I wonder if it's possible to create encrypted disk (USB thumb-drive) completely undistinguishable from just block of random data. So that it would be plausible to deny presence of anything encrypted and say that it's just regular unformatted drive, of drive after wiping.
With VerCrypt for macOS I can encrypt whole such thumb-drive, not just logical partition. MBR will not be changed as far as I understand. So the only way to tell that there's something encrypted on the drive would be to check the encrypted partition header.
If there would be a way to detach the header or store it in encrypted form too, this would probably solve the task. I think there is such functionality in BestCrypt software, for file containers.
Would removal or encryption of the header really solve the task? Is it currently possible with VeraCrypt? If not, is it something on development roadmap?
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Some points:
1. Data encrypted is data with high entropy (very random) It can be tested by many methods (e.g. Monte Carlo)
2. => Any random data can be treated as data encrypted
3. So. if there is random data => it is encrypted. You have to have password...
PS. To solve your REQ see details about hidden volumes.
Last edit: Alex 2017-09-09
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, presence of random data does not prove there's something encrypted. It can be result of wiping off information from disk. If there's no forensic artifacts pointing to use of encryption software - you can go with random data easily. But container header is exactly such an artifact.
Hidden volume is pretty clear. But it requires creating an 'outer' volume first and then, inside this outer container (which presence is undeniable) you can create 'inner' hidden header-less container.
My question can be rephrased like this: can one create a hidden (inner, header-less) container, or better yet - full USB disk partition, WITHOUT creating outer (standard) one?
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello!
I wonder if it's possible to create encrypted disk (USB thumb-drive) completely undistinguishable from just block of random data. So that it would be plausible to deny presence of anything encrypted and say that it's just regular unformatted drive, of drive after wiping.
With VerCrypt for macOS I can encrypt whole such thumb-drive, not just logical partition. MBR will not be changed as far as I understand. So the only way to tell that there's something encrypted on the drive would be to check the encrypted partition header.
If there would be a way to detach the header or store it in encrypted form too, this would probably solve the task. I think there is such functionality in BestCrypt software, for file containers.
Would removal or encryption of the header really solve the task? Is it currently possible with VeraCrypt? If not, is it something on development roadmap?
Thanks!
Some points:
1. Data encrypted is data with high entropy (very random) It can be tested by many methods (e.g. Monte Carlo)
2. => Any random data can be treated as data encrypted
3. So. if there is random data => it is encrypted. You have to have password...
PS. To solve your REQ see details about hidden volumes.
Last edit: Alex 2017-09-09
Well, presence of random data does not prove there's something encrypted. It can be result of wiping off information from disk. If there's no forensic artifacts pointing to use of encryption software - you can go with random data easily. But container header is exactly such an artifact.
Hidden volume is pretty clear. But it requires creating an 'outer' volume first and then, inside this outer container (which presence is undeniable) you can create 'inner' hidden header-less container.
My question can be rephrased like this: can one create a hidden (inner, header-less) container, or better yet - full USB disk partition, WITHOUT creating outer (standard) one?
Thanks!
veracrypt header is random data. it starts from salt and the rest data is encrypted by password.