ok, where to begin, lets just dive in.
first, I'm looking for an operating system that gets everything I want to do done, I've recently bought a new computer and want to get rid of Windows altogether. please read the whole thing before you comment, I may have touched on things later that don't seem touched on early in the post.

here are the benefits of using Windows, as far as making a secure system (yes I know there are detriments).
1 you can install Windows XP and get it all running like you want.

2 then use Drivecrypt to encrypt the entire drive. from the outside the dirve looks unformatted. it gives you the option of boot menus, one of which is it comes up with a command prompt that says something like "bad hard drive" just type in your pass and it boots.

3 Drivecrypt allows you to encrypt a system within the encrypted drive. type in a different pass at the boot screen and you have the hidden system. if someone were to force you to give them the pass you just give them the first pass and it boots into the first system but not the hidden one. this gives plausible deniability, not that I really need it, but it is cool and Incognito tries for the same thing in it's encrypted persistent home directory. once you reach this level, there is no concern about anything being detectable from any physical scrutiny.

4 using truecrypt you can encrypt an entire drive as an encrypted virtual drive. once into windows pick the drive put in the pass and voila! you're in. if anything happens you can redo the system drive and still have all your information safe in the truecrypt drive or container.

ok, now some of the draw backs.
1 once it's running, just using Windows. the problems are too numerous to list.

2 if you replace the computer, it's almost impossible to get Windows from the old computer to boot with the new computer, in Windows without the encryption, it's hard enough and problematic enough to make anyone want to move away from Windows.

3 partition formats, if you use Windows, and format your Truecrypt container in NTFS it's difficult to get it to mount read/write in Linux. if you want to keep the files in the Truecrypt container, you will have to mount it read only make a new container in ext3 or something and move all the files.

now for a few questions for the people developing Incognito or someone that can simply answer them.

1 why doesn't any Linux distribution offer something like Drivecrypt? encrypt the whole drive, install a boot program in the boot sector, and password protect that. from there almost any linux install would be outside hardened.

2 why doesn't any Linux distribution, again as in Drivecrypt, after installing your dummy Linux ad a hidden encrypt install that boots with a different pass? (I like the idea that Incognito uses to protect the hidden persistent home directory by typing in both passes) this uses more space than the Incognito idea of just doubling the home directory, but allows changes to the entire system without leaving an exploit for someone trying to find something. I'm guessing allowing some leeway to the user could be done fairly safely.

3 on a completely different tack, why aren't the ntfs-3g drivers installed in Incognito? it would allow Truecrypt to mount encrypted NTFS containers read/write. there is a small Puppy Linux version called Torpup which has this driver, and it works perfectly.

4 if Incognito doesn't allow changes, how would someone get the correct video driver so they could set the correct screen resolution, among other things one might need to change and have stick.

finally, a suggestion. I know there are concerns, but, you guys should look at the way Puppy Linux uses a live cd, with the possibility to use a save file. this save file can be used on the live cd if you burn it multi-session, or as a file on a hard drive. Puppy also allows for this file to be encrypted. there is also a boot option that allows you to bypass this file, giving you a clean boot to an untouched version of your puppy disc. I think with work this system may be a better platform for something like Incognito. some of the work has already been done. Torpup has the encrypted save file option, it has Truecrypt with support for NTFS containers, it has Vidalia with Tor and Privoxy. in the latest versions of Puppy called Woof, there are separate versions that are fully compatible with most of the major flavours of Linux, Dpup is compatible with Debian, Upup is Ubuntu, Spup is Slackware, etc. this gives something like Dpup all the available stuff from the Ubuntu repositories. all that would need to be done is some of the stuff already implemented in Icognito like the elimination of swap files, the doubled persistent save file, the scrubbing of the ram on shutdown, etc.

just a few thoughts, I really like lots of the attributes Incognito offers but for now it has some pretty major setbacks for me. if it can be fixed by me easily, I would love to hear from someone better at the technical stuff. sorry this is so long.

1. The Truecrypt program you mentioned is cross-platform. There is a version for Linux.

2. Incognito and Puppy are Live distributions. This means they were created with the intention of running from a CD and NOT a hard drive. These distros should not be installed to hard drive for everyday use. If you want to find a desktop Linux distro, openSUSE and Ubuntu are good starting points. You can take this short test to find some matches:

http://www.zegeniestudios.net/ldc/


3. With your Truecrypt setup, you want a small basic Linux OS to start which will start the real OS, which is encrypted, right? If so, you can encrypt your root partition and have a separate /boot partition. I *think* you can boot into the unencrypted /boot, which will ask for a password to continue starting up. I have never tried this before, but it may work.



good luck,
rabbit2345

hi, thanks for responding.
1 I realize truecrypt is cross platform my issue is that the NTFS drivers to allow read/write of NTFS containers is not included in Icognito.

2 Puppy allows an encrypted save file that saves all changes made during the session, Incognito saves only the home folder. puppy allows instalation and update of programs, Incognito doesn't. puppy finds all the correct drivers for every computer I've ever tried it on, Icognito doesn't.

3 my idea is a small bootloader program like grub or something that will ask for a pass and decrypt the drive and hand things over to the regular grub boot loader, the current situation like in Ubuntu is to have an unencrypted boot partition and encrypt an extended partition with a logical partition for the OS and a logical partition for the swap. I think this could also be achieved by putting grub in the boot sector and encrypt the rest of the drive as described above. this would work on an install, if you wanted to run live cd I think Puppy's setup allows the best of all worlds.

You could encrypt your disk with Truecrypt, but unless you intend on file sharing with Windows, NTFS isn't really that great of a filesystem. And the ntfs-3g driver should be avaliable on any desktop Linux, unlike Puppy (which was built to be fast, small, and minimal) and Incognito (which was built with all the security stuff). Once again, you should not depend on any Live distribution for real usage.

I found a few pages on encrypting and stuff with Truecrypt, and I think I might have a solution:

1. Encrypt the root partition with Truecrypt and a password.

2. Copy the kernel modules and binary to initrd and execute True crypt before booting so it will prompt you for a password. This might not work since the keyboard might not be connected yet.

[edit]
well maybe you could just encrypt your important data instead of the whole drive. I think it could be much simpler if you detached /home and encrypt just that instead of everything.



good luck,
rabbit2345