disk encryption; hidden containers

[RW]

On Tue, 22 Jul 2008 17:47:42 +0200
cpghost <cpghost at cordula.ws> wrote:

> On Fri, Jul 18, 2008 at 09:56:24AM -0600, Chad Perrin wrote:
> > My preliminary searches on the subject suggest that neither GBDE
> > nor GELI encryption offers hidden volume/container capabilities.
> > Are there any plans for implementing this in the future?  What disk
> > encryption softoware would you recommend for use with FreeBSD to
> > provide hidden containers?
> 
> Unless the containers are spread randomly across the partition
> and are small enough, they WILL appear very prominently, because
> they will usually have maximun entropy.
> 
> To locate them, all a cyrptanalyst has to do is to look out for
> regions on the partition with very high entropy, 

The trick is to hide the volume somewhere that is legitimately filled
with random numbers. 

One simple way to do this is to simply argue that an encrypted
partition was previously an ordinary partition has been securely
erased by filling it with random numbers. Since this is a reasonable
thing to do, it provides a significant level of plausible deniability.
Unfortunately you can't do this with geli, because it's actually
designed to be detectable (I'm not sure about gbde).

Some encryption software goes much further by allowing one or more
levels of nesting within volumes. The way it works is that you
create a normal volume, put in some dummy files, and then create a
second level container in the freespace. Since it's good practice to
prefill freespace with random  numbers, and some encryption software
does it automatically, it's very had to detect the second level. The
advantage of this is that even if someone knows that you are using
encryption, and can compel you to give-up the passphase, you can still
keep the real secrets hidden.