11

Is there any way to encrypt a Linux filesystem in such a way to maintain plausible deniability? E.g. "Hidden OS support," the way TrueCrypt and Veracrypt work, they only support Windows OS due to low level DISK IO (via filter driver) and support hasn't been extended to Linux.

As you know, TrueCrypt is no longer in development and VeraCrypt has yet to implement low level disk IO drivers.

What about running/chrooting a filesystem from a hidden partition/volume without it leaking in the 'normal'/unencrypted FS?

Edit:

Plausible Deniability a la (True/Vera)Crypt: there is an 'outer' encrypted container (which is encrypted/possess high entropy/appear random) and has an 'inner' encrypted container (which must possess the same trait) to where a password can be provided and depending on the password, it decrypts either the outer/inner container, so that an extortionist/blackmailer can be provided the 'outer' container password and be satisfied, yet still cannot prove the existence of any other encrypted data. Also, that I would want decrypt and chroot the filesystem and when I power down it stays encrypted.

user2428118
  • 2,788
  • 16
  • 23
grepNstepN
  • 610
  • 4
  • 15
  • 1
    You probably want to improve the clarity of your question, and explain what you mean by plausible deniability. I *think* I understand what your question is about, but I'm not entirely sure... – Steve Dodier-Lazaro Apr 29 '15 at 18:28
  • plausible deniability ala (true/vera)crypt: there is an 'outer' encrypted container (whichis encrypted/possess high entropy/appear random) and has an 'inner' encrypted container (which must possess the same trait) to where a password can be provided and depending on the password, it decrypts either the outer/inner container, so that an extortionist/blackmailer can be provided the 'inane'/'outer' container password and be satisfied yet still cannot prove the existence of any other encrypted data. Also, that I would want decrypt and chroot the filesystem and when I powerdown it stays encrypted. – grepNstepN Apr 29 '15 at 19:08
  • 1
    That's what I thought. I do encourage you to clarify that in the original question as it'll attract more responses. In the meantime, have a look at http://www.cl.cam.ac.uk/~mgk25/ih99-stegfs.pdf and http://www.outguess.org/ – Steve Dodier-Lazaro Apr 29 '15 at 22:00
  • 1
    There was Rubberhose FS, but the author is "otherwise engaged" at this moment. – Arran Schlosberg Apr 29 '15 at 23:21
  • Related: https://security.stackexchange.com/questions/135846/is-plausible-deniability-actually-feasible-for-encrypted-volumes-disks – Ciro Santilli OurBigBook.com Dec 14 '20 at 10:27

3 Answers3

6

TrueCrypt works with Linux, it just doesn't support full disk encryption by itself.

Within Linux, you can mount a TrueCrypt volume that features plausible deniability, and then simply chroot it.

Or if you feel fancy, have the volume contain a Docker image, and "Dock" it.

Nate
  • 409
  • 3
  • 9
  • What do you mean it doesn't work with FDE? Just because there's no official installer does not mean it's not fairly easy to make it work. GRUB2 supports TrueCrypt, as does cryptsetup, so you could even use a completely encrypted boot partition on Linux with it. – forest Dec 27 '17 at 07:20
  • @forest We are talking about two different things. Yes, you can use GRUB2 to unlock your truecrypt encrypted partition. No you cannot use the truecrypt bootloader to start linux. If GRUB2 is not encrypted, it is not a true FDE. – Nate Dec 28 '17 at 18:36
  • FDE just means the boot partition is also encrypted. GRUB2 being unencrypted is still FDE, and GRUB2 is a bootloader, just like the TC bootloader. They are both necessarily unencrypted. On Linux, while you don't use the official TC bootloader, you can use GRUB2 instead, which lets you have true FDE with TC. Just because you're using a different bootloader does not mean you're not still use TrueCrypt. – forest Dec 29 '17 at 05:20
  • ... (facepalm) ... – Nate Dec 30 '17 at 19:08
  • There, I edited the answer. – Nate Dec 30 '17 at 19:11
3

You can create deniable encryption using dm-crypt and remote header or raw dm-crypt encryption and block device offsets (1, 2).

It's not as easy as TrueCrypt though and it's extremely easy to get wrong, as dm-crypt is a very low level tool, but you have more control and flexibility.

forest
  • 65,613
  • 20
  • 208
  • 262
Lie Ryan
  • 31,279
  • 6
  • 69
  • 93
0

Legal note:

That depends on what you expect to achieve with plausible deniability: This can bite you in the ass in several countries (like the UK, for example.) The police there know of the existence of TrueCrypt, and under the RIPA Act (and similar legislation elsewhere), they may fine and/or imprison you if you do not provide the decryption key to all data stored on your device (i.e. to capacity), when asked. That is the risk you take if you cross a border with a device encrypted with TrueCrypt: If you are asked for a key, any answer other than one that unlocks all storage on the device will be regarded as uncooperative.

(Obviously, plausible deniability also means that you cannot prove that data isn't there, and that you're not simply holding something back - which would result in automatic jail time. So be careful.)

Oliver Jones
  • 167
  • 3
  • 1
    If you give the key to the volume, how could they send you to jail ? Thay can't know/prove that there is any other data either. That's the point of plausible deniability. – Hey Apr 08 '16 at 20:15
  • 1
    If you have a 1TB storage device, and you give them a key to unlock a TrueCrypt volume on the device that's only 500MB in size, I'm sure you'll agree that even the dimmest lightbulb in Customs will see that as a red flag. I would remind you that they do not *need* to prove data is there: You, on the other hand, need to prove there isn't - if you want to avoid going to jail, that is. The burden of proof falls on you, not Customs. – Oliver Jones Apr 11 '16 at 06:59
  • But you *can't* prove that there is no data, you can just say that the part of the container that contains nothing is just random data and not encrypted data. It's really dumb to put only 500 MB : just make 200 GB of useless files and you're safe. – Hey Apr 11 '16 at 07:59
  • 1
    The problem with legislation like RIPA is that the burden of proof falls on you: If you cannot prove there is no data, that's *your* problem - and you will spend the rest of your life in prison. It's that simple. The best answer is simply not to travel to [certain countries](https://en.wikipedia.org/wiki/Key_disclosure_law) with "plausably deniable data". – Oliver Jones Apr 12 '16 at 11:33
  • @OliverJones Truecrypt plausible deniable file systems can and should be configured to be the same size as the hard drive they are contained in. – Nate Sep 18 '16 at 20:12
  • 2
    @Nate - Can you please elaborate on "the plausible deniable file systems can and should be configured to be the same size as the hard drive they are contained in"? – Motivated Dec 29 '18 at 17:37