This project has moved and is read-only. For the latest updates, please go here.

Encrypt an OS and hide it on SSD

Topics: Users Discussion
Jan 1, 2016 at 5:27 PM
Hi, I would like to encrypt all of my computer to protect my privacy.

I would like to do it with "Plausible Deniability".

My questions

1) I dont think so, but i need to be sure : encrypt my OS on my SSD wont reduce its lifetime/rapidity ?

2) Plausible Deniability is totally safe ? I mean, it's not possible for another personn to proove that there is a second hidden volume ?

3) Do I need to do these steps :
Save any data from the OS drive that you need to another device. You can consider encrypting the other device so the data is encrypted.
Secure Erase the current SSD drive which as I explained earlier will require connecting to another computer as a secondary drive unless you can find a Secure Erase that runs from DOS mode at bootup. Even then, there may be issues. Google search SSD secure erase with brand and model number.
Install the OS on the SSD. Do not restore from a clone.
Encrypt OS using VC.
Copy back data that you saved in step one by mounting the VC volume from the other device now connected to the PC with the SSD.

Or can I just encrypt my all current OS without reinstall the OS ?

Thank you for your answers and your help.

Sorry if i'm not understable, i'm french. I can re-write it in French if you want.

Thank you again for your help
Jan 1, 2016 at 6:18 PM
I can say something only for the points 1,2.
1: Once you will encrypt (overwrite) all the sectors, the wear and tear is the same as with non encrypted data.
2: After you unlock the decoy os, free sectors of decoy os will still be seen as random data, so they can ask, why they are not zero, but "random". There are (even free) tools which can tell with high probabilty, that the random data are truecrypt encrypted. So it will depend on what they have on you, country, jury, lawyer... Adversary can claim that the random data are most likely encrypted data, will you be able to disprove that? Do you really need the hidden OS? If there won't be presumption of innocence, decoy OS is as plausible as claiming you forgot the password ;-)
Jan 1, 2016 at 7:33 PM
Thank you very much for your help.

So, in fact, an hidden volume is not very usefull, as they can proove that it's probably encrypted data, no ?

Is there another personn who can add his point of view ? I mean, i would like to know if it's more much better to use hidden volume than to claim i forgot my password ?

By the way, do you know a plausible explanation of the random data ? I really dont have any idea xD

Thank you again for your help ;)
Jan 1, 2016 at 8:33 PM
Edited Jan 1, 2016 at 8:36 PM

Nobody can prove that the random data is encrypted plaintext!!! Testoslav's statement that "There are (even free) tools which can tell with high probabilty, that the random data are truecrypt encrypted." is not quite correct, though it is not completely wrong. Btw, even unencrypted data in plain form can hide encrypted data (steganography). However, random data is by today's legal standard, suspicious. In fact, even your main (outer) volume it is impossible to prove that it is encrypted (VC) data.... it is just a random junk without your password, however if you have a hidden volume you can still "open something" and show it to somebody :) Sometimes this is enough, ie airports etc.

As to explaining random data, there are many processes that create random data on your pc - secure file deletion is one of these and probably the most probable one. However by today's standards, secure deletion is also suspicious. In fact, our conversation and especially your questions are extremely suspicious :) And all of you guys reading this, you are also raising suspicion :) LOL

Jan 2, 2016 at 12:00 AM
Thank's for your reply. (you made my laught xD)

Anyone can answers to my third question about steps to encrypt os on SSD ?

thanl you for your help