| devnull10 |
06-20-2013 09:12 AM |
Quote:
Originally Posted by ChrisAbela
(Post 4974785)
I don't think that stlt or Truecrypt are what I was thinking about.
However, consider Slackware for example, I think that my idea might be somewhat feasible. You would need to look in the initrd and locate the stage where cryptsetup is called and replace it with other bash commands. Should a specific kamekaze password match, then it will just silently start cleaning up commands. This would involve installing a minimal encrypted installation with the new password as the encryption key over the previously encrypted partition. A tiny partition would be needed to hold the needed image or packages. Finally the initrd will have to be replaced with a standard one. If the passwords do not match however, it will pass the password to cryptsetup for normal resumption of the booting up process (if the password is correct).
In this arrangement, the authorities would not find any evidence that you cleaned the encrypted partition as they would only find a tiny functional encrypted installation with a password that you could happily divulge. The data would be lost forever but you would not provide them with any evidence.
Chris
|
They wouldn't try to access data on the PC by booting it up and entering the password, for that exact reason. Same reason as when they take a computer for forensic analysis, if it's switched on they don't shut it down in case there is a built in "wipe" bomb - they pull the power from it. It will all be done by a third party system. |
