Silk Road forums
Discussion => Security => Topic started by: RootZero on May 05, 2012, 01:15 pm
-
Thought I'd start a topic specifically on this as I find information on this difficult to find and very spread out across the web. I'm still a bit of a Linux and crypto noob but getting there.
In case you don't know what I mean see: http://en.wikipedia.org/wiki/Deniable_encryption
Its something sellers should be especially interested in to protect yourself and buyers should the law try to force you to reveal your passwords.
Liberte on USB is suggested on the pinned anonymity thread, but as far as I can see this doesn't offer plausible deniability?
I haven't managed to get there after experimentation with other software. The only current solution I can find is Truecrypt, but that only supports a hidden Windows OS and doesn't play nice with Linux dual boots.
Is there a simple guide to doing this somewhere I've missed?
-
Thought I'd start a topic specifically on this as I find information on this difficult to find and very spread out across the web. I'm still a bit of a Linux and crypto noob but getting there.
In case you don't know what I mean see: http://en.wikipedia.org/wiki/Deniable_encryption
Its something sellers should be especially interested in to protect yourself and buyers should the law try to force you to reveal your passwords.
Liberte on USB is suggested on the pinned anonymity thread, but as far as I can see this doesn't offer plausible deniability?
I haven't managed to get there after experimentation with other software. The only current solution I can find is Truecrypt, but that only supports a hidden Windows OS and doesn't play nice with Linux dual boots.
Is there a simple guide to doing this somewhere I've missed?
Well first off, it has been found that Liberte leaks DNS so I wouldn't recommend using it until that is patched. I would look into tails instead, for now at least. There was a case recently where a real estate agent was accused of scamming homeowners and encrypted her data files using truecrypt, she was told by the court and LE to decrypt those files and in the end she was not found guilty because she pleaded the fifth. Basically she said that she didn't remember her password and was protected by the fifth amendment because how can the court force you to reveal a password? They tried to compare it to a safe, so if LE were to break into your home/business and found a safe they would force you to open it and obviously if you didn't comply they would break into it to see what's inside, but how exactly could they do this with a password to a digital file? It's not like they can scan your mind to reveal the password.
You can read more about such cases here: http://www.techrepublic.com/blog/tech-manager/personal-data-encryption-it-and-the-fifth-amendment/7467
-
What deniable encryption is, is you have 2 volumes within the same file.
AFAIK linux on it's own doesn't do this, it just does drive/file encryption. You must use truecrypt for it's called "deniable plausibility".
Basically what you do is create say file myhidden with truecrypt. You make this a 1gb file. truecrypt can then make a hidden container inside this file of any size. let's just split it in half 500mb & 500mb. You also set 2 passwords. One for your fake volume, with fake docs & a completely different real password for the real volume with sensitive info.
If you type in password A, it opens your fake volume for the police, if you type in password B it opens your sensitive volume. The thing is though, that even if a drive is mounted in truecrypt, all the data is still in encrypted form on the actual PC until it's loaded into RAM, then it's decrypted OTF & reencrypted after use. Let's say you reveal your fake password to police & they open your fake volume. They can see you have a document called test.doc. Even though they can see this file, until they double click to open it, it's encrypted still, if they ran forensic software it would show encrypted data until the file is loaded in RAM. Why this is important is that even free space in a truecrypt volume is actually encrypted data until something overwrites it, then that data becomes reencrypted. They have no way to prove what is on the encrypted drive is free space or files. So if you give them your fake password there is no way to prove that other volume exists, then that way it doesn't matter if you give passwords.
+1 I would also recommend Tails until the DNS leak issue is fixed.
-
so liberte isnt safe to use?
-
so liberte isnt safe to use?
Not at this time.
-
I think the idea is that you don't need to plead the 5th amendment because you can give them the decoy password(s) and there is no proof the hidden os even exists.
It seems that truecrypt with a hidden windows system volume, using the tor browser bundle and good virus protection software is probably the best answer until something new is developed?
I have a working test setup on my system, and although its a lengthy and time consuming process once done it seems to work well. It's only cause I dislike windows that I'm looking for a different solution.
I like the idea of Liberte and using a usb stick is appealing, but system dirve encryption would be my preferred option.
I've heard of tails, but not looked into that, thanks.
-
It is possible to get deniable FDE with linux, Truecrypt style, but it is not an easy task.
Poor mans deniable encryption: encrypt the entire drive, put the bootloader on a USB, now if they ask for password say that no password decrypts the drive and it isn't actually encrypted you just wiped it with random data. They shouldn't be able to tell a fully encrypted disk apart from one that was just wiped with a PRNG stream. If they ask why you have a bootloader on a USB stick just tell them you used to boot off of it but you have recently wiped the drive and have not yet installed a new OS :P.
-
It probably isn't a good idea anywhere, but they can't make you give up keys for a drive wiped with a PRNG stream. Well, you could give them a fake password and just say that of course it doesn't decrypt because it is just a wiped drive. Hey I didn't call it poor mans deniable encryption for no reason ;).
-
Tails is still in its beta stages, so I wouldn't 100% trust it. Looks like it does a very similar job to Liberte. I don't see an option for plausible deniablity, but there's a lot of useful information on their website. Especially their explanations of the problems with tor itself.
Liberte seems well developed, don't really understand enough to say how safe it is. Perhaps the experts can elaborate on its problems?
I'm wondering if dm-crypt is the answer, but it seems out of my league of understanding at the moment.
Can someone elaborate on the safety of the different options? My head is full to bursting now! ::)
-
I have my Linux box set up like kmfkewm describes.
During installation, I shred(1)ed my /dev/sda, then cryptsetup create x /dev/sda, then set up LVM on the 'x' crypto container. Then I installed like normal, except that my /boot is on a USB stick.
When I boot, I have to put in my stick and add a 'break' option to the grub line. This causes me to get dropped to a shell before anything has been mounted. I cryptsetup create x /dev/sda, then lvm vgchange -ay. Then I ctrl-D out of that shell, and my box boots normally.
When I do upgrades, I have to make sure the USB stick is mounted as /boot if anything will be written there.
So, it's a little weird, but the end result is that my drive looks shredded. There are no headers of any kind like there would be if I had used LUKS, etc.
-
always have to adapt with LE as they don't play by rules.........just imagine your enemy is a remorseless evil rodent that always tries to steal your chedder cheese when you hit a large score......
What I have developed is something that is fool proof from torture, the only down side is pinhole cameras but that is everyones password downside....and for the super paranoid what is the best way to spy on everyone where they won't bother with the red dot flashing at them? Require fire dectectors everywhere that hook up to something somewhere........will separate out into different posts for simplicity so you can copy and paste the instructions into a text file.......
-
In the UK for legal reasons you need to use the hidden OS, but for things that are real life or death this is the proper method........take a sheet of paper different ones also if you wish as this idea is still advancing........write out random lines of random characters while looking at your keyboard......the more lines the more better encryption try to use as many random characters as is on your keyboard and mix up your lines double backing a little.............if you want to use sheets it might be nice too too difficult to remember and long enough to provide a good encryption............if you wish just use one sheet because if they can enter your home and copy your sheet they can certainly also place a pinhole camera..........other defenses should be done first like dogs.............before encryption.......or other such things........if you choose too a idea would be to have part of your encryption encrypted within your random characters on one sheet that stays there and the other you take with you everywhere but it might be attention drawing especially with all the full cavity seaches these days and carries its own risks if detected as it will bring unwanted attention but so does random searches.............you can make up anything you wish really.....maybe it inside a good locked safe too..........advance it.........download PGP off utorrent.........so leo doesn't know you have military encryption 2000byte trycrupt is 256byte,,,,,,but Iran just decrypted us military intel encryption highest level or so they say maybe just a ploy.........who knows but it is about which level is after you.....this is to stay away from local leo and maybe some higher up LE, but certainly not everyone if your wanted you will be taken no matter what............just keep adapting and learning......
-
just destroy or rip up ur sheet if you feel threatened and start over
-
Also always use a key hole so they say......a small random thing that is easy to remember but is at the start and end that is not written down....not something like 420 either something random but I guess it could be 420 if you end or start with something different
-
The Feds don't trust LE either remember they don't want regular people getting their best technology the local LE is just the "DUMB ARM" of the legal system........doing the grunt work....that no one in their right mind would waste time with.........with the feds usually go for "conpiracy" charges and such as it takes a lot of time and they get a lot of paychecks doing nothing......
-
"I think some are misunderstanding the possible outcomes and scenarios.....It really isn't implausible that the government would really sell drugs to people as they don't care and they own a shit load of them and they want money.......but what "money" would they rather discredit the most and get rid of? You have to think of it, this way there has to be some established something, someone who is legit who can make the drug aside from distribution..........local LE routinely skims money off the top of most drug markets in the USA..............just sayin.......you really think they burn all those drugs? or just show burn them? if its good enough I am sure they keep it...... "
They want to paint bitcoin as a criminal currency so they can treat anyone who uses it as such.......from the time you transfer money to how you "cash" out////
-
Back on topic, I still haven't found any solution that claims plausible deniability with relative simplicity other than hidden windows with truecrypt. Hopefully they will fully support Linux in future.
I like Linux but using the terminal and configuring its various oddities are still very confusing to me. It's an added pain that I would rather avoid.
I think for now I'll stick with my current truecrypt, hidden win 7, tor browser bundle. I did manage to get the latest Ubuntu installed along side this setup eventually, but not quite 100% successfully, I think due to my choice of partitions.
I'll use my hidden volume for SR and Ubuntu for everything else except when I need windows for non-sensitive activities.
Are there any extra precautions I could take with my winodws & tor browser bundle setup? I've used SMAC to change its mac address and given it a benign name so my router doesn't hold anything I couldn't deny.
-
I think Liberte can offer this but Maxim doesn't believe in the idea very much.
https://forum.dee.su/#Topic/65650000000017023
-
I may have a go at trying it with liberte, if I do successfully, will post. Need to have a read through the forums there.
I think its more of an issue in the EU where I believe there are test cases where people were prosecuted for not revealing a password for an encrypted volume. I understand the argument that under torture or duress you might end up revealing the password, but that's less of an issue in the EU than some countries.
-
Thought I'd start a topic specifically on this as I find information on this difficult to find and very spread out across the web. I'm still a bit of a Linux and crypto noob but getting there.
In case you don't know what I mean see: http://en.wikipedia.org/wiki/Deniable_encryption
Its something sellers should be especially interested in to protect yourself and buyers should the law try to force you to reveal your passwords.
Liberte on USB is suggested on the pinned anonymity thread, but as far as I can see this doesn't offer plausible deniability?
I haven't managed to get there after experimentation with other software. The only current solution I can find is Truecrypt, but that only supports a hidden Windows OS and doesn't play nice with Linux dual boots.
Is there a simple guide to doing this somewhere I've missed?
Well first off, it has been found that Liberte leaks DNS so I wouldn't recommend using it until that is patched. I would look into tails instead, for now at least. There was a case recently where a real estate agent was accused of scamming homeowners and encrypted her data files using truecrypt, she was told by the court and LE to decrypt those files and in the end she was not found guilty because she pleaded the fifth. Basically she said that she didn't remember her password and was protected by the fifth amendment because how can the court force you to reveal a password? They tried to compare it to a safe, so if LE were to break into your home/business and found a safe they would force you to open it and obviously if you didn't comply they would break into it to see what's inside, but how exactly could they do this with a password to a digital file? It's not like they can scan your mind to reveal the password.
You can read more about such cases here: http://www.techrepublic.com/blog/tech-manager/personal-data-encryption-it-and-the-fifth-amendment/7467
so liberte isnt safe to use?
Not at this time.
You guys have any links or sources regarding this? I haven't heard anything about Liberte itself leaking DNS requests, only applications within it, such as Midori... but when configured through Privoxy (the way Liberte does) this is not an issue. I'd like to read more.
See:
https://trac.torproject.org/projects/tor/wiki/doc/Preventing_Tor_DNS_Leaks
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
http://securitystreetknowledge.com/?p=283
I have my Linux box set up like kmfkewm describes.
During installation, I shred(1)ed my /dev/sda, then cryptsetup create x /dev/sda, then set up LVM on the 'x' crypto container. Then I installed like normal, except that my /boot is on a USB stick.
When I boot, I have to put in my stick and add a 'break' option to the grub line. This causes me to get dropped to a shell before anything has been mounted. I cryptsetup create x /dev/sda, then lvm vgchange -ay. Then I ctrl-D out of that shell, and my box boots normally.
When I do upgrades, I have to make sure the USB stick is mounted as /boot if anything will be written there.
So, it's a little weird, but the end result is that my drive looks shredded. There are no headers of any kind like there would be if I had used LUKS, etc.
I assume there's a thread around here describing this configuration in more detail. Can you point me to it? I'm always interested in improving security, and this sounds interesting. kmfkewm has probably taught me more about this shit on these forums than I've learned all other places combined...
-
Back on topic, I still haven't found any solution that claims plausible deniability with relative simplicity other than hidden windows with truecrypt. Hopefully they will fully support Linux in future.
I like Linux but using the terminal and configuring its various oddities are still very confusing to me. It's an added pain that I would rather avoid.
I think for now I'll stick with my current truecrypt, hidden win 7, tor browser bundle. I did manage to get the latest Ubuntu installed along side this setup eventually, but not quite 100% successfully, I think due to my choice of partitions.
I'll use my hidden volume for SR and Ubuntu for everything else except when I need windows for non-sensitive activities.
Are there any extra precautions I could take with my winodws & tor browser bundle setup? I've used SMAC to change its mac address and given it a benign name so my router doesn't hold anything I couldn't deny.
I find that Linux has an initially very steep learning curve that gradually reduces over a very long period of time, although some distros are certainly much harder to use than others. Even after using it exclusively for several years I find that I am realistically fairly intermediate with it, but that is partially because some of the people who have been using it for two decades reach an amazing level of expertise and specialization, especially the ones who know how to actually edit / create parts of the C or assembly code that makes their distro. Linux and BSD have a lot of advantages. Pretty much the only areas they are lacking in are gaming and ease of configuration/maintenance, but virtualization and emulation abilities are constantly improving and there are distros that put a lot of emphasis on being easy to use.
-
I agree, first took the plunge about a year ago. Coming from windows it's very steep, but feel like I'm making a few breakthroughs recently.
I really like what Ubuntu have done, would encourage everyone to try it over windows. It's only when you want to do something slightly unusual that it can become complicated very quickly!
If there are any other links on this sort of thing I'd be interested to read. Plausible deniability seems a bit sensitive to discuss on the real web, so people seem to shy away from going into detail. It would be good to see some sort of more technical guide for the more security paranoid person to try.
-
Tails supports the use of Truecrypt, and any Truecrypt volume created in Windows can be opened in Tails. It's a bare bones Linux distro, kind of a pain in the ass to use, but it's simple enough to get you to SR, the SR Forums, and other .onion sites. You can now store a Truecrypt volume in the persistent partition of Tails, so once you decrypt the partition and then decrypt the Truecrypt volume you're all set.
If you are forced to give a password you can just provide the password to the outer Truecrypt volume, and the contents of the hidden volume are safe. When Tails shuts down it wipes the memory and erases any data on the Tails partition that wasn't there at startup. If there are any cases of forensics professionals being able to recover data from a Tails USB drive after shutdown I'd like to read about them.
-
Thought I'd start a topic specifically on this as I find information on this difficult to find and very spread out across the web. I'm still a bit of a Linux and crypto noob but getting there.
In case you don't know what I mean see: http://en.wikipedia.org/wiki/Deniable_encryption
Its something sellers should be especially interested in to protect yourself and buyers should the law try to force you to reveal your passwords.
Liberte on USB is suggested on the pinned anonymity thread, but as far as I can see this doesn't offer plausible deniability?
I haven't managed to get there after experimentation with other software. The only current solution I can find is Truecrypt, but that only supports a hidden Windows OS and doesn't play nice with Linux dual boots.
Is there a simple guide to doing this somewhere I've missed?
Well first off, it has been found that Liberte leaks DNS so I wouldn't recommend using it until that is patched. I would look into tails instead, for now at least. There was a case recently where a real estate agent was accused of scamming homeowners and encrypted her data files using truecrypt, she was told by the court and LE to decrypt those files and in the end she was not found guilty because she pleaded the fifth. Basically she said that she didn't remember her password and was protected by the fifth amendment because how can the court force you to reveal a password? They tried to compare it to a safe, so if LE were to break into your home/business and found a safe they would force you to open it and obviously if you didn't comply they would break into it to see what's inside, but how exactly could they do this with a password to a digital file? It's not like they can scan your mind to reveal the password.
You can read more about such cases here: http://www.techrepublic.com/blog/tech-manager/personal-data-encryption-it-and-the-fifth-amendment/7467
so liberte isnt safe to use?
Not at this time.
You guys have any links or sources regarding this? I haven't heard anything about Liberte itself leaking DNS requests, only applications within it, such as Midori... but when configured through Privoxy (the way Liberte does) this is not an issue. I'd like to read more.
See:
https://trac.torproject.org/projects/tor/wiki/doc/Preventing_Tor_DNS_Leaks
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
http://securitystreetknowledge.com/?p=283
I have my Linux box set up like kmfkewm describes.
During installation, I shred(1)ed my /dev/sda, then cryptsetup create x /dev/sda, then set up LVM on the 'x' crypto container. Then I installed like normal, except that my /boot is on a USB stick.
When I boot, I have to put in my stick and add a 'break' option to the grub line. This causes me to get dropped to a shell before anything has been mounted. I cryptsetup create x /dev/sda, then lvm vgchange -ay. Then I ctrl-D out of that shell, and my box boots normally.
When I do upgrades, I have to make sure the USB stick is mounted as /boot if anything will be written there.
So, it's a little weird, but the end result is that my drive looks shredded. There are no headers of any kind like there would be if I had used LUKS, etc.
I assume there's a thread around here describing this configuration in more detail. Can you point me to it? I'm always interested in improving security, and this sounds interesting. kmfkewm has probably taught me more about this shit on these forums than I've learned all other places combined...
Bump for my questions...
-
@cacoethes: There's no guide to the setup I described, as far as I know. I've never heard of anyone else doing it. I don't remember every detail, but I think my earlier message is a pretty good sketch of how it works, except I should have specified I use Arch. What this setup gets you is, if your laptop is confiscated while it's off, it will look to the data forensics people as if the drive has been filled with random data with a utility like shred(1). They may have strong, reasonable suspicion that there's really a crypto container there, but they can't prove it unless they brute your passphrase.
If you try to replicate this setup with Arch and hit specific problems, please ask me and I'll try to help.
-
@cacoethes: There's no guide to the setup I described, as far as I know. I've never heard of anyone else doing it. I don't remember every detail, but I think my earlier message is a pretty good sketch of how it works, except I should have specified I use Arch. What this setup gets you is, if your laptop is confiscated while it's off, it will look to the data forensics people as if the drive has been filled with random data with a utility like shred(1). They may have strong, reasonable suspicion that there's really a crypto container there, but they can't prove it unless they brute your passphrase.
If you try to replicate this setup with Arch and hit specific problems, please ask me and I'll try to help.
Thanks, h3n, appreciate the response. My interest is primarily academic, as the only drive which contains anything truly incriminating and/or sensitive data is a micro SD card which will never be found, and therefore never "inspected". My laptop, and the encrypted USB drive sitting beside it will be the obvious prizes LE will focus on if ever they come knocking... But those prizes are nothing more than red herrings, and by the time LE picks them apart and/or acquires a subpoena forcing me to divulge any passwords, the real prize will be long gone.
I am still curious as to where it's been discussed that Liberte is "unsafe to use at this time" due it leaking DNS requests This is a blanket statement that is doesn't seem to be supported by anything I've read, but it does concern me enough that I'd like to learn more.
kmfkewm, where are ya, buddy?
-
I use TrueCrypt for the drive and then encrypt individual folders/files with Toucan
From Tails:
TrueCrypt is not enabled by default when Tails starts. In order to use TrueCrypt, the following needs to be done:
on the language selection menu, right after booting Tails, use the arrow keys to select the desired system language,
press the tab key (often labeled ↹), press space, type truecrypt and press enter,
when Tails desktop is ready, you should find TrueCrypt in the Applications menu, under Accessories.