I've thinking about disk encryption with deniability; to be able to deny the encrypted data exists.
If the real system is not encrypted it will be difficult to hide encrypted data in freespace without having the system overwrite the freespace in normal operation.. I think the solution is to install a decoy system to the beginning of the drive, and boot an encrypted system which uses losetup offsets. The offsets will be in the free space of the decoy partition, starting a bit after the last used sector of the decoy system. If /tmp is mounted to tmpfs, the decoy should be able to boot without damaging the encrypted system. Making a bootdisk, or flash, for the encrypted system is a separate issue. Without any intervention, the system will boot the decoy. With the boot disk the encrypted system can be mounted. From the encrypted system the decoy system can also be mounted to copy decoy email and web cache to it, at regular intervals, so that the decoy looks like its being used; and the writes can be contained in the beginning of the disk. Aside from the bootdisk, the only thing suspicious from a raw-read would be that the freespace is full of randomized data. Hiding the keychain needs more imagination, like a modified knoppix iso (another decoy).. something with loop-aes drivers, and gpg, that isn't suspicious. robert -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
