blog-contributions/opsec/veracrypt/index.html
2024-08-28 20:13:19 +02:00

204 lines
8.8 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Plausible Deniability Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-31</ba></p>
<h1>Plausible Deniability Setup </h1>
<img src="0.png" style="width:250px">
<p>VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. It is based on Truecrypt, This tool will be used for Plausible Deniability. </p>
<p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
</br>
<b>DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling</b>
<pre><code class="nim">
source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
regarding wear leveling:
"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
</pre></code>
<p>Let's install the .deb package for veracrypt: </p>
<img src="1.png" class="imgRz">
<pre><code class="nim">
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo apt install -f
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ which veracrypt
/usr/bin/veracrypt
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ veracrypt
</code></pre>
<p>Now from there we can create encrypted volumes (either as files or as entire drives). In this case we'll create an encrypted file: </p>
<img src="2.png" class="imgRz">
<p>Here we select that we want a Hidden veracrypt volume as well (which will be able to deny it's existence).</p>
<img src="3.png" class="imgRz">
<p>Then we want it to be a simple file in my home directory</p>
<img src="4.png" class="imgRz">
<p>Leave the default settings for the encryption</p>
<img src="5.png" class="imgRz">
<p>As a test we'll make a 1Gb volume, can be smaller or as big as all the available space.</p>
<img src="6.png" class="imgRz">
<p>Now here we want to remember our first password A, for the decoy volume, <b>This is the password you'll type when you're forced to give out your password</b>.</p>
<img src="7.png" class="imgRz">
<p>Here we can select the FAT filesystem</p>
<img src="8.png" class="imgRz">
<p>Then move your mouse to make sure the randomness of the encryption is best, then let it complete the formatting. If you are creating a large encrypted volume, it will take time to overwrite all the data. <b>DO NOT SELECT QUICK FORMAT, or you risk having the hidden volume being discoverable by an adversary.</b> </p>
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>Now that's completed, we then create the Hidden Volume, which we'll open only when we are all alone, <b>the existence of this volume must never be revealed to anyone except you.</b>. then we repeat the previous steps:</p>
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<p>Here we select the size we need for the hidden volume. </p>
<img src="13.png" class="imgRz">
<p>And here we use the second password, this is the one you must remember in order to access the data you want to hide from an adversary. Then we repeat the previous steps to create the volume:</p>
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<img src="18.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Mounting the Volumes</b></h2> </br> </br>
<p>Now let's mount both volumes to see the difference:</p>
<img src="19.png" class="imgRz">
<p>Here when we type the first password we see that the volume is mounted as normal type:</p>
<img src="20.png" class="imgRz">
<p>Then dismount the volume, and mount the hidden volume next with the second password:</p>
<img src="21.png" class="imgRz">
<p>And here you see that the volume mounted is now of the "hidden" type</p>
<img src="22.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>