in the name of zero

before anything else, let me wash my hands.

1) i used the word “porn” rather loosely (coz i like to be creative). it can be anything you fancy as long as it is digital in form.

2) if you don’t know what the words below mean, this article might not be for you.

3) technical details intentionally left out. this is a blog entry. not an in-depth howto.

4) if you tend to forget your passphrases, you’re definitely screwed before even starting.

5) i’m not a maniac.

and, a quote by hannah arendt:

at the risk of getting ahead of myself…
“prepare for the worst” = because if you’re parents/girlfriend find out .. it will so suck.
“expect the best” = in the event that they don’t… you rule dude!
“take what comes” = always be one step ahead. do whatever is in your power to keep what you are hiding hidden.

before jumping in the sea full of sharks, i considered these first:

a) loopback devices/cryptoloop built in-kernel or loaded as module. (loaded as module)
b) cryptographic api cipher algorithms built in-kernel or loaded as module. (blowfish was built in-kernel, for some reason)
c) filesystem to be used in block device built in-kernel or loaded as module. (be using ext3, so no worries)
d) read more.

amerei@heaven ~ $ dd if=/dev/urandom of=/home/amerei/.crypto.ghostdisk bs=1024k count=20

what the above command does it to create a 20 megabyte garbage (1024k * 20 = 20480k = 20 mb) using /dev/urandom as the entropy pool and the input file.

this step can be subdivided into two parts. first, i associated my file with a loop device:

heaven amerei # losetup -e blowfish-256 /dev/loop0 .crypto.ghostdisk
Password: [i entered my password here]

then created a filesystem on it:

heaven amerei # mke2fs -j /dev/loop0

first, i mounted the loop device. then tweaked permission the bits to my everyday uid and gid. (chmod+chown) after which i umounted it and detached the loop device from the file.

added this entry to my /etc/fstab file :

/home/amerei/.crypto.ghostdisk /mnt/ghostpoint \
auto defaults,noauto,loop,encryption=blowfish-256,user 0 0

conclusions:

now, anyone trying to read or access my files “in the file” would have to supply a passphrase first in addition to mounting it. from the newbie knowledge i just got, i could already see many of possibilities and applications of the whole experiment. keeping my mailbox/spool in a special mounted folder, is one. heck, i’m even thinking about encrypting my entire $HOME directory to learn more about cryptoloop.

raising the level of paranoia even more, i could have gpg‘ed every data i copied inside the pseudo disk to offer additional encryption.. but then, seriously… only the nasa + us government + nsa + pentagon + area 51 would do such a thing. besides, i don’t have any porn to hide to begin with. :p

everyone could really benefit from a little-to-moderate data keeping policy some time or another. the only tradeoff i could see for now is the added work of setting up a cryptoloop-able system, remembering the password and inputting it everytime it is required. but these are minimal overheads in my honest opinion. (all of which could definitely be automated) and it is better than just hiding files too which is a very common and misconceived way of hiding data in the wild.

there is really nothing fancy with this activity. just trying out something new for motivational/educational purposes. there are lots of other people who know more and would surely take a much more professional and fancier approach into achieving the same thing i did or even much better. i’d love to try other approaches/implementations out too. thanks to the people who wrote cryptoloop tutorials.

regards,

amerei