I dunno if that will work but sounds interesting.

>>51437073
>they can't force you to cough up the password.
in america home of the free

you cannot give up your password if the data will incriminate you

as long as it's not secured with a biometric password

>>51437250
they could simply retain you indefinitely though

>>51437073
Did a similar thing on my laptop, but using an SD card as a keyfile.
Basically the laptop won't start unless the SD card is in place. It's much better than a password -- way longer and random, so it can't be remembered/forgotten.

I also wrote a small script that would turn off the laptop immediately if the SD card is not present.
So, in case of problems, you take out the SD card and break it.

>>51437236
I tested it in a vm ofcourse, so it does work.
But wether or not if it gives you plausible deniability is another thing.
Alternatively, one can use a raspberry pi hidden somewhere in the house so there wouldn't be a need for internet connection and they can't get your header from isp cache. You can also use gpg to make it even more secure
>>51437250
Not everyone have that luxury I'm afraid. In my 3rd world shithole, you can be put in jail for years if you are suspected of any funny business. beats execution though

>>51437331
They would still know that your drive was encrypted and not erased that way

>>51437073
>so they can't force you to cough up the password.
I mean, if you deleted the header, then it doesn't even matter if they managed to get the password from you. They still wouldn't be able to open the drive, so I think that your method would actually work, OP.

>>51437331
OP's method is different in that your method uses an SD card as the decryption key. OP's method deletes the header that the decryption key interfaces with to unlock the drive, so if it were to be deleted then even if you did have the password, there would be no way to ever access that data ever again.

>>51437073
>There is no way to prove that the device is encrypted and not erased with random data
>>51437345
>They would still know that your drive was encrypted and not erased that way

Wrong.
You do realize that you literally have a bootloader with all the instructions for fetching a key and decrypting the drive? It's enough for them.
Also:

>>51437359
>OP's method deletes the header that the decryption key interfaces with to unlock the drive, so if it were to be deleted then even if you did have the password, there would be no way to ever access that data ever again.

I use plain encryption (no LUKS), so there's no header at all. So it's basically the same thing.

the only real reason to encrypt your drive is if your device gets stolen, in which case thieves wouldnt even bother trying to crack a windows password much less ANY type of encryption software

if you are trying to be a special snowflake and encrypt the drive because of MUH GOVERNMENT, that means you are just a fucking tool and no one on the planet would think you'd last more than one night in jail before your dumb nerd ass gave up their password

doesnt matter anyway, no one gives a flying fuck about you and even if the government cares you deserved it.

>>51437073
well that's smart as fuck

>>51437377
>You do realize that you literally have a bootloader with all the instructions for fetching a key and decrypting the drive? It's enough for them.
ah shit. You are right. How about moving the bootloader to an external drive?
They would still be able to find it though

>>51437377
>I use plain encryption (no LUKS), so there's no header at all.
That sounds retarded. That means that if anyone gets your key, then all of a sudden your data is all compromised until your completely re-encrypt all of it, which would take forever.

>>51437384
>no one on the planet would think you'd last more than one night in jail before your dumb nerd ass gave up their password
That's the whole fucking point, you retarded mong. If you remove the encryption header, then you can't access the drive even if you have the password, meaning that they can't prove shit even if they do beat the password out of you.

>>51437428
Why not just have a script that loads dd and shutdown into memory, secure wipes the drive header, and then powers down your computer as your killswitch? Even if they did a cold boot for the decryption key, the drive header would still be gone.

>>51437073
op pls make this

>>51437488
How would you trigger it though?

>>51437530
It's not that hard though, any retarded mongo with basic C knowledge can make this.
I'll probably starting on one when we finish polishing the idea

>>51437551
If you wanted something full yolo, you could make it a multiple key keyboard binding.

Could also wire up an actual physical button to do it, but that would make it rather obvious to police that you have a killswitch.

>>51437577
Another solution I just thought of that is slightly less risky would be to have a second keyboard next to you wired up to a raspi or a server next to you, and have a keybind on it to do it, and since you don't use that other keyboard regularly you would be much less likely to press it on accident. Also gives more plausible deniability than an actual killswitch.

>>51437577
What if they raid my house when I'm not there? Or if they arrest me before I get a chance to trigger the switch?

By not having the header in there in first place, you have more than few days AFTER being raided to wipe everything.
The whole point is that it doesn't require your physical presence (the remote server can wipe the header 24 hours after not getting pinged)

>>51437448
stop trying to act smart. you have no fucking idea what you are talking about, and modern forensics can easily detect 'hidden' volumes, even with your batshit retarded high school tier workaround.

>>51437633
True. I don't really think that there is a better way to prepare for that contingency other than the solution you originally posted.

Yes, they could ultimately prove that you did indeed wipe the header and thus destroy evidence, but I guess if you have data that is so sensitive that you need to set all this up for it, then you would have to decide if it might be better that you get pinned with that rather than have the data be found. I don't think it is physically possible to remotely secure your data in a way that does not also have absolute deniability to say your drive had no data on it in the first place.

>>51437701
Actually, I think that YOU have no idea what you are talking about. If the decryption header is securely erased, then it is physically impossible for ANYONE (including the owner) to decrypt the disk.

Not only would the header be not present on the system that the police seize, but in the event that they later find the server it is stored on, it would have already been automatically wiped.

Being that the encryption header is ~1mb in size, you could perform a ridiculous amount of passes over it in a crazy short amount of time. Even with an electron microscope and weeks worth of time spent on it, it is physically impossible to get that header back after more than one pass.

That data is gone for good, buddy.

>>51437702
Oh I'm not even worth the fuel wasted to get to my house in case an authority decides to raid my house.
I just like keeping my porn secret (legal, mind you)
You are right about the absolute deniability though. But perhaps we can make it hard enough that maybe they give up before determining that the data is indeed encrypted

>>51437765
Well, uh, I imagine you might be able to hack something by sending some sort of commands through a TPM chip on your system(if you have one). I've seen hacks for storing decryption keys through TPM to prevent cold-boot attacks, but the nitty gritty of how TPM works and what it is capable of is way beyond me.

>>51437826
The thing about cold boot attack is, if they take the hdd out, they have no idea how the initramfs works, they have to reverse engineer it just to be able to tell that it tries to download a random file from a random location on the internet.
I mean, it's possible, but it's not a standard precedence, would anyone bother to reverse engineer /bin/mv just to see what's inside it? (ofcourse I'm renaming the executable to mask it from being a give away of what it is)

>>51437765
>I just like keeping my porn secret (legal, mind you)
Then you don't need anything more than bitlocker anyway.

le guberment isn't ever going to care about your horsecock bukkake videos because they aren't illegal.

>>51437978
>he thinks /g/ encrypts their data because they want to keep it safe
This is a technology enthusiast board faggot. cryptography is technology

>>51438008
and anyone who steals your machine is never going to bother trying to decrypt in the first place, and legal shit isnt worth the governments time. you are a tryhard

>>51438008
If you admit you don't eveb give a fuck about whether authorities raid you, then don't ask for advice on how to NSA-proof your shit. You don't need it if that's the case. You're asking for a nuke when all you need is a peashooter.

lrn2casualsecurity

>>51438100
>ask for advice
I provided an Idea on how to do it retard. I asked whether this is useful or not. Never did I ask /g/ to tell me how to NSA-proof my shit.
You think original truecrypt developers made it to hide their kiddy porn? or they were politicians?

>>51438142
Then why the fuck are you talking about government raids? Assuming this >>51437633 is you?

You obviously can't stop government agents from decrypting your shit without assistance from people who have a PhD in cybersecurity.

>>51438232
Discussing interesting contingencies with hypothetical scenarios isn't allowed because muh PhD?

No fun allowed, gtfo

>>51438232
Yes I made both posts that you quoted.
I'm trying to fix the problem of kill switches requiring the physical presence of the owner to activate. By fixing this issue, I can help many people who actually do have something to hide. Also, refer to >>51438268

>>51437978
Stop reciprocating the government meme. Everyone knows. We read it every day. We don't need it here.

>>51438268
It's allowed, I'm just saying it's futile.

And if you only need to defend your data from a spouse or roommate you don't really need anything more than pleb tier encryption.

>>51438054
>>51438100
You know, I think the people shilling this meme are the actual ones who think they have something to hide. Rajeesh go back to work

>>51437073
everything that is connected to the internet is botnet

>>51438339
read >>51437345

>>51438310
Again, we're on g. The name of this board is technology. If you were to fish for a cryptography discussion, you found the honey pot board. I'm not sure why you enjoy sitting on everyone wanting to make their tech a bit more secure as a hobby because security is bad philosophy to you..?

>>51438299
Oh I know. You want good crypto? Don't listen to /g/, listen to actual experts on the field.
>>51438293
You want a killswitch without being present? Carry the keyfile to your drive with you on a microSD card and just chew it into little pieces and swallow it if you think you're being watched.

>>51437762
>ridiculous amount of passes
>electron microscope
Welp I bought it up to this point. well baited OP.

>>51438473
I'm op and that's not me, but he's right

>>51438473
Nigga are you even trying anymore