[HacktionLab] Hiding Stuff on your Computer

[mark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nice once John.

On 26/07/10 02:09, John wrote:
> The best way to protect
> against this is to encrypt not just your confidential folder(s) but also
> your swap folder/ pagefile as well. An even better solution is to
> encrypt your whole hard drive. Various Linux versions have this feature
> built into their installers and there are plenty of wiki's out there on
> how to do this.

We have an issue here of how far to go in our explanations, given that
this is supposed to be an entry-level document.

In this case the problem is that the default "encrypt your whole hard
drive" technique offered by the debian/ubuntu installers leaves the boot
partition in clear, and vulnerable to "evil maid" attacks. For example
http://www.wzdftpd.net/blog/index.php?2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks
. A commonly proposed solution to this is to carry one's boot partition
on a USB drive that never leaves your body, which is cool if you know
how to configure an installation over multiple media... but do we want
to explain how to do that?

Then the next thing beyond that would be to talk about rubber-hose
attacks, and the legal situation wherein one is guilty of an offence if
encrypted data is found and the defendant refuses to decrypt it (RIPA etc.).

So, I don't know really, how far do we want to go with this? Where do we
draw the line?

Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxNRToACgkQ3b8v4BN9hRQdUgCfX2R2kuE4cmoVLv7A/X1wmLrp
OrEAoJ/CyvoEPRO6RPqJhvgfYG/fbsUp
=XccB
-----END PGP SIGNATURE-----