digg

Facebook Connect Join Digg About

HOWTO Encrypt CD/DVDs in Ubuntu (and other distros)

blog.linuxmonitor.net This guide shows us how to use AES encryption on CDs and DVDs to store sensitive data. So when the FBI, RIAA or MPAA come knocking on your door, your data will be save, secure and encrypted!

Who dugg this? Made popular Mar 18, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

55 Comments

show profanity settings
expand all
  • chrono13, on 10/12/2007, -2/+31If you use trucrypt, it will be easily accessible in both Windows and Linux.

    But the best part is that when they do show up, you resist giving your password, you claim that your right to privacy is being invaded, and when they really threaten... you give them the password. And it opens the volume completely. Showing them your collection of GI JOE pictures and FanFiction, with very misleading file access dates (shows that you haven't accessed/changed those volumes in a long time, regardless of when you last did).

    Several layers of plausible deniability: priceless.
  • chrono13, on 10/12/2007, -1/+23You've never used TrueCrypt?

    "Couldn't they simply ask you to give them your passwords ? "

    You give them THEE password that opens the WHOLE volume.

    There is no way to detect that the rest of the volume is empty or contains any other data. It is all garbage... unless you access the volume with a different key (the real key) in which case it opens the inner volume. Double 486-bit blowfish encryption, with several layers of plausible deniablility.

    1. You gave the only password to the whole volume (it opens the full size, and is fully readable, and writable... and if the write anything into it, it writes over your secure data as if it were empty space... destroying the secure data. TrueCrypt will make no attempt to distinguish or protect your inner data when access with the outer key. In fact, there is *no* way for TrueCrypt to even know there is an inner volume, other than supplying it with both keys. Sound complicated? Sound hard? It isn't. It is the easiest and friendliest encryption program available.

    2. Timestamps (modified, accessed, etc) preserved. So if you write data into your secure file - it never changes the secure files modified or accessed date. "I haven't even opened that thing for months. It was just an experiment. I think I threw some GI Joe stuff in there."

    3. You fully cooperate. Tell them it is TrueCrypt, tell them the password, tell them what is in it. They get no surprises, no resistances, full cooperation and you get full deniability. "Is there a second password?" - "No.". That's it. No holding out, no lying (well... except about the second password... but there is no way for them to know that you aren't telling the truth at that point. After all, you have told the truth so far, and you have just handed over your password).

    TrueCrypt: http://www.truecrypt.org/docs/
  • madmack, on 10/12/2007, -8/+29could of != could've

    and English is not my first language
  • inactive, on 10/12/2007, -3/+17Could have.
  • Derrekito, on 10/12/2007, -0/+14Linu.. UBUNTU... Linubuntu...Ubunix. I give up.
  • Roger, on 10/12/2007, -0/+14@chrono13

    You sold me. I'll take ten.
  • userundefine, on 10/12/2007, -2/+16What the hell do you think TrueCrypt uses for encrpytion? AES for one...
  • Roger, on 10/12/2007, -1/+13Cool, so only 256 combinations to guess.
  • villium, on 10/12/2007, -0/+10>You do of course realize that the spooks insist on having back door for everything, right? Recently it came to my attention that even PGP >was 'modified' some years ago when the No Such Agency got a little worried.

    Take off the tinfoil hat bro, if PGP had a back door in it dont you think every coder in the world would know since the source is available. Phil Zimmerman has a FAQ vehemently denying any such "Back Doors" here : http://www.philzimmermann.com/EN/background/index.html

    Back to the topic, I enjoyed the article and think its great that its so easy to use. Every American should exercise their right to privacy through any means possible. If you dont use it, youll lose it!
  • blobzorz, on 10/12/2007, -0/+10Or.... you could microwave your CD's for ultimate protection.
  • muffinmanpoo, on 10/12/2007, -0/+9No. Go away.
  • Scourge, on 10/12/2007, -0/+7that's what thermite is for
  • FiP0, on 10/12/2007, -2/+8Actually, i was going to leave a comment to congratulate the submitter for that title. So many stories have had "Unbuntu" in their title although they referred to something compatible to any distro..
  • inactive, on 10/12/2007, -3/+8Linux. Say it with me. All together now.
    Linux.
  • msgyrd, on 10/12/2007, -0/+4Yeah, AES along with Blowfish, Cast5, Serpent, Triple DES, Twofish, and combinations of all of them.
  • gahal, on 10/12/2007, -1/+5When the FBI comes knocking at your door?

    How about just protecting your personal data, or sensitive work related information. I know I about ***** a brick when I thought that I had lost a usb memory stick that I use to carry around sensitive information for work.
    The description for the article makes it sound like the only purpose for this is for hiding illegal activity.
    Apart from that, nice article.
  • DomZy, on 10/12/2007, -0/+3You can tell them the key though
  • msgyrd, on 10/12/2007, -0/+3You can't be forced to incriminate yourself by giving out your passwords, and even if that gets you a contempt of court charge, I'd take that over revealing something so important that it got my ass in a courtroom to begin with.
  • inactive, on 10/12/2007, -3/+6I'm no legal expert, but I would imagine that something like this would fall under the 5th amendment. "....nor shall be compelled in any criminal case to be a witness against himself" You can't be forced to be a witness against yourself, therefore you don't have to give out any sensitive passwords.
  • shrapnull, on 10/12/2007, -2/+5How about your data being safe in case it was stolen? It's ***** like you that make legitimately useful tools sound as if they're for pirates and crackers that use GNU/Linux, because as everyone in the media knows, it's the only thing thieves use to store their data.

    If any of those agencies came after you with a subpeona, you'd have to decrypt it anyway...OR ELSE (contempt of court, obstruction of justice, take your pick).

    It's a useful tool for the masses, not just the criminals.
  • chrono13, on 10/12/2007, -0/+3"Also, with CD-Rs, you are going to be in trouble, since the empty space should be formatted to look empty - if they dump the disc bit by bit, they would be able to tell it isn't."

    No. TrueCrypt writes it's encryption/salt(random data) across the whole outer volume. Data in, data out, empty, full - it will all look like complete garbage data. The fake password is to the outer volume, so they open the *whole* thing. Your secret data is some of the empty space within the outer volume.

    Brilliant. But seriously, read about it - it's right there in the docs. Fascinating stuff.
  • DomZy, on 10/12/2007, -1/+4and ultimate data loss
  • Mandeep, on 10/12/2007, -0/+2Nevermind. It seems I can keep the outer volume as FAT32 and make the hidden volume NTFS.
  • gfixler, on 10/12/2007, -0/+2Agreed. I use TC to bring files home from my XP box at work safely, and to safeguard personal things at home on Ubuntu. There are a few caveats for me, so far, which might have workarounds.

    For one, I can't encrypt a full partition on Linux - it isn't supported yet - so I had to do that to an external drive through XP at work, but I can use the encrypted drive normally at home on Linux. It's a bit more tricky than the ways to which most Windows users are accustomed, though, as it doesn't automatically show up anywhere, requiring you to find it in the shell, and mount it manually, but that can be pretty quickly scripted to automation.

    Second, though I can create a TC volume as a user on Linux, I need to be root to mount it, meaning that anything copied off my USB thumb drive is owned by root. I've automated this exchange with a few lines of script that run Unison to sync up all the folders first, and then recursively chown the directory to which the subdirs were copied. Before going that route, SVN was getting hung up on my trying to add, or commit files not owned by me.
  • mrsteveman1, on 10/12/2007, -0/+1A tc volume can be setup with a keyfile along with a password, without either one it wont decrypt. There isn't any way to tell a keyfile was used. If you use a keyfile, it then needs that file AND the password to decrypt the master key, so that it can decrypt the real data.

    I stick that keyfile on the SD card in my laptop, and if i need to i yank it out and destroy it or something. sry officer it must have shredded itself, i wonder if SD flash chips are one of those things you cant recover data from when the chip breaks in 200 parts......

    Another advantage of truecrypt is that newly written data is randomized in a way that doesnt look like encrypted data. This makes it hard to even find a tc volume as long as its DEVICE hosted and not file hosted.

    Too bad you cant use a keyfile for TCGINA or you would have a totally encrypted windows profile that could be easily disabled with the yank of an SD card :D
  • cyssero, on 04/18/2009, -0/+1I'd really appreciate if someone could confirm if there really are millions of traces left that you can't get rid of. I find it hard to believe but don't know enough about the subject. Someone please enlighten me :) And yeah, will Linux leave lots of traces too?
  • protium, on 10/12/2007, -1/+2This is news? The way I see it, if the FBI find you and your computer doing something illegal, its probably too late.
  • CompIsMyRx, on 10/12/2007, -1/+2Or if you don't like a 20 character password, use this
    mkisofs -r backup | aespipe -e aes256 -H rmd160 > backup.iso
    Now it can be a minimum of 1 character
  • coversyl, on 10/12/2007, -0/+1Are you sure there is no way anyone can tell you are using tc??

    If they suspect you are using tc then they will just ask you for all the keys.

  • geronimo, on 10/12/2007, -0/+1Thanks for the SVN tip. I use truecrypt on my linux laptop to store all my paswords, I was considering using the truecrypt volume for my source code so that if someone stole my laptop they wouldn't have access to my passwords and code.
  • radu79, on 10/12/2007, -0/+1Traces can be left in the windows swap file and in the 3rd party application that is used to view the secret files (it might have it's own logs, and might even cache stuff, depending again on what you are using).
    Of course, the swap is constantly overwritten with new stuff so unless the attacker can get a hold of your machine right after you viewed the secret stuff, chances to find something after a few hours are minimal.
    And the same for Linux, although you can use encryption for the swap under Linux.
  • Derrekito, on 10/12/2007, -0/+1Stop spamming the comment system you troll.
  • Derrekito, on 10/12/2007, -0/+1***** it. I grow tired of arguing with the wall.
  • Mandeep, on 10/12/2007, -1/+2You can only use TrueCrypt outer volumes if you're using FAT right? So, does that mean people who have files larger than 4gb and have to use FAT are out of luck when they need to use NTFS?
  • Derrekito, on 10/12/2007, -1/+110 years vs. 20 years? I'll take 10.
  • h0dg3s, on 10/12/2007, -1/+1Go post your blogspam somewhere else, slapnuts
  • inactive, on 10/12/2007, -1/+1I put all my goodies on a usb drive 500gig and put that in a mason jar then bury that in my back yard. Oh by the way my back yard is about 300 acres.
  • nonchallant0819, on 03/28/2008, -0/+0This is a great story... found this one through http://www.google.com




    ___________________________________
    http://www.TopNotchCarpentry.com
  • jdepp, on 10/12/2007, -0/+0In UK you can get 5 years in jail for witholding keys against a court order. ... so you'd have to be keeping some pretty serious data that would put you away for longer to make it worthwhile
  • bocaJWho, on 10/12/2007, -2/+1Let me be the first to admit that I don't really understand how this thing works, but I would bet that if someone is really suspicious, there are other ways to detect whether or not there is a second password. CD-RW's only have a limited number of times they can be rewritten - the disc wears. They would probably be able to detect that in some places, the disc has been worn more than it ought to have been. Also, discs decay, so if the time stamps are off, people can figure that out.

    Hell, when my discs have two partitions, I can normally look at it and tell.

    Also, with CD-Rs, you are going to be in trouble, since the empty space should be formatted to look empty - if they dump the disc bit by bit, they would be able to tell it isn't.

    Anyways, if they are that interested in you, probably best to just suck it up for whatever you did and avoid the additional obstruction of justice charges.
  • inactive, on 10/12/2007, -4/+3If you have ***** you need to protect from the FBI you'd better store it somewhere else. Don't ***** where you eat.

    If you think encrypting your data will protect it from the FBI, better think again.

    Buried as misleading and potentially harmful
  • BuddhistPirate, on 10/12/2007, -1/+0
    He could have said "GNU/Linux" or "popular *nix variants", the point is, we live in an ever widening world of generalizations and somewhere someone has to pick one to use, and its not always perfect, but in the universe of their mind, it is exactly what they meant.

    Also, "could of", while not correct according to Standard English, is very much allowed since Language is changing constantly and the "grammer nazis" are merely scared that a new language is going to take over and they're not going to understand it. Unfortunately fighting against language change is the exact wrong way to deal with the situation. If you don't correct a person, they are much less likely to take pride in doing it wrong and they won't spread it as "slang" just to spite the insecure person who corrected them.

  • Ngai, on 10/12/2007, -3/+1Oh my, this would be great for all 350 gigs of my *****.

    Wouldn't want to get myself arrested now do I. :)

    What is the average airspeed velocity of an unladen swallow? (I like the comment enhancer!)
  • coversyl, on 10/12/2007, -2/+0As with hiding anything, it depends who is looking and why

    The above would certainly hide stuff from your wife, kids, boss or whoever. From a forensic computer specialist - forget it. They've seen anything you can do 1000 times before

    Not sure about he USA but here if a judge asks for the key and you refuse then they will jail you for contempt of court until you give it up.
  • sneakerelph, on 10/12/2007, -3/+1I don't see what the problem is. Ubuntu is an operating system. The fact that these steps may work relatively unchanged in another OS (After all, Linux IS just a kernal) is irrelevent. Ubuntu is currently the most popular desktop distribution of Linux, and it's fair enough to use it in the description.
  • radu79, on 10/12/2007, -6/+4The 5th amendment.
  • gzim, on 10/12/2007, -5/+2I don't think anyone who reads Digg would ever have anything important enough to have the FBI or NSA bother to use their secret keys...
  • Mandeep, on 10/12/2007, -5/+2who the ***** cares if he said could of and not could have. do you really not understand what he meant when he said that? if not then maybe i should crack your skull open so you grammar nazis will just shut the ***** up.
  • madmack, on 10/12/2007, -6/+2should of != should've (should have)
  • radu79, on 10/12/2007, -5/+1Assuming that you live in the USA, you really don't know much about the law, now do you?
  • Fetching more discussions...
    Show 51 - 55 of 55 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.