Silk Road forums
Discussion => Security => Topic started by: mnightshamalon on April 15, 2012, 08:24 am
-
Hello All,
I've been researching and preparing for my future on SR. Part of the preparation phase has got me asking questions about keys/bookmarks. When using Liberte, the PGP Keys,bookmarks, and any other saved data is stored on the Liberte Volume encrypted and stored on the USB storage media.
My concern is if the USB stick was ever compromised and I was forced to give the password, my keys along with bookmarks to important sites would be able to be viewed. I thought about placing this sensitive information on an external HDD with a hidden volume, but Liberte doesn't offer truecrypt.
I'm not the smartest guy in the world, so I always assume this question has been asked; although I have not found an answer by searching the forums. I would think this would be of concern.
**Side Issue**
Bitcoin runs on a VM in an encrypted volume, and connects via TOR. The VM is only used for bitcoin transactions, and wallets are deleted regularly. Are there any other better options. I'd rather not have a VM with a bitcoin wallet at all. I'm just looking for something more secure or a suggestion for that aspect of the anonyminity, or am I safe using it as is.
Any help is much appreciated.
Thanks
-
Hello All,
I've been researching and preparing for my future on SR. Part of the preparation phase has got me asking questions about keys/bookmarks. When using Liberte, the PGP Keys,bookmarks, and any other saved data is stored on the Liberte Volume encrypted and stored on the USB storage media.
My concern is if the USB stick was ever compromised and I was forced to give the password, my keys along with bookmarks to important sites would be able to be viewed. I thought about placing this sensitive information on an external HDD with a hidden volume, but Liberte doesn't offer truecrypt.
I'm not the smartest guy in the world, so I always assume this question has been asked; although I have not found an answer by searching the forums. I would think this would be of concern.
**Side Issue**
Bitcoin runs on a VM in an encrypted volume, and connects via TOR. The VM is only used for bitcoin transactions, and wallets are deleted regularly. Are there any other better options. I'd rather not have a VM with a bitcoin wallet at all. I'm just looking for something more secure or a suggestion for that aspect of the anonyminity, or am I safe using it as is.
Any help is much appreciated.
Thanks
I worried about not having a hidden volume with Liberte, too. My solution:
I quit using Liberte on a USB drive and put it on a 4 gig micro SD card about the size of a fingernail. I could easily swallow it if I had to. No one is going to find something that small if it's hidden it well... It's amazing how much easier it is to hide an object the smaller that object is. And it is the ONLY piece of evidence that can link me to SR or any other related activity.
My laptop and the encrypted USB drive laying next to it will be the obvious prizes if shit goes down, but they are only red herrings.
By the time a subpoena is issued demanding that I unlock my laptop and USB drives, the real prize will no longer exist.
-
Hello All,
I've been researching and preparing for my future on SR. Part of the preparation phase has got me asking questions about keys/bookmarks. When using Liberte, the PGP Keys,bookmarks, and any other saved data is stored on the Liberte Volume encrypted and stored on the USB storage media.
My concern is if the USB stick was ever compromised and I was forced to give the password, my keys along with bookmarks to important sites would be able to be viewed. I thought about placing this sensitive information on an external HDD with a hidden volume, but Liberte doesn't offer truecrypt.
I'm not the smartest guy in the world, so I always assume this question has been asked; although I have not found an answer by searching the forums. I would think this would be of concern.
**Side Issue**
Bitcoin runs on a VM in an encrypted volume, and connects via TOR. The VM is only used for bitcoin transactions, and wallets are deleted regularly. Are there any other better options. I'd rather not have a VM with a bitcoin wallet at all. I'm just looking for something more secure or a suggestion for that aspect of the anonyminity, or am I safe using it as is.
Any help is much appreciated.
Thanks
I worried about not having a hidden volume with Liberte, too. My solution:
I quit using Liberte on a USB drive and put it on a 4 gig micro SD card about the size of a fingernail. I could easily swallow it if I had to. No one is going to find something that small if it's hidden it well... It's amazing how much easier it is to hide an object the smaller that object is. And it is the ONLY piece of evidence that can link me to SR or any other related activity.
My laptop and the encrypted USB drive laying next to it will be the obvious prizes if shit goes down, but they are only red herrings.
By the time a subpoena is issued demanding that I unlock my laptop and USB drives, the real prize will no longer exist.
Clever, I like it!
Just for the benefit of any new users to our forum:
An important aspect of Truecrypt is to provide plausible deniability for encrypted volumes -(See: http://www.truecrypt.org/docs/?s=plausible-deniability) it's trivially easy to detect a USB card or SD card has been encrypted (unless you've swallowed it!) but you can also have a hidden volume within your Truecrypt volume for your truly personal data and another containing some random important looking data. Each volume has its own password and encryption scheme and is located in the same Truecrypt container.
For instance, the USB stick I use to keep my Bitcoin wallets on has this feature - if I were compelled to give up the password (as you can be in the UK), I give out the "safe" one, in which I've placed a few passwords for my Paypal account and internet banking. The "real" password would of course reveal the wallet. Most importantly it's not possible to tell the difference between a Truecrypt container that has a hidden volume and one that doesn't, a most elegant solution!
We shouldn't forget either that there's no reason why a Virtual Machine/Truecrypt volume has to be on an SD card or USB stick in particular. An Amazon Kindle, iPod or any kind of mobile phone with flash memory will work just as well.
V.
-
I worried about not having a hidden volume with Liberte, too. My solution:
I quit using Liberte on a USB drive and put it on a 4 gig micro SD card about the size of a fingernail. I could easily swallow it if I had to. No one is going to find something that small if it's hidden it well... It's amazing how much easier it is to hide an object the smaller that object is. And it is the ONLY piece of evidence that can link me to SR or any other related activity.
My laptop and the encrypted USB drive laying next to it will be the obvious prizes if shit goes down, but they are only red herrings.
By the time a subpoena is issued demanding that I unlock my laptop and USB drives, the real prize will no longer exist.
That's a great solution!
As my computer wont boot from SD cards (for reasons best known to itself) I think I might use a version of that idea where all the sensitive information is stored on a micro SD and either just encrypted or in a hidden volume (though this would necessitate the use of a 2nd computer (running a live tails CD - to avoid any persistence) capable of truecrypt use.
However I would avoid using TAILS as the main operating system since (for me at least) when I use it my computer name is still visible to the router. While this will doubtless be of little consequence to overall anonymity it just doesn't feel right to have my computer name so easily accessible to anyone on the network - a possible issue if using a neighbors or public wifi. It also lacks the ability (as far as I remember though I could well be wrong) of liberte to protect against cold-boot attacks by clearing the ram even when the stick is pulled out during operation. the likely-hood of a raid team knowing how or why to perform a cold-boot attack is pretty low I would say but it can't hurt.
A nice secure scheme! Well done cacoethes!
-
I worried about not having a hidden volume with Liberte, too. My solution:
I quit using Liberte on a USB drive and put it on a 4 gig micro SD card about the size of a fingernail. I could easily swallow it if I had to. No one is going to find something that small if it's hidden it well... It's amazing how much easier it is to hide an object the smaller that object is. And it is the ONLY piece of evidence that can link me to SR or any other related activity.
My laptop and the encrypted USB drive laying next to it will be the obvious prizes if shit goes down, but they are only red herrings.
By the time a subpoena is issued demanding that I unlock my laptop and USB drives, the real prize will no longer exist.
That's a great solution!
As my computer wont boot from SD cards (for reasons best known to itself) I think I might use a version of that idea where all the sensitive information is stored on a micro SD and either just encrypted or in a hidden volume (though this would necessitate the use of a 2nd computer (running a live tails CD - to avoid any persistence) capable of truecrypt use.
However I would avoid using TAILS as the main operating system since (for me at least) when I use it my computer name is still visible to the router. While this will doubtless be of little consequence to overall anonymity it just doesn't feel right to have my computer name so easily accessible to anyone on the network - a possible issue if using a neighbors or public wifi. It also lacks the ability (as far as I remember though I could well be wrong) of liberte to protect against cold-boot attacks by clearing the ram even when the stick is pulled out during operation. the likely-hood of a raid team knowing how or why to perform a cold-boot attack is pretty low I would say but it can't hurt.
A nice secure scheme! Well done cacoethes!
Thanks y'all, I appreciate the comments!
Bogben, if you'd like to use this setup you might want to try this:
My laptop wouldn't boot from its built- in card reader no matter what I tried, but it will boot from USB. So I found a cheap Targus card reader at Wally World for less than ten bucks that plugs into a USB port, installed Liberte on the micro SD card, and put the card into the Targus reader.
I set the BIOS to boot from USB (FDD in my BIOS), just like if using a thumb drive, and my laptop boots and runs from the micro SD card as flawlessly as it does a thumb drive.
My first computer had a 500MB hard drive. The next one had 3 gigs. I look at this tiny little chip all the time and marvel that it can hold ~ 4gigs of data. So easy to hide, so easy to destroy...
-
Thanks y'all, I appreciate the comments!
Bogben, if you'd like to use this setup you might want to try this:
My laptop wouldn't boot from its built- in card reader no matter what I tried, but it will boot from USB. So I found a cheap Targus card reader at Wally World for less than ten bucks that plugs into a USB port, installed Liberte on the micro SD card, and put the card into the Targus reader.
I set the BIOS to boot from USB (FDD in my BIOS), just like if using a thumb drive, and my laptop boots and runs from the micro SD card as flawlessly as it does a thumb drive.
My first computer had a 500MB hard drive. The next one had 3 gigs. I look at this tiny little chip all the time and marvel that it can hold ~ 4gigs of data. So easy to hide, so easy to destroy...
Thanks! I have never tried booting from a micro SD card, either in the card reader or in the USB port.
I had a thought while coming home from work today, (well actually I just remembered someone else's good idea :p) - why not store all the sensitive information in a message to yourself in Tormail, it should be encrypted with PGP. For the more paranoid out there you can always encrypt with symmetric encryption with PGP and THEN with a Public key (with the corresponding private key stored in a separate Tormail.
Perhaps that's going a little far though :p
Good to see Liberte getting some attention, it should be a prerequisite for this site.
-
Thanks y'all, I appreciate the comments!
Bogben, if you'd like to use this setup you might want to try this:
My laptop wouldn't boot from its built- in card reader no matter what I tried, but it will boot from USB. So I found a cheap Targus card reader at Wally World for less than ten bucks that plugs into a USB port, installed Liberte on the micro SD card, and put the card into the Targus reader.
I set the BIOS to boot from USB (FDD in my BIOS), just like if using a thumb drive, and my laptop boots and runs from the micro SD card as flawlessly as it does a thumb drive.
My first computer had a 500MB hard drive. The next one had 3 gigs. I look at this tiny little chip all the time and marvel that it can hold ~ 4gigs of data. So easy to hide, so easy to destroy...
Thanks! I have never tried booting from a micro SD card, either in the card reader or in the USB port.
I had a thought while coming home from work today, (well actually I just remembered someone else's good idea :p) - why not store all the sensitive information in a message to yourself in Tormail, it should be encrypted with PGP. For the more paranoid out there you can always encrypt with symmetric encryption with PGP and THEN with a Public key (with the corresponding private key stored in a separate Tormail.
Perhaps that's going a little far though :p
Good to see Liberte getting some attention, it should be a prerequisite for this site.
Liberte is certainly ideal for beginners as it's easy to set up and use and you can't install any extra programs which might compromise your privacy. It does however have some drawbacks such as not letting you have your own BTC wallet software and not everyone likes the Claws e-mail client. If you're going to store sensitive information on Tormail, even if it's encrypted I would suggest having a separate e-mail account just for this - if someone seized your computer they could discover your usual e-mail address and private key, meaning your best defence would lie in anonymity.
V.
-
Thanks for all the replies guys/gals.
I downloaded Tails and I liked how I could easily install Truecrypt, but I didn't like how it was able to communicate with my system hard drive.
Tails did not have a non-safe browser so I could connect through a coffee shope or wherever. AND, the first time I launched it...for some reason it kept my session from my main system and connected me right up with TOR. This is alarming because with Liberte or even my main system I ALWAYS have to re-authenticate. Which tells me something was left over. This made me very uneasy. I rebooted and that seemed to fix it, TAILS was unable to connect.
The down side to liberte is it can be a bit glitchy with Midori, but all my issues can be worked out with restarting applications and re-connecting. I'm working on putting a build together of liberte which includes Electrum and Truecrypt...but I'm totally lost. I read the instructions on the Liberte website but I don't have the knowledge to sort it out. I'm really very surprised no one else has built a version of it and released it.
Thanks for the suggestion to use Electrum, it looks like a pretty good solution. As far as Installing Truecrypt everytime I logon, I don't mind but I'm not sure how to do that. I did the alt+F2 and okroot then installed truecrypt but I couldn't get back to the login page. I tried cntrl D, it says logout and the green cursor just sits there. So I'll be working out that little tidbit, overall tho. I feel like Liberte takes the cake, I like how locked down it is. If Liberte had electrum/bitcoin and truecrypt it would be the absolute 1stopshop for anony users.
Any nerd out there want to shed some light on the building process? ;) I am a nerd of less knowledge.
I love the idea of a super small MICRO USB, I like the idea of also hiding it in plane site...like in a phone. The truecrypt hidden volume inside a truecrypt container is the best idea for the storage of keys and wallets. I was going to encrypt my whole External and this will work much better. Thanks again for all the great ideas everyone!
So I'll dump my VM, and work on getting installed applications working on Liberte. That way everything is nice and lightweight, USB or MicroUSB.
If anyone has any info on how to install truecrypt on liberte let me know, or just how to get back to the login screen after you install as root :)
SR ROCKS!! Thanks guys/gals
-
Liberte basically has it's own persistent encryption which is just as good as TC. Store your PGP key on it and use that to PGP encrypt sensitive passwords and logins on your persistent already encrypted drive. Still need a password to access it, key won't magically give up password especially if it's long and has sufficient entropy
Or buy a cryptostick, impossible to extract key http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/
Never tried the Liberte root console I assume you just passwd (new password) and su root, install and mount whatever you want then type exit to escape.
-
The advantage of truecrypt is the plausible denial. While Liberte does encrypt the volume, in the uk at least, you can be compelled to give the password to encrypted documents. True crypt allows you to appear to acquiesce to the demand but without having to actually compromise yourself.
Vlad - you are quite right, none of these items should be stored in the same account, though I would have thought that there would be no trace left on the midori browser of what you email was (especially if you use squirrel mail so no chance of rouge scripts "helping out" by saving your username and/or password).
There certainly are downsides (I can't stand claws personally and tormail feels safer). I can see the lack of wallet software would be irritating for anyone who wants to use bitcoins frequently or keep them for long periods, but for the casual user such as myself, there are online anonymous ones which are available.
mnightshamalon - I would be very interested on how you get on with that build, with the addition of truecrypt liberte would tick every box for me. Good luck with that, unfortunately I can lend only moral support and that of another bumbling newbie to the world of own build distros.
-
Thanks again for all the replies. I'm in the process of building LIberte from scratch with bitcoin and truecrypt, I coudln't load electrum because it's not in Gentoo's package list. This thing is taking a long time to build, but I guess that's normal.
Any whoo, I'll put some instructions on here if it works or once I'm done and have found the solution. Would anyone like this in an ISO? I was thinking of doing it but I don't know how comfortable people would be downloading an ISO of an OS they didn't build themselves. Either way I'll at least put some instructions if it doesn't fail.
I did catch one thing tho, If I understand the Truecrypt documentation correctly. **CLEAR LINK http://www.truecrypt.org/docs/?s=wear-leveling** We aren't suppose to store these file containers on USB flash drive because of wear-leveling, this isn't just for the whole USB drive, I think this is for the encrypted file containers stored on the flash drive as well.
But it's a bit miss leading because it says on the main page, "A TrueCrypt partition is a hard disk partition encrypted using TrueCrypt. You can also encrypt entire hard disks, USB hard disks, USB memory sticks, and other types of storage devices." So then, I must have missed something, all USB drives use wear-leveling now so it must be ok to use the encrypted file container? Maybe they mean encrypting the entire USB drive as opposed to a file container on the drive. I hope that is what it is.
Also, Truecrypt says not to write to the outer volume or I could damage the hidden volume. So when the wizard asks me to put files on the outer volume, that is the only time I can put file on? I thought I could use place files on there after. That's not too much of an issue tho..
-mnight
-
Thanks again for all the replies. I'm in the process of building LIberte from scratch with bitcoin and truecrypt, I coudln't load electrum because it's not in Gentoo's package list. This thing is taking a long time to build, but I guess that's normal.
Any whoo, I'll put some instructions on here if it works or once I'm done and have found the solution. Would anyone like this in an ISO? I was thinking of doing it but I don't know how comfortable people would be downloading an ISO of an OS they didn't build themselves. Either way I'll at least put some instructions if it doesn't fail.
I did catch one thing tho, If I understand the Truecrypt documentation correctly. **CLEAR LINK http://www.truecrypt.org/docs/?s=wear-leveling** We aren't suppose to store these file containers on USB flash drive because of wear-leveling, this isn't just for the whole USB drive, I think this is for the encrypted file containers stored on the flash drive as well.
But it's a bit miss leading because it says on the main page, "A TrueCrypt partition is a hard disk partition encrypted using TrueCrypt. You can also encrypt entire hard disks, USB hard disks, USB memory sticks, and other types of storage devices." So then, I must have missed something, all USB drives use wear-leveling now so it must be ok to use the encrypted file container? Maybe they mean encrypting the entire USB drive as opposed to a file container on the drive. I hope that is what it is.
Also, Truecrypt says not to write to the outer volume or I could damage the hidden volume. So when the wizard asks me to put files on the outer volume, that is the only time I can put file on? I thought I could use place files on there after. That's not too much of an issue tho..
-mnight
"If you need plausible deniability, you must not use TrueCrypt to encrypt any part of (or create encrypted containers on) a device (or file system) that utilizes a wear-leveling mechanism." which is basically SSDs and MicroSD or USB. Buy an Ironkey, though it doesn't work with Liberte without root password. Works on Tails though.
Can always make a small TC container and upload it somewhere over Tor then download it anytime you need it, dropbox, wuala or as an email attachment. And yes you can break your inner container by adding new files to the outer one unless you have plenty of extra room.
-
Thanks again for all the replies. I'm in the process of building LIberte from scratch with bitcoin and truecrypt, I coudln't load electrum because it's not in Gentoo's package list. This thing is taking a long time to build, but I guess that's normal.
Any whoo, I'll put some instructions on here if it works or once I'm done and have found the solution. Would anyone like this in an ISO? I was thinking of doing it but I don't know how comfortable people would be downloading an ISO of an OS they didn't build themselves. Either way I'll at least put some instructions if it doesn't fail.
I did catch one thing tho, If I understand the Truecrypt documentation correctly. **CLEAR LINK http://www.truecrypt.org/docs/?s=wear-leveling** We aren't suppose to store these file containers on USB flash drive because of wear-leveling, this isn't just for the whole USB drive, I think this is for the encrypted file containers stored on the flash drive as well.
But it's a bit miss leading because it says on the main page, "A TrueCrypt partition is a hard disk partition encrypted using TrueCrypt. You can also encrypt entire hard disks, USB hard disks, USB memory sticks, and other types of storage devices." So then, I must have missed something, all USB drives use wear-leveling now so it must be ok to use the encrypted file container? Maybe they mean encrypting the entire USB drive as opposed to a file container on the drive. I hope that is what it is.
Also, Truecrypt says not to write to the outer volume or I could damage the hidden volume. So when the wizard asks me to put files on the outer volume, that is the only time I can put file on? I thought I could use place files on there after. That's not too much of an issue tho..
-mnight
"If you need plausible deniability, you must not use TrueCrypt to encrypt any part of (or create encrypted containers on) a device (or file system) that utilizes a wear-leveling mechanism." which is basically SSDs and MicroSD or USB. Buy an Ironkey, though it doesn't work with Liberte without root password. Works on Tails though.
Can always make a small TC container and upload it somewhere over Tor then download it anytime you need it, dropbox, wuala or as an email attachment. And yes you can break your inner container by adding new files to the outer one unless you have plenty of extra room.
Well said mdmamail,
I use an SSD* on my laptop and it is something of a pain as far as encryption is concerned as the wear leveling mechanism won't work effectively if you encrypt the entire disk. Conversely if you only encrypt part of your system with Truecrypt you can risk exposing a hidden volume (recovery of the data itself would be almost as problematic as on a regular hard drive though.)
Since I use an SSD, I have adopted a "belt and suspenders" approach through placing a Truecrypt volume inside an encrypted Home directory in Ubuntu which is very easy to set up. It would be trivially easy for anyone who seized the machine to detect their was encrypted data on it but the Police here in the UK lack the resources and the skills necessary to bruteforce their way in - I should stress that the same isn't necessarily true for those of you who live in the US!
V.
*Solid State Drives operate along the same principle of USB flash drives but are in the form of hard drives which can be put into laptops and PC's, the advantage being they are much faster than regular mechanical drives, the downside being that they cannot be written to indefinitely.