!OOxKMCCXyQBnojCygy:synapse.travnewmatic.com

Spite – Security & Privacy

1626 Members
⎨𝐒ecurity 𝐏rivacy 𝐈nternet 𝐓echnology 𝐄nthusiasts⎬ – Spite | In spite of all the security and privacy oriented rooms permeating factually incorrect echo chambers, the birth of Spite arises. | Rules: https://spiterules.neocities.org/ | Website: https://madaidans-insecurities.github.io/ | 85 Servers

Load older messages


SenderMessageTime
19 Jan 2021
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaOkay, so I should look into a partitionless setup. My concern is with how that may interfere with Qubes, though. I suppose I can look into that, but for the time being I think a partitioned setup should be the goal, since a partitionless one is a big unknown and I rarely ever hear of it. I definitely have not heard of it in the context of Qubes, and Qubes is notoriously finicky with its hardware and environment.03:11:47
@telegram_153312353:spitetech.comsbct (Telegram)
In reply to @crypts-in-cascadia:privacytools.io
Okay, so I should look into a partitionless setup. My concern is with how that may interfere with Qubes, though. I suppose I can look into that, but for the time being I think a partitioned setup should be the goal, since a partitionless one is a big unknown and I rarely ever hear of it. I definitely have not heard of it in the context of Qubes, and Qubes is notoriously finicky with its hardware and environment.
yeah i cant say anything about qubes
03:12:10
@telegram_153312353:spitetech.comsbct (Telegram)i don't even know how it works03:12:18
@telegram_153312353:spitetech.comsbct (Telegram) @madaidan could probably help you with that 03:12:25
@telegram_153312353:spitetech.comsbct (Telegram)but in general, having nested luks drives should work just fine, i just don't know what you'd do with your flash drive containing the headers. unless you got a second flash drive to keep the headers of that one, the use of encryption won't be able to be hidden03:13:07
@telegram_153312353:spitetech.comsbct (Telegram)
In reply to sbct (Telegram)
but in general, having nested luks drives should work just fine, i just don't know what you'd do with your flash drive containing the headers. unless you got a second flash drive to keep the headers of that one, the use of encryption won't be able to be hidden
and at that point you'd be on an endless loop of flash drives for header files XD
03:13:35
@telegram_153312353:spitetech.comsbct (Telegram)and also, remembering and typing in a lot of different passwords each time you turn on your computer will get super annoying super quickly03:15:23
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaNeither did I until recently. It is very intimidating and difficult to understand until you actually learn about how it works. Before learning about Qubes, even just seeing a few introductory videos on it and reading the project FAQ, I seriously thought it was basically black magic. Now, it's much more comprehensible. The best advice I can give to begin understanding it is to not think of it as an operating system, but as a minimal hypervisor upon which you run multiple separate operating systems concurrently, because that is exactly what it is. At a conceptual level, it's basically the next step up in virtualization from workstations: instead of just having different virtual monitors with their separate activities, you have different virtual operating systems with their separate activities. Plus, everything else is virtualized and isolated, including the USB ports and WiFi adapter and firewall.03:15:38
@telegram_153312353:spitetech.comsbct (Telegram)
In reply to @crypts-in-cascadia:privacytools.io
Neither did I until recently. It is very intimidating and difficult to understand until you actually learn about how it works. Before learning about Qubes, even just seeing a few introductory videos on it and reading the project FAQ, I seriously thought it was basically black magic. Now, it's much more comprehensible. The best advice I can give to begin understanding it is to not think of it as an operating system, but as a minimal hypervisor upon which you run multiple separate operating systems concurrently, because that is exactly what it is. At a conceptual level, it's basically the next step up in virtualization from workstations: instead of just having different virtual monitors with their separate activities, you have different virtual operating systems with their separate activities. Plus, everything else is virtualized and isolated, including the USB ports and WiFi adapter and firewall.
it sounds super secure and super annoying for desktop usage
03:17:40
@telegram_544286782:spitetech.comCarl Goldstein (Telegram)I was reading an artile acout 802.11 Probe Requests.03:19:53
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaThe external drive will be on my person at all times. In the event of catastrophe, it can be destroyed. Anyone who has the main drive should see nothing but a disk full of random data. They would also have to both know that I have an external drive that boots it and also successfully take/copy it in order to even boot my computer, and even then only after supplying my passphrase. The LUKS headers, or at least the outer layer's header, for the main drive will be stored on the external drive; the LUKS headers for the external drive will be stored in position on the drive. Anyone who has my external drive will know that it is encrypted and therefore it will not be deniable, but they will not necessarily know what it is beyond an encrypted flash drive. I am not sure if there is a solution for this that does not result in infinite regress, so I am satisfied with stopping at the external drive.03:20:27
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaAll I will need is one passphrase to unlock the LUKS volume on the flash drive, after which point the whole process should be a cascade of 8,192kB keyfiles.03:21:31
@crypts-in-cascadia:privacytools.iocrypts-in-cascadia * The external drive will be on my person at all times. In the event of catastrophe, it can be destroyed. Anyone who has the main drive should see nothing but a disk full of random data. They would also have to both know that I have an external drive that boots it and also successfully take/copy it in order to even boot my computer, and even then only after supplying my passphrase. The LUKS headers, or at least the outer layer's header, for the main drive will be stored on the external drive; the LUKS headers for the external drive will be stored in position on the drive. Anyone who has my external drive will know that it is encrypted and therefore it will not be deniable, but they will not necessarily know what it is beyond an encrypted flash drive. I am not sure if there is a solution for this that does not result in infinite regress, so I am satisfied with stopping at the external drive.03:22:33
@telegram_153312353:spitetech.comsbct (Telegram)yeah plausible deniability on the header device is too much to ask03:22:57
@telegram_153312353:spitetech.comsbct (Telegram)* yeah plausible deniability on the header device is too much to ask03:23:17
@telegram_544286782:spitetech.comCarl Goldstein (Telegram)I was reading about 802.11 Probe Requests.03:25:22
@telegram_544286782:spitetech.comCarl Goldstein (Telegram)Do your computer and phone really frequently send 802.11 Probe Requests in an attempt to provide seamless connectivity all the time?03:25:25
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaI don't know, but it sounds familiar enough that I think I killed that (or tried to, anyhow) at some point early on in hardening my system. It was years ago since I did most of that work, though, so it's all very fuzzy.03:27:05
@crypts-in-cascadia:privacytools.iocrypts-in-cascadia Do you have any advice or info about implementing a partitioned setup of what I want, sbct (Telegram)? Or is your familiarity with the topic more with partitionless setups? Because what's confusing me the most is how to craft the cryptsetup commands involved in setting up the nested LUKS volumes. 03:30:24
@telegram_153312353:spitetech.comsbct (Telegram)
In reply to @crypts-in-cascadia:privacytools.io
Do you have any advice or info about implementing a partitioned setup of what I want, sbct (Telegram)? Or is your familiarity with the topic more with partitionless setups? Because what's confusing me the most is how to craft the cryptsetup commands involved in setting up the nested LUKS volumes.
its basically the same
03:31:58
@telegram_153312353:spitetech.comsbct (Telegram)in any case I think you will need a custom initramfs though03:32:08
@telegram_153312353:spitetech.comsbct (Telegram)the only difference with partitionless setups is that you first wipe the drive, then you don't even create a partition table, you just give the block device (e.g. /dev/sda) to cryptsetup in the same way you would with /dev/sda103:33:04
@telegram_153312353:spitetech.comsbct (Telegram)
In reply to sbct (Telegram)
the only difference with partitionless setups is that you first wipe the drive, then you don't even create a partition table, you just give the block device (e.g. /dev/sda) to cryptsetup in the same way you would with /dev/sda1
I have no idea if that would break qubos or not, but i honestly don't think so
03:33:56
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaQubes apparently expects LVM, but LVM seems to be implementable on a partitionless system. Maybe I can skip partitioning, at least on the main drive, but I will probably still have to logically partition it with LVM.03:45:16
@crypts-in-cascadia:privacytools.iocrypts-in-cascadiaGiven that Qubes is intended to take up the entire drive and plays very poorly with any multiboot setups, anyway, it is actually not clear to me why it is partitioned at all. What is gained with partitioning in this context? Is it just expected at this point, or is there something here I am missing? Might it be problematic for setting up UEFI booting? An EFI system partition is apparently mandatory for UEFI, according to Arch Wiki[1], but if I store that partition on the external drive like I intended, anyway, does the main drive even need to be partitioned? https://wiki.archlinux.org/index.php/EFI_System_Partition I have never had any exposure to partitioning beyond the automatic default partitioning done during installation until I decided to implement this custom setup, so sorry if these questions have obvious answers.03:52:05
@crypts-in-cascadia:privacytools.iocrypts-in-cascadia *

A practical example of why I am seeking this implementation is both to obfuscate the fact that the drive is encrypted or contains anything more than random data and to protect my data in any scenario involving me being separated from access to my data and all its copies, whether in the event of theft or confiscation or my death. This ensures that my data is indefinitely secure to the point that it is prohibitively costly to ever decrypt it, especially not well beyond when I will still matter, such as generations after my death.

If nothing else, I want to know if this is even feasible to implement, and how, as a proof of concept that a strong encryption setup featuring the best aspects of both VeraCrypt and dm-crypt+LUKS is possible, which can provide sufficiently strong security to be relevant even in the context of post-mortem privacy.

No, this does not have anything to do with hiding criminal activity. This is about determining whether an extremely strong setup like this is workable and, if I can, documenting the procedure so that a guide to accomplish this can finally exist. As far as I am concerned, it is a disgrace that multiple-encipherment setups like this are not already integrated into dm-crypt and the Linux kernel, something I have been wanting and waiting to see for years. I'm finally done waiting and want to just implement it myself.

04:22:13
@telegram_154205976:spitetech.com🗿FF🗿 (Telegram)
In reply to ad (Telegram)
sent an image
holy shit
05:00:31
@telegram_154205976:spitetech.com🗿FF🗿 (Telegram)Hey guys, with how Tor hidden services are by default vulnerable to discovery because of the simple formula of "create traffic to the spooky server and look on the network for it", I want to know how realistic is it to think that a HS will be discovered that way if it is inside the United States and never connects directly to Tor relays outside the United States (so it's guard node is within the US and my traffic with it should not appear on NSA's own upstream surveillance in which 1EF (one-end foreign) is sent to NSA and the rest is allegedly not sent to NSA by telecom companies)05:09:16
@telegram_154205976:spitetech.com🗿FF🗿 (Telegram)* Hey guys, with how Tor hidden services are by default vulnerable to discovery because of the simple formula of "create traffic to the spooky server and look on the network for it", I want to know how realistic is it to think that a HS will be discovered that way if it is inside the United States and never connects directly to Tor relays outside the United States (so it's guard node is within the US and my traffic with it should not appear on NSA's own upstream surveillance in which 1EF (one-end foreign) is sent to NSA and the rest is allegedly not sent to NSA by telecom companies)05:12:25
@telegram_154205976:spitetech.com🗿FF🗿 (Telegram)And it won't have anything psycho like Al Qaeda forum or child rape... just edgy banter that, if done on Faceberg, would normally get the Faceberger a casual home visit by some retards in FBI jackets05:15:27

There are no newer messages yet.


Back to Room List