oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-05-16 12:57:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix stuff

Browse source
This commit is contained in:
nihilist 2025-05-11 17:42:37 +02:00
parent ab805ea1fd
commit c01d707863
4 changed files with 47 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

30
veracrypt/index.md
View file

@ -96,11 +96,23 @@ Now that the /dev/vdb1 partition is available for us to use, let's create the ve
Here is the important part: you need to mention **Password A for the decoy volume** (which is the outer volume, it will span the entire disk), and you need to mention **Password B for the hidden volume** (which is the hidden veracrypt volume where we'll be able to store our sensitive files)
**WARNING (11/05/2025): Do not use the default ext4 filesystem type for veracrypt volumes, as writing in an ext4 decoy volume may overwrite the hidden volume at random (i tested it by writing a random 100mb file in a 300mb ext4 decoy volume, and it started overwriting the hidden volume, unlike with an exfat filesystem), therefore we need to use the exfat filesystem, to prevent this problem:**
```sh
#make sure your system can use exfat filesystems:
[user ~]% sudo apt update -y
[user ~]% sudo apt install exfat-fuse -y
```
(Special thanks to VioletSentiment for finding this btw, since i overlooked it initially)
![](41.png)
Here you may need to click create twice as zulucrypt recommends you to use another format that it can't use, so click create a second time and then wait for it to create the volume:
Here click create, then wait for the volume to be created (it takes some time because it needs to write random data on the disk initially)
![](42.png) ![](43.png)
![](42.png)
![](43.png)
And that's it! We have successfully created the veracrypt volume, so now let's mount each one:
@ -108,7 +120,15 @@ And that's it! We have successfully created the veracrypt volume, so now let's m
First let's mount the decoy volume (which we'll later use to store non-sensitive files, that would make sense for an adversary to keep in an encrypted drive):
![](44.png) ![](45.png) ![](46.png) ![](47.png) ![](52.png)
![](44.png)
![](45.png)
![](46.png)
![](47.png)
![](52.png)
Here as you can see, the decoy volume once mounted spans the entire non-system drive (in this case 20GB). **So if you were forced to open it for an adversary, they would only find non-sensitive files** (for example pirated movies or adult content) that are stored in it. And since the volume spans the entire drive, **you can deny the existance of any other encrypted volume in there, and the adversary would be unable to prove otherwise.** This means that our deniability is maintained.
@ -120,7 +140,9 @@ Next we'll unmount the decoy volume to mount the hidden volume instead:
At this step you need to make sure that noone is watching you type this second password, **as this second volume needs to remain a secret at all costs, it's existance is only to be known by you.**
![](50.png) ![](51.png)
![](50.png)
![](51.png)
And now after unlocking the hidden volume (and revealing it at the same time), we see that it is 10GB big, as intended. **And it is only in that hidden volume, that you can safely store your sensitive files which are meant to remain secret at all costs.**