4
My laptop has a 250GB hard drive, and I currently use it to do a lot. I have Windows 7, Ubuntu 11.10, and BackTrack 5 on it, but I'd like to switch it up and add more security.
What I aim to do is have full disk encryption with TrueCrypt, along with making BackTrack a hidden operating system. Theoretically, the process I see is this: Boot up the laptop, it asks for a password. I can type in the decoy password, then it would forward me to GRUB so I can choose to boot Windows or Ubuntu, then everything acts as normal. When I boot the laptop, I could also put in the hidden OS password, then that would boot up BackTrack. Most guides I've seen basically just do one decoy OS and one hidden OS, so I'm not 100% sure really how to go about it.
Also, whenever I get this up and running, how possible would it be to change around some OS's? For example, if I wanted to replace Ubuntu with something like Arch Linux. Would I be able to do that, or would that break encryption somewhere?
Thank you so much for everthing!
Chiggins
Posted 2012-02-06T16:05:01.823
Reputation: 379
1@SachinShekhar - For my purposes, full disk encryption would suffice well enough. – Chiggins – 2012-02-06T16:36:35.997
1@SachinShekhar If you you use a decent CPU with AES acceleration it is only a minor performance impact, I use it here. – None – 2012-02-21T10:00:46.143
1What prevents the sectors containing the hidden OS from being corrupted by the operation of the "decoy" OS? You can't prevent the OS from allocating disk space during normal operation -- or do you propose to have all filesystems mounted read-only in the decoy? – Fran – 2012-05-08T17:44:09.720
1
@Fran TrueCrypt has an extensive list of security considerations and other precautions to follow so that the integrity of a hidden volume is protected.
– Iszi – 2012-07-26T16:42:13.1231@Sachin Shekhar - Cold boot attacks don't render full disk encryption useless, it only provides a window of attack to a person with physical access while the machine is on, or shortly after it has been turned off. Further, most new processors allow you to store the keys on the processor thus greatly mitigating cold boot attacks. (Search for TRESOR) – davidgo – 2013-06-26T07:54:30.010