use a part of its root partition, i.e. set some flag in an Ubuntu installation that'd force the OS to only use the first half of its root partition, and nothing more, so that, say, a full 1TB partition would be displayed but only half of it could ever be used. This could also be noticed by someone knowledgeable, but I think it could be swept under the rug far more easily. Sadly, though, I read that Windows doesn't have anything even remotely close to that with its NTFS, and being a veteran Linux/BSD user I've never heard about anything like that either.

Might anyone else have any other idea?
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3477

PostPosted: Sat Nov 09, 2024 9:30 pm    Post subject: Reply with quote

A separate HDD, fully encrypted, without header. It would look like it was shredded.
Hiding an encrypted container within empty space might be more tricky. Haven't tried that, but I suppose if I were to find a hidden volume snuk into empty space of an encrypted partition I can decrypt, I think I could do that by looking at the entropy variation within encrypted partition and running a data recovery tool against it and its decrypted image.
Basically, I'd expect a partially used disk without anything hidden to have identifiable bits of previously deleted files all over the place, or a lot of consecutive 1s or 0s at _some_ layer. If this turns into pure chaos at some point, it's probably the hidden container.

This said, someone determined enough to analyze your disk like that would probably just hit you with the wrench attack instead.
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
x64l
n00b
n00b


Joined: 04 Nov 2024
Posts: 3

PostPosted: Sat Nov 09, 2024 9:39 pm    Post subject: Reply with quote

szatox wrote:
A separate HDD, fully encrypted, without header. It would look like it was shredded.
Hiding an encrypted container within empty space might be more tricky. Haven't tried that, but I suppose if I were to find a hidden volume snuk into empty space of an encrypted partition I can decrypt, I think I could do that by looking at the entropy variation within encrypted partition and running a data recovery tool against it and its decrypted image.
Basically, I'd expect a partially used disk without anything hidden to have identifiable bits of previously deleted files all over the place, or a lot of consecutive 1s or 0s at _some_ layer. If this turns into pure chaos at some point, it's probably the hidden container.

This said, someone determined enough to analyze your disk like that would probably just hit you with the wrench attack instead.


Well a fully encrypted headless SSD is what I have right now, only that it's the only storage device connected to my computer.
I do agree on wrench attack point, and certainly the way to avoid that sort of thing is not to be involved with that kind of people or partake in any shady activity.

The sort of target audience I had in mind are border checkpoints for countries with boomer technologically illiterate governance that have the officers ask you to decrypt your computer so they can put some shady proprietary software to scan your hard drive for any sort of illegal or malicious material.

I also heard that in countries like the UK and Germany, a mere suspicion by the police towards you gives them the right to order you to decrypt your computer, and have you face indefinite jail time if you don't cooperate.

Now, I don't live in any of these countries nor do I even plan on visiting them, but it's still a thought provoking exercise that I'd like to solve. To satisfy my own curiosity.
Back to top
View user's profile Send private message
zen_desu
n00b
n00b


Joined: 25 Oct 2024
Posts: 56

PostPosted: Sun Nov 10, 2024 12:45 am    Post subject: Reply with quote

It seems it can only be used with the "plain" and "loopaes" types, but maybe you could use --offset with cryptsetup?
_________________
µgRD dev
Wiki writer
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum