Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
| reply to jansson_mark
Re: Idea for steganographic filesystem for Windows
said by jansson_mark  : I explained in my post to Truecrypt forums, that since Windows generally writes to the first available sectors on the hdd, there is very little actual risk of encrypted sectors getting hammered if they are in the area that is near at the end of the hdd. ... Also, if user wants to add files the the hdd/partition where "superhidden" container is, one could simply first MOUNT the "superhidden" container and let the TC protect those sectors from Windows overwriting. Then you could write anything you like in that hdd/partition or inside the "superhidden" container without any fear that container would be overwritten. Depending on the "value" of the encrypted material, I'm not sure if I'd want to simply trust to Windows "generally" doing anything. Normally, if it's needful to encrypt something, it means it's high-value material in the first place... and not something you'd want to risk to the whims of Windows' "typical" but unspecified behavior. And there's still the issue of certain disk utilities - especially defragmenters - that may routinely shift certain file-types or even ordinary ones to the end of their partitions in order to collect enough contiguous partition free space to "do their thing".
The mounting concept might help with the Windows over-write risks, though you'd have to keep the superhidden container mounted at all normal-usage times, then remove all traces completely when you wanted the drive encryption to become covert - and hope that nothing Windows subsequently did while in that state would cause harm to the encryption sectors. But 'mounting' would probably run afoul of certain disk utilities, many of which need the computer environment to be simple and basic, with all other material "turned off" or unmounted before running... and that's the very thing you wouldn't want if the utilities should happen to habitually shuffle the encrypted partition's cluster deck in order to do their job.
Whatever encryption scheme were used, along the lines you've described, it must be strongly covert and randomized with regard to its nominal starting-point sector usage and the general layout of subsequent encrypted locales. If such a scheme were deployed, it's a sure thing that the expert analysts would become immediately aware of it and routinely check any target drives for characteristic usage patterns or attributes of end-of-drive bit-pattern placement that might yield to machine analysis to betray the presence and nature of the overall encryption technique used. Once that cat was out of the bag, the heavy-duty cracking focused on the specific discovered encryption technique would begin.
--
If God wanted us to work with electrons, He'd make them big enough to see... |
