Re: Opiated file systems

[Joe Block <jpb@miamisci.org>]

At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
>One problem, however, would be how to keep the "decoy" data, accessible
>with only the ambush key, "fresh" in that it must undergo a certain amount
>of
>turbulence to appear real.  The two file systems would essentially have to
>mirror each other, one with the juicy bits and one with the decoy bits.
>It would seem to be practically impossible to just build two file systems
>as one would 'disappear' when only the ambush key was used.  Wouldn't it
>be sort of obvious that something was wrong if half the disk vanished?

As far as churning goes, why not just mount both the decoy and the
encrypted filesystems simultaneously?  Have a perl script (stored on the
hidden volume of course) that automatically decodes random images from
alt.binaries.pictures.* into the decoy system and nukes the oldest decoy
files.  And go ahead and keep a copy of all your assorted /var/named &
other config files in there too.

Honest officer, I keep that partition unmounted so that a system crash is
less likely to clobber my painfully constructed configuration files - and
it's encrypted so that crackers won't be able to alter my configuration
backup to add security holes.

Let them go nuts trying to un-stego the smut images once you've given them
the duress key.


Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21