On Fri, 18 Feb 1994, Nick Szabo wrote:
Sergey Goldgaber suggests hiding files amongst the disk blocks marked "deleted" by the filesystem.
This sounds practically equivalent to implementing an alternative file system with its own FAT, etc.
Actually, in it's simplest form, it is much easier to hide files by deleting them than by implementing an alternative file system. Theoretically, the former method should be enough for most of those concerned with having telltale "noise" files on their disks. Using an alternative file system might, for them, be almost as revealing as having "noise" files.
In addition to the problems and solutions Sergey mentioned, the true/surface/original filesystem must be slightly modified so that it doesn't bash the hidden filesystem in the process of making new files.
We can assume that the legitimate user would be aware of this drawback, and would take measures not to write over the files he has hidden. I see no absolute _need_ to modify the filesystem. A simple utility that can write files to specific disk locations is all that is required.
Of course, it will look rather funny when the disk runs out of space several tens of megabytes below the manufacturer's specs.
This is only a problem if you modify the filesystem. The standard filesystem will simply write over the deleted files; or, if one is using the above mentioned utility, one would write onto a truely free portion of the disk. We can assume that the only an intruder would unknowingly write a file onto the disk without using the special utility (thus overwriting the hidden encrypted file, and doing the legitimate user a favor by destroying the evidence). -- STUFF DELETED -- All feedback welcome, Sergey PS: I agree with your statement about "security through obscurity" sometimes being a good practical solution.