This project has moved. For the latest updates, please go here.

More than one decoy OS?

Topics: Users Discussion
Mar 17, 2016 at 9:00 AM
Windows decoy, Ubuntu decoy, and then something else hidden. Because that would make sense to me since I'd actually like to have both of those as main OSs.

Wondering if this is possible. As far as I know it's not, but I might be wrong.

If not, would this be a possible option in the future?
Mar 17, 2016 at 10:17 AM
That might depend on what you mean by "decoy". I could be wrong, but my
impression is that in this context it usually means an OS on the outer encrypted
volume of an encrypted partion that also has a hidden volume. I don't think
that's possible yet. I don't think anyone has managed to boot a gnu/linux from an
encrypted drive. An encrypted home, yes, but not the whole thing. I think you can
have a "decoy" Windows and a inner Windows on outer and hidden encrypted
volumes on one partition and Ubuntu on an unencrypted partition. I think you
might have to talk the Windows boot loader into chaining to Grub, rather than the
other way around like we usually do multibooting. If that won't work (and I'm not
sure of it), you can definitely put a bootable Ubuntu with grub on a seperate drive.
You might have to install it with the drive with the containing the encrypted decoy
and hidden Windows systems unplugged. And select which drive to boot from
with the bios settings or something similar. Basically, I think Windows is the only OS
that VC can encrypt, but I'd love to hear I'm wrong. Of course with 'nixes, you can
use a live disk easily, which serves much the same purpose.
Mar 17, 2016 at 6:27 PM
One of my concerns, though, is to have a certain level of persistence in the OS, so a live disc is useful, but... I have to learn more about that in particular. Though I wonder, is there a way to have a hidden encrypted OS with full persistence, that could only be accessed by booting from a usb device, for example (effectively making the computer look perfectly innocent otherwise)? (I realize this may be outside the scope of veracrypt)

My biggest peeve with veracrypt (and perhaps others, if they work the same way) is that the system being encrypted is on its own a sort of giveaway. Even if it can't ever be proved, everyone and their mothers knows a hidden partition/volume could very well be present, and that veracrypt is explicitly limited to two volumes: 1 outer, 1 inner. When it comes to loose volumes, it's still somewhat of a nuisance, but obviously you can create others, and have ten decoys and only two of them have something hidden (or whatever). But when it comes to system encryption, as far as I understand it, you're limited to 1 outer, 1 inner, and perhaps a separate unencrypted linux, as you mentioned.

But then, why is that windows encrypted? This question is going to have varying levels of importance depending on the owner.
Is he a bold journalist who might be into something controversial of dangerous? That would be a plausible reason. But a random joe who wanted to hide stuff from his wife, wouldn't have much plausibility (since hidden volumes would suffice). On the other hand, a random joe who does investigative journalism on his own and wants to keep that detached from his real life at all costs, wouldn't have plausibility either. A writer who's researching on the ins and outs of cryptography to make his sci-fi stories more realistic, might have little plausibility as well.

I guess, in some cases, one might benefit from having anything to do with cryptography be totally invisible.
Mar 18, 2016 at 1:40 AM
Not having worked with Windows in a long time, I haven't played
with hidden systems and my knowledge isn't deep anyway. I suspect
the most likely approach to something close to what you want would
be through figuring out how to store the changes in a live system
as some sort of "changes" file in a crypt. It might be as simple
as hibernating/sleeping (I get those confused) with a big swap in
a crypt. Of course NOT having global persistence, but instead just
actively saving specific selected config files and so on is generally
viewed as one of the big advantages of live systems. No persistent
malware.

Another approach might be to use a live disk for grub and boot over
a LAN to a system in a crypt with the crypt opened by another machine
booted from another live disk.

I haven't given either of these ideas much thought and they may be
total BS. If you play with them, I'd be interested hearing how you
make out.

BTW, it is real hard to read stuff in this forum if you don't use
line breaks often, since it doesn't wrap at all. I break at 72,
so I can at least read my own.
Mar 24, 2016 at 7:32 PM
continentalop wrote:
BTW, it is real hard to read stuff in this forum if you don't use
line breaks often, since it doesn't wrap at all. I break at 72,
so I can at least read my own.
You a have problem with your browser. Firefox breaks the lines fine here. Codeplex is MS server, so no wonder it is "best viewed" with internet explorer and 1024x768 in 256 colors ;)
Apr 23, 2016 at 10:06 AM
Well, maybe. Do you have a specific suggestion?
This is the standard Firefox running under plain Openbox
on Ubunntu 14.04, everything updated. Some sites
work fine. Others force a horizontal scroll bar.
Everything I've read on the subject says that's bad
site design. If it is MS software . . . well, let's say
I'm not surprised.