I just read
this discussion between Linus Torvalds and (among others)
Milan Broz, one of dm-crypt's maintainers.
I am intrigued by the the following part of the discussion :
Quote:
Linus Torvalds:
I thought the people who used hidden ("deniable") things didn't actually ever *use* the outer filesystem at all, exactly so that they can just put the real encrypted thing in there and nor worry about it.
Milan Broz:
Well, they actually should "use" outer from time to time so the data looks "recent" and for the whole "hidden OS" they should be even able to boot to outer decoy OS on request, just to show that something working is there.
|
In theory, I agree with Milan's statement, using the decoy data is a good thing to do to increase credibility. But how do you achieve that in practice ? E.g., how can you write to the outer volume without risking to overwrite the inner volume ?
I am using hidden LUKS volumes for years now, combining detachable headers and data offset. Usually I start by creating a small LUKS-encrypted outer volume (let's say 20 GB), I fill it with decoy data, then I increase this outer volume's size (to for example 500 GB), and I create the inner volume with an offset of 25GB for example.
And after that I do what Linus said, I religiously avoid to touch the outer volume's decoy data, out of fear of damaging the inner volume's data.
Is there a way to refresh the outer volume's data, without risking to damage the inner volume's data ? E.g., is there a tool to write specifically on the 20 first Gigs of the outer volume, making sure to not mess with the 480 following gigs ?
I am using both HDDs and SSDs, so the question applies to both.