I would like to quote these two statements:
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS#Two_things_to_remember
Thanks for your help, but:
It does not protect more the user while he uses it nor from
potential "after-use" trails.
So? Was I supposed to release a complete secure solution right now? :P
Either you lose the livecd
along with your identity (or data that leads to your identity) and
you get caught or while using the software you get caught (like
your TOR connections have been detected). The only purpose and
advantage encryption would have is to
obfuscate some passwords like in the firefox example you gave.
The idea is that with this livecd you're on the move, boot the cd, use
tor and go away asap once finished. Make sure all your sensible data
is sent in a package just before leaving. If you lose it or someone
looks at it, it won't suspect much.
The real solution to your problem would be to use a steganographic
layer ( http://en.wikipedia.org/wiki/Steganography[1] ) .
It's not like I didn't remembered steganography, read below.
You will not find much (I mean actual real software) besides some
linux-2.2 tweak over ext2 "proof-of-concept" (10years old
not stable unreliable)
False? Look for TrueCrypt.
I think that encryption has nothing to do with hiding. In the
contrary, it is like a big flag standing saying "hey look at
me I got something to hide, come and get me!". It is just
obfuscating technology.
Using the crypt_silent option how likely are you of being catched?
Just put some binaries of emacs and so on on the root, and demonstrate
in the fake root that's what is for. It is a good hiding technique I
think, but not perfect.
The thing is, given the low probability of being catched, either by
having the squashfs with Steganography or not, some large file would
be there, and if they're good enough to realize it is a bootable
livecd and it is forcing a fake boot, then they're good enough to see
a big closed file is there.
Unless one did multiple hidden volumes inside this one, or just hide
some files inside the root. But we're back to less usability and we're
being forced to use truecrypt (I don't see a currently free maintained
option).
If we accept the Truecrypt restrictions (haven't read everything, but
it's not gpl so I assume they're more restrictive :P), we could
implement these several layers of encryption and increase
functionality with some scripts hidden in a pen for example. But to
put any programs like firefox+torplugin+tor+privoxy in them, and
separate in small files, that's a lot of work. This implementation is
good enough for most cases. Also Luks is well maintained and GPL.
Now, from a legal point of view, being caught with an encrypted
material whether livecd or not in major countries
(UK,GER,FR,US,china) requires from you the decryption key
Fine for me, don't do anything illegal in free countries. As for the
China example, just do as on my second point and use the following
idea: encrypt with luks as it is, and for the more sensitive files you
can use stenography using stenography software in a separate volume
(like a usb pen). If they ask you for the key, give it to them and
show just some more innocent files you were hiding.
It's better then have the cd almost all open, again, because you may lose it.
Let me know if I'm wrong or if you have more ideas ;)
Cheers,
Nelson
--
[EMAIL PROTECTED] mailing list
