Silk Road forums
Discussion => Security => Topic started by: redback on October 11, 2012, 09:03 am
-
First, this is up for discussion as I am far from a security or LE expert.
ok, so we have a new laptop, this is what I would do
install linux distro of your choice, mine is debian
set up encrypted lvm but don't use the whole disk, leave a few gigs at the end of the disk free.
this first bit of lvm encryption is just to stop people snooping if your laptop gets lost, the LE will see
your encryption and ask for the key. what happens next depends on which country you're in.
ie we aren't relying on it.
after logging in add
HISTCONTROL=ignoreboth
to /etc/profile, then log out and log back in
this does two things but the thing we are interested in is it doesn't log commands to history if they start with a space. so every command you don't want logged will look like (eg) " ps aux"
check it's working but running " blah" which will say command not found, then hit the up arrow, blah shouldn't appear.
check out " fdisk /dev/sda" or whatever you should have some unallocated space at the end of the disk.
create a partition using the unallocated space. this is a bit trippy, but you can and will delete the partition after every time you exit the hidden vm we are about to make. deleting the partition doesn't delete data on the partition. if you create the partition exactly the same every time, your data will be in tact.
so now run " cryptsetup create temp /dev/sda5" (where sda5 is the new partition you just created).
just to test things are working as they should be,
" mkfs,ext4 /dev/mapper/temp"
" mount /dev/mapper/temp /mnt"
" echo blah > /mnt/test"
" umount /mnt"
" cryptsetup remove temp"
" fdisk /dev/sda"
delete /dev/sda5 (or whatever)
reboot
log in
" fdisk /dev/sda"
create sda5
" cryptsetup create temp /dev/sda5"
" mount /dev/mapper/temp /mnt"
" cat /mnt/test"
and it should say blah.
I guess the next step is to install the vm, but this will do for now, the trick is to be vigilant, always use a space before commands you don't want logged and always shutdown the vm and remove the cryptsetup map and delete the partition when it's not in use.
if you accidentally log a command, run " history -c"
any thoughts?
-
I was just thinking of the dangers of running a vm rather than dual boot, for one, with a vm it might be possible to install a key logger in the host os and log vm key strokes. and then I thought about wireless keyboards. don't use them, they can be sniffed.
-
I was just thinking of the dangers of running a vm rather than dual boot, for one, with a vm it might be possible to install a key logger in the host os and log vm key strokes. and then I thought about wireless keyboards. don't use them, they can be sniffed.
We'##d like to correct you here :)
#
There are wireless keyboards available with AES128 & 256 encryption.
thx to the OP for the tricks !
-
Is it possible to put this all in a script which is hidden somewhere else through stegano?
Assume we want to stay clear of any human error to recreate the "hidden" partition and delete all possible logs?
One for start & one for end of session?
And this partition is not visivle to any forensic investiagtors?
Of course the VM is also encrypted in itself :)
But that would be a cool way probably !
-
i don't know of any stenography script thingy me bob, would be cool I guess, but it takes about 30 seconds once you've typed it in a few times, and there's no fingerprint assuming you use a space every time. creating the partition is dead simple using fdisk, i think it's c then p or l for primary or logical, then probably a number, then enter twice, it will default to the first free block and the last, you don't need to type the blocks in, then w and q.
seems there are still some fingerprints left behind by starting and stopping the vm in dmesg, I think syslog is OK.
there are for me, anyway, using kvm with nat networking, bridging would be the same.
running " dmesg -C" would be a good idea as the last step, then I guess " clear". On the plus side it doesn't get written to disk.
I'm thinking now dual boot if you really need to hide, apparently there is a way to have two passwords, one for a dummy boot you give the LE, and one for your hidden boot. but how that works I haven't read. I couldn't be bothered with that, anyway.