forked from nihilist/blog-contributions
205 lines
9.6 KiB
HTML
205 lines
9.6 KiB
HTML
|
<!DOCTYPE html>
|
||
|
<html lang="en">
|
||
|
<head>
|
||
|
<meta charset="utf-8">
|
||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
|
<meta name="description" content="">
|
||
|
<meta name="author" content="">
|
||
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||
|
|
||
|
<title>Plausibly Deniable Data Protection Setup</title>
|
||
|
|
||
|
<!-- Bootstrap core CSS -->
|
||
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
||
|
|
||
|
|
||
|
|
||
|
<!-- Custom styles for this template -->
|
||
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
||
|
|
||
|
|
||
|
|
||
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
||
|
<!--[if lt IE 9]>
|
||
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
||
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
||
|
<![endif]-->
|
||
|
</head>
|
||
|
|
||
|
<body>
|
||
|
|
||
|
<!-- Static navbar -->
|
||
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
||
|
<div class="container">
|
||
|
<div class="navbar-header">
|
||
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
||
|
<span class="icon-bar"></span>
|
||
|
<span class="icon-bar"></span>
|
||
|
<span class="icon-bar"></span>
|
||
|
</button>
|
||
|
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
||
|
</div>
|
||
|
<div class="navbar-collapse collapse">
|
||
|
<ul class="nav navbar-nav navbar-right">
|
||
|
|
||
|
<li><a href="/about.html">About</a></li>
|
||
|
<li><a href="/blog.html">Categories</a></li>
|
||
|
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
|
||
|
<li><a href="/contact.html">Contact</a></li>
|
||
|
</ul>
|
||
|
</div><!--/.nav-collapse -->
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
|
||
|
<!-- +++++ Posts Lists +++++ -->
|
||
|
<!-- +++++ First Post +++++ -->
|
||
|
<div id="anon2">
|
||
|
<div class="container">
|
||
|
<div class="row">
|
||
|
<div class="col-lg-8 col-lg-offset-2">
|
||
|
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-03-10</ba></p>
|
||
|
<h1>Plausibly Deniable Data Protection Setup</h1>
|
||
|
<img src="0.png" style="width:250px">
|
||
|
<p>In this tutorial we're going to look at how you can backup your critical data (Keepass accesses, pgp key, ssh key, etc) while still maintaining the plausible deniability. </p>
|
||
|
|
||
|
</div>
|
||
|
</div><!-- /row -->
|
||
|
</div> <!-- /container -->
|
||
|
</div><!-- /grey -->
|
||
|
|
||
|
<!-- +++++ Second Post +++++ -->
|
||
|
<div id="anon3">
|
||
|
<div class="container">
|
||
|
<div class="row">
|
||
|
<div class="col-lg-8 col-lg-offset-2">
|
||
|
<h2><b>Initial Setup </b></h2>
|
||
|
</br><b>DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling</b>
|
||
|
<pre><code class="nim">
|
||
|
source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
|
||
|
|
||
|
regarding wear leveling:
|
||
|
"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
|
||
|
|
||
|
</pre></code>
|
||
|
|
||
|
|
||
|
<p>First install veracrypt in the plausibly deniable whonix VM (for more details on how to set that environment up in <a href="../anonymity/index.html">this</a> previous tutorial), go <a href="https://veracrypt.fr/en/Downloads.html">there</a> to download the latest .deb package:</p>
|
||
|
<pre><code class="nim">
|
||
|
wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb
|
||
|
|
||
|
dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
|
||
|
apt install -f
|
||
|
dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
|
||
|
|
||
|
</code></pre>
|
||
|
<p>Once veracrypt is setup, we're going to create a small volume with a hidden partition, which will contain all of your critical data, and the decoy partition will contain a weekly diary.</p>
|
||
|
<p>So let's create the volume, we want to keep the size to be low so that it will contain only the critical information.</p>
|
||
|
|
||
|
<img src="1.png" class="imgRz">
|
||
|
<img src="2.png" class="imgRz">
|
||
|
<img src="3.png" class="imgRz">
|
||
|
<img src="4.png" class="imgRz">
|
||
|
<img src="5.png" class="imgRz">
|
||
|
<img src="6.png" class="imgRz">
|
||
|
<img src="7.png" class="imgRz">
|
||
|
<img src="8.png" class="imgRz">
|
||
|
<img src="9.png" class="imgRz">
|
||
|
<img src="10.png" class="imgRz">
|
||
|
<img src="11.png" class="imgRz">
|
||
|
<img src="12.png" class="imgRz">
|
||
|
|
||
|
<p>Note: It is important to make sure that the decoy partition is changed everytime the hidden partition is changed, because as it is detailed <a href="https://anonymousplanet.org/guide.html#online-backups">here</a> it is not advised to backup veracrypt drives online because cloud services almost always retain history of files, meaning if you give your decoy password to all of the previous veracrypt file versions, it must justify that the entire container is different. <b>If the entire container is different while the decoy partition is the same, it means that an adversary can prove that there is a hidden partition.</b> Hence there needs to be a procedure as to how you backup your veracrypt volume online.</p>
|
||
|
<pre><code class="nim">
|
||
|
Weekly procedure to backup your critical data:
|
||
|
-open the hidden volume of the veracrypt volume diary.vc
|
||
|
-backup all of your critical data (ssh config, ssh keys, pgp keys, keepass .kdbx files, etc.) (max size= 10Mb)
|
||
|
-close the hidden volume
|
||
|
-open the decoy volume of the veracrypt volume diary.vc
|
||
|
-recap your week in a small text file, name it with today's date. (don't reveal the presence of a hidden file in the text content)
|
||
|
-close the decoy volume
|
||
|
|
||
|
ONLY THEN the veracrypt volume is completed, and can be backed up somewhere else:
|
||
|
-copy it to your mainpc, laptop, homeserver and phone
|
||
|
-copy it to a usb key, which is to be hidden somewhere
|
||
|
-hide it in plain sight using steghide inside of a very large image.
|
||
|
|
||
|
</code></pre>
|
||
|
<p>Now let's take a look at how this looks like once it's applied:</p>
|
||
|
|
||
|
|
||
|
</div>
|
||
|
</div><!-- /row -->
|
||
|
</div> <!-- /container -->
|
||
|
</div><!-- /white -->
|
||
|
|
||
|
<div id="anon2">
|
||
|
<div class="container">
|
||
|
<div class="row">
|
||
|
<div class="col-lg-8 col-lg-offset-2">
|
||
|
<h2><b>Backup Procedure</b></h2> </br> </br>
|
||
|
<p>First we open the hidden volume:</p>
|
||
|
<img src="13.png" class="imgRz">
|
||
|
<img src="14.png" class="imgRz">
|
||
|
<p>Backup all of your critical data (ssh config, ssh keys, pgp keys, keepass .kdbx files, etc.) (max size= 10Mb)</p>
|
||
|
<img src="15.png" class="imgRz">
|
||
|
<p>Then close the hidden volume:</p>
|
||
|
<img src="16.png" class="imgRz">
|
||
|
<p>Open the decoy volume of the veracrypt volume diary.vc</p>
|
||
|
<img src="17.png" class="imgRz">
|
||
|
<p>write something in there such as your week in a small text file, name it with today's date. (don't reveal the presence of a hidden file in the text content). This is just an example as to what content you could put there. <b>Goal is that the content must make sense in case if you're forced to type in your password there.</b> Second goal is that <b>for each veracrypt hidden volume changes that occur, the content of the decoy partition must also change because otherwise it will reveal the existance of the hidden volume if the remote server keeps the previous versions of each file.</b></p>
|
||
|
<img src="18.png" class="imgRz">
|
||
|
<p>Once you have closed the decoy volume, the veracrypt volume is ready to be backed up:</p>
|
||
|
<img src="19.png" class="imgRz">
|
||
|
<p>copy it to a server (wherever you want online), and then copy the file on your mainpc, your laptop and then you can also put it on a usb key to be hidden somewhere.</p>
|
||
|
<img src="0.1.png" class="imgRz">
|
||
|
<p>Like so you're covered in case if you are forced to give away your password, and in case if an adversary fills the decoy partitions of your veracrypt volumes in an attempt to destroy the hidden partitions.</p>
|
||
|
<p>You can get creative as to how you choose to hide the veracrypt volume aswell, such as replacing a random linux binary in the /bin/ folder, or a library in /lib, or a file in /etc/, burying the usb key somewhere underground, etc</p>
|
||
|
|
||
|
</div>
|
||
|
</div><!-- /row -->
|
||
|
</div> <!-- /container -->
|
||
|
</div><!-- /white -->
|
||
|
|
||
|
<!-- +++++ Footer Section +++++ -->
|
||
|
|
||
|
<div id="anonb">
|
||
|
<div class="container">
|
||
|
<div class="row">
|
||
|
<div class="col-lg-4">
|
||
|
<h4>Nihilism</h4>
|
||
|
<p>
|
||
|
Until there is Nothing left.
|
||
|
|
||
|
</p>
|
||
|
</div><!-- /col-lg-4 -->
|
||
|
|
||
|
<div class="col-lg-4">
|
||
|
<h4>My Links</h4>
|
||
|
<p>
|
||
|
|
||
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
|
||
|
|
||
|
</p>
|
||
|
</div><!-- /col-lg-4 -->
|
||
|
|
||
|
<div class="col-lg-4">
|
||
|
<h4>About nihilist</h4>
|
||
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
|
||
|
</div><!-- /col-lg-4 -->
|
||
|
|
||
|
</div>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
|
||
|
|
||
|
<!-- Bootstrap core JavaScript
|
||
|
================================================== -->
|
||
|
<!-- Placed at the end of the document so the pages load faster -->
|
||
|
|
||
|
</body>
|
||
|
</html>
|