At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
One problem, however, would be how to keep the "decoy" data, accessible with only the ambush key, "fresh" in that it must undergo a certain amount of turbulence to appear real. The two file systems would essentially have to mirror each other, one with the juicy bits and one with the decoy bits. It would seem to be practically impossible to just build two file systems as one would 'disappear' when only the ambush key was used. Wouldn't it be sort of obvious that something was wrong if half the disk vanished?
As far as churning goes, why not just mount both the decoy and the encrypted filesystems simultaneously? Have a perl script (stored on the hidden volume of course) that automatically decodes random images from alt.binaries.pictures.* into the decoy system and nukes the oldest decoy files. And go ahead and keep a copy of all your assorted /var/named & other config files in there too. Honest officer, I keep that partition unmounted so that a system crash is less likely to clobber my painfully constructed configuration files - and it's encrypted so that crackers won't be able to alter my configuration backup to add security holes. Let them go nuts trying to un-stego the smut images once you've given them the duress key. Joseph Block <jpb@miamisci.org> "We can't be so fixated on our desire to preserve the rights of ordinary Americans ..." -- Bill Clinton (USA TODAY, 11 March 1993, page 2A) PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16 3F BD 57 0F 8A ED E3 21