Pages:
Author

Topic: Bitcoin-ready linux distro (Read 796 times)

sr. member
Activity: 281
Merit: 408
May 22, 2023, 10:49:40 PM
#66
To edit the header, you could use any graphical hex editor (you need to find one which doesn't load entire /dev/sdX though).

right, it's vital to know accurately which byte the header ends so that you know which byte the encrypted volume begins. using a graphical hex editor could work, e.g. perhaps there is a byte sequence at the end of the header that's always the same.

if not, knowing exactly the length of a key slot, exactly how many key slots your header has, and the exact length of the data before them is very important.



an extra trick I thought of: I expect that the header for a disk partition is smaller than a basic disk encryption header. Instead of replacing the encryption header entirely with random data, why not:

  • find out the size of a partition header
  • subtract it from the size of your encryption header
  • overwrite the start of the disk encryption header with a partition
  • fill the remaining space with random data (only as far as the last byte of the encryption header! use the number you found in step 2)

then, instead of having a "suspicious" random data disk, you have a disk that an OS filesystem window would recognize when you plug it in. Sure the rest of the data is your encrypted volume, but it "looks" otherwise like a normal disk that's got nothing on it.

you: "really? nothing on it? damn, must've taken the wrong disk with me, my bad"

or

you: "yeah, that's my disk to put the holiday photos on, would you like to see my photos of the church organs of Europe?"

Cheesy that sort of thing

Someone with forensic tools would just be able to see a relevant chunk of random data irrespective of how your headers look. Sure having a reasonable looking header increases your chances of plausible deniability but I don't see how tricks anyone that has been instructed in this field. Also playing around with the header is quite dangerous if you screw up in the process. Id rather never put myself on a situation where someone gets to my encrypted data to begin with. So far I have concluded that you just cannot cross any borders with encrypted stuff.
legendary
Activity: 3430
Merit: 3068
February 05, 2023, 03:04:11 PM
#65
To edit the header, you could use any graphical hex editor (you need to find one which doesn't load entire /dev/sdX though).

right, it's vital to know accurately which byte the header ends so that you know which byte the encrypted volume begins. using a graphical hex editor could work, e.g. perhaps there is a byte sequence at the end of the header that's always the same.

if not, knowing exactly the length of a key slot, exactly how many key slots your header has, and the exact length of the data before them is very important.



an extra trick I thought of: I expect that the header for a disk partition is smaller than a basic disk encryption header. Instead of replacing the encryption header entirely with random data, why not:

  • find out the size of a partition header
  • subtract it from the size of your encryption header
  • overwrite the start of the disk encryption header with a partition
  • fill the remaining space with random data (only as far as the last byte of the encryption header! use the number you found in step 2)

then, instead of having a "suspicious" random data disk, you have a disk that an OS filesystem window would recognize when you plug it in. Sure the rest of the data is your encrypted volume, but it "looks" otherwise like a normal disk that's got nothing on it.

you: "really? nothing on it? damn, must've taken the wrong disk with me, my bad"

or

you: "yeah, that's my disk to put the holiday photos on, would you like to see my photos of the church organs of Europe?"

Cheesy that sort of thing
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
February 05, 2023, 02:26:26 PM
#64
You can add encrypted files inside your encrypted file system Smiley
But then you lose your explanation.

"Why has this data, which you told me was nothing but random data from a secure wipe process, changed?"
In that case, I'll take another approach: "what's random data?"
Seriously, I don't think anyone is ever going to ask me that, it's far above the investigation skills of the guy checking your suitcase for explosives.

Quote
I have no idea!"
Exactly Smiley
legendary
Activity: 2268
Merit: 18492
February 05, 2023, 09:11:54 AM
#63
You can add encrypted files inside your encrypted file system Smiley
But then you lose your explanation.

"Why has this data, which you told me was nothing but random data from a secure wipe process, changed?"
"Oh, that's just because of my encrypted files inside my encrypted file system, which is disguised within this supposedly random data. Sorry, what I meant was, I have no idea!"

It's even easier if you use a dual boot and use the second to overwrite the first.
Personally, I would have my entirely encrypted drive appearing as nothing but random data, and a laptop with nothing sensitive on it. When I get to my destination, use Tor to download Tails and run it from a USB as a live OS, and then use that to mount and decrypt my drive. This avoids the risk of my regular OS storing any unencrypted information about my drive.
legendary
Activity: 3430
Merit: 3068
February 04, 2023, 05:45:32 PM
#62
what do you use for encryption?

luks

Could you do this with a GUI?

I don't think so

it's easy (Cheesy) to do with linux dd command, just practice it with a disk you don't care about.

It's also easy to screw it up and write the random data to your main PC disk, so maybe use a VM on an old USB disk as your practice...

workflow:
  • md5sum on the first x bytes of the encrypted disk, save that hash somewhere (using linux tail lets you feed the exact number of bytes to md5sum, do it with the pipe character)
  • dd using x bytes as the offset to backup the header
  • md5sum the file with the backed up header, compare to saved hash
  • dd i=/dev/random to the encrypted disk device with that x offset as the value for where to end

the variable x will be the size of the LUKS header, I don't know what it is off the top of my head, but either LUKS utilities or the LUKS manpage (probably man cryptsetup) will also tell you

so long as you get the right number for x, and the right device for the disk, you'll be alright. possibly LUKS header is variable length (I expect it is as it's possible to add multiple keys or something like that), but that's why practicing is a good idea
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
February 04, 2023, 01:09:12 PM
#61
what about places like China? they may think you are just trying to do plausible deniability.
If I ever go there, I'll leave all electronics at home.
sr. member
Activity: 281
Merit: 408
February 04, 2023, 12:58:03 PM
#60
it's all very easy


without the header, there's no way to prove that a disk is encrypted

so:
  • encrypt disk
  • copy header
  • fill the header up (on encrypted disk) with random data

Oompah-loompa - "why doesn't it switch on?"
you - "broken"
Oompah-loompa - "why did you bring a broken phone?"
you - "it broke on the way here"
Oompah-loompa - "why didn't you fix it?"
you - "if I knew what was wrong with it, I would already have fixed it"


...then just copy the header back again when you want to use the disk



This is an interesting option, what do you use for encryption? Could you do this with a GUI? I know about dm-crypt and luks, but Veracrypt has the best and easy to use GUI, which means there's less chance to screw up in the process.

Also, not sure if that would work in certain places. Perhaps in the west, but what about places like China? they may think you are just trying to do plausible deniability. It's one of those things.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
February 04, 2023, 10:18:53 AM
#59
If the entire disk is encrypted to appear as nothing more than random data, then there is no file system at all.
You can add encrypted files inside your encrypted file system Smiley

Quote
A more plausible explanation would be that I am traveling for work, I will use this hard drive when I arrive to install Linux and then work on trade secrets/confidential information/whatever, and I will securely wipe it again before I travel home.
It's even easier if you use a dual boot and use the second to overwrite the first. I do that for my Fork claiming adventures:
Code:
# cat sda1.iso.gz | gunzip > /dev/sda1; sync; halt
In a few minutes, all trade secrets (or in my case: untrusted wallets) are gone and I have a fresh installation again.
legendary
Activity: 2268
Merit: 18492
February 04, 2023, 07:22:17 AM
#58
That's easy: something else wrote to that random data sector. Sorry TSA guy, I didn't expect you really wanted to know I keep my naked pictures in StegFS (unfortunately development ended a long time ago).
That steganographic file system depends on there being an actual file system. If the entire disk is encrypted to appear as nothing more than random data, then there is no file system at all.

A more plausible explanation would be that I am traveling for work, I will use this hard drive when I arrive to install Linux and then work on trade secrets/confidential information/whatever, and I will securely wipe it again before I travel home.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
February 04, 2023, 06:10:12 AM
#57
It's probably the most likely way for a TSA agent or similar to bust you, if we are assuming you are being specifically targeted for a search. They examine your encrypted drive, you state that it is just random data, but while you are doing that they make an image of it. When you return from your vacation a few weeks later, they do the same thing and compare the two images. It's a highly unlikely scenario, but it would be the most common way for someone to detect the presence of a hidden volume.
That's easy: something else wrote to that random data sector. Sorry TSA guy, I didn't expect you really wanted to know I keep my naked pictures in StegFS (unfortunately development ended a long time ago).
Steganographic file systems allow the user plausible deniability of files within. It achieves this by becoming a lossy file system: writing a file to the file system may overwrite an existing file without warning.
legendary
Activity: 2268
Merit: 18492
February 04, 2023, 05:49:14 AM
#56
How "common" is that, really?
It's probably the most likely way for a TSA agent or similar to bust you, if we are assuming you are being specifically targeted for a search. They examine your encrypted drive, you state that it is just random data, but while you are doing that they make an image of it. When you return from your vacation a few weeks later, they do the same thing and compare the two images. It's a highly unlikely scenario, but it would be the most common way for someone to detect the presence of a hidden volume.

Alternative detection methods, such as determining the blocks of "random" data which actually contain your hidden volume have been read more times than other blocks of actually random data, are far more niche and require equipment the TSA does not possess. At this stage you are now looking at being targeted by much higher up three letter agencies, at which point you will have much bigger issues when trying to cross a border than taking some bitcoin across it.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
February 04, 2023, 05:39:48 AM
#55
A common one would be if you change the data inside the hidden volume, and someone is able to compare an image of your drive before and after you did this.
How "common" is that, really? It's a theoretical possibility, but I'm sure I'm not interesting enough for anyone to go through such lengths. It would be much easier to install a camera in the lamp above me, and record all keys I press. This made me inspect the lamp: I think I'm still good.
legendary
Activity: 2268
Merit: 18492
February 04, 2023, 05:28:40 AM
#54
I heard there are ways to prove the hidden volume exists, although VeraCrypt appears to have evolved since the last info I'm aware of
There are methods, but they can all be mitigated against: https://veracrypt.eu/en/Security%20Requirements%20for%20Hidden%20Volumes.html

A common one would be if you change the data inside the hidden volume, and someone is able to compare an image of your drive before and after you did this. What reason would you have for writing over already random data with different random data? Perhaps you could say you used the drive in the meantime and then securely wiped it again?

this to me sounds more reliable.
You are also less likely to leak data to the unencrypted parts of the drive if the entire drive is encrypted rather than just a file.
legendary
Activity: 3388
Merit: 6072
Crypto Swap Exchange
February 03, 2023, 01:19:36 PM
#53
If you are worried about crossing borders / going through security with BTC on your laptop or leaving it unattended someplace there are still a bunch of laptops with easily removable drives.

With the rugged ones from Dell and Panasonic and others you pop down a panel, push a tab and the drive and caddy come out. You can always get a 2nd one that you have a small drive in so the unit will work and boot with no issues.

-Dave
legendary
Activity: 3430
Merit: 3068
February 03, 2023, 11:09:29 AM
#52
You can even use this method to create entirely hidden operating systems.

I heard there are ways to prove the hidden volume exists, although VeraCrypt appears to have evolved since the last info I'm aware of

Or alternatively encrypt the entire disk like this so that the whole disk is indistinguishable from random data, and you can state that you simply securely erased everything on the disk by writing random data to it.

this to me sounds more reliable.

best thing is to explain it simply:

Oompah loompa: "what's on this disk?"
you: "nothing"

if you say "it's completely random data officer, which is completely indistinguishable from any other random data Cheesy", despite that being true, you're still gonna get looked at through narrowed eyes
legendary
Activity: 2268
Merit: 18492
February 02, 2023, 05:19:20 PM
#51
ah, what's the name for that method then? sounds too good to be true, clearly there's been developments in this area that I didn't follow
I'm not sure if it has a name, but VeraCrypt does it. A VeraCrypt encrypted file or volume has no unencrypted parts, and is indistinguishable from random data. See below:

I didn't test this myself, but I can bet they would much easier find your hidden volumes on laptop you are using, than hidden profile in pixel phone with GrapheneOS that have secure space.
The whole point of a hidden volume is that it cannot be found and is completely indistinguishable from random data, even if you are coerced in to decrypting the outer volume.
legendary
Activity: 2128
Merit: 6871
February 02, 2023, 05:08:53 PM
#50
But the encrypted data is not hidden. Sure, the user profile is encrypted, and maybe you can even hide the profile from various menus on the OS, but I doubt very much the entire volume is hidden when the phone's storage is directly examined. The header and the rest of the necessary data to decrypt and log in to that profile will still be there. And so you can be coerced in to decrypting it.
I didn't test this myself, but I can bet they would much easier find your hidden volumes on laptop you are using, than hidden profile in pixel phone with GrapheneOS that have secure space.
They could also coerce you to give them access to your hidden volumes, or anything else they are looking for.
I am also not against people using Linux and doing whatever they want with it.

You need to buy the full version if you want hidden volume support, and the full version is not open source.
I just gave you one example, and I didn't use this app, but I am sure there are other options available.
legendary
Activity: 3430
Merit: 3068
February 02, 2023, 02:01:59 PM
#49
There are methods of encrypting data so the header itself is indistinguishable from random data. Then you don't need to copy or overwrite anything, which adds complexity and risk.

ah, what's the name for that method then? sounds too good to be true, clearly there's been developments in this area that I didn't follow


(this part of) the thread ended already if o_e_l_e_o's link checks out... and airport security searching "encrypted" disks also ended Cheesy
hero member
Activity: 742
Merit: 448
February 02, 2023, 12:53:15 PM
#48
But compared with most OS, Tails is probably one of best OS for privacy. It's open source, has been around for >10 years, trusted by various group and actively used by people who really need privacy/security.

Thanks for this info. I seriously have no idea about this distr until now. I will defiantly have a look into it. Till now my only focus was on my Ubuntu distribution.

But on device with disk encryption, you usually need to decrypt it before you can login to OS user account.

Yes thats very much correct. My point is that if you are traveling or in condition where your laptop gets away from you then you must have some security mechanism in place that restricts anyway to see your data. Although I think placing a password on your laptop is good enough but still if you wanna add extra layer of security then you can choose such options.
legendary
Activity: 1526
Merit: 6442
bitcoincleanup.com / bitmixlist.org
February 02, 2023, 08:46:42 AM
#47
Is there such a thing being developed and kept updated? What I mean is a distro that comes with preinstalled software that you would need for any Bitcoin related business

yes

but don't do it. It's much too tempting for some employee(s) to abuse the situation and ship something that steals BTC or other data.

just get a standard distribution and figure it out, anything else is going back to "be my bank", not "be your own bank"

Exactly. Just download Debian, which is a very lean distro, verify the checksums and install it, and then put Bitcoin Core, Electrum, and other bitcoin programs on it.

It takes way too much manpower to keep a distro updated and considering the number of security bugs that are fixed each month, it just isn't worth the effort if maintained by only 2 or 3 people.
Pages:
Jump to: