[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stego-empty hard drives...




At 2:06 PM -0500 9/21/98, Michael Motyka wrote:
>Robert Hettinga wrote:
>> Stegoing an encrypted partition as "blank" hard drive space without
>> actually writing over it unless you wanted to?
>>
>A freshly formatted partition has a fill value. Noise would indicate
>that is is not fresh. This would not be proof that it contained
>encrypted data but it would indicate some sort of use.
>
>Another layer:
>	create a partition.
>	Use it as an archive for 'unclassified' materials.
>	At some point after the use has fragmented it enough to look real:
>		disable all automatic accesses ( temp files, caches ... )
>to the
>partition
>		create an application program that uses the unused space as
>a secure
>filesystem
>
>Then the partition would be arguably "in normal use" and it could get
>tough to prove the nature of the unused space. You could even leave some
>space filled with the format fill value. Not sure how to hide the app.
>maybe as passphrased option in some innocuous custom application.
>Accounting app?

	Passphrase at startup. One phrase allows access to the "stego'd" areas,
the other allows access to the "cover" areas.

	This wouldn't stand source code inspection, but if you used some
sort of Pretty Lousy Privacy on the "cover" data, and an uncompromised
crypto on the rest you might pass all but the most rigourous investigation.

	Of course, if you are getting an extremely rigourous investigation,
you don't need good crypto, you need good PR, and a good lawyer because
they WILL find something, unless they think hanging your butt will cause
riots.


--
Five seconds later, I'm getting the upside of 15Kv across the nipples.
(These ambulance guys sure know how to party).
The Ideal we strive for: http://www.iinet.net.au/~bofh/bofh/bofh11.html
No, I don't speak for playboy, They wouldn't like that. They really wouldn't.