Storing a file securely to another level

I was thinking about this. Is there a way you can store a large file say 3GB of webms and oggs securely on a computer so if someone was forced to decrypt their computer, it can be truely hidden? I don’t just mean hidden partitons and such which can still be found but instead hiding the data is even there at all? If they were to find, you could decrypt with a certain password and for it to generate completely different files that they wouldn’t complain about. I understand stegonography a little but with such large files, the entropy would be immense. Is there a secure, absolute way anybody?
edit:
and entropy being so high obv would be showing off some red flags.

1 Like

Steganography… maybe?

That depends on who is accessing your computer. If a goverment-style organization is accessing your computer and seeking long enough, they might find even that out (on some drives, you even need to override your data several times to remove it entirely). Using “entropy” means you have to use some form of RNG. If you do that, you need a way to get rid of this entropy to access the data. And as you can access the data (somehow), other people can do that as well. Hiding stuff never gives you absolute security, but it can give you more security.

you could archive them and encrypt them from the CLI ? as suggested here > Librem 5 Backup and Restore – Purism

A way would be to scramble or remove the file header after saving it somewhere else
Which means to recognize the format you will have to put back the header
But a motivated capable hacker would be able to recreate a working header

The military grade unbreakable way to encrypt a file is to use the one-time pad encryption (which is basically a XOR on the entire file)
Unbreakable because without the key you have 256 possibilities per byte

Any big file without a recognizable header would be showing off some red flags
So maybe you can put an ogg or MKV header (or other format) to an one-time pad encrypted file

The term you’re looking for is “plausible deniability”. That’s what I got after a quick search:

https://www.ssrc.ucsc.edu/proj/Artifice.html

1 Like

A one-time pad is a key generation scheme that can be basically used with any algorithm (even the basic Vigenère cipher would do the job to store the codes for TOP SECRET programs safely). This is mathematically proven.
However, such a key has to be really random and has to be as long as the thing you want to encrypt (so you need a Hard Drive full of key to encrypt a Hard Drive) and, most importantly only used once. All these measures are quite difficult to be taken, if you want to protect your key and are only practical for TOP SECRET government programs, the “red telephone” and such stuff.
So if you do not have something as dangerous as the next “Snowden files” or similar stuff on your PC (even he did not use one-time pads as they are impractical), just don’t use it.

on the contrary i believe that we should ALL have an easy barrier to entry to ALL files that we’d like to encrypt regardless of how sensitive the information is … giving Snowden as an example in this context is bad taste IMO and “dangerous” or NOT, it’s still highly recommended for everybody to try to obtain as secure as possible methods of storing information.

if no encryption is desired or warranted then that is a different story altogether …

1 Like

I also think that a strong encryption is good, but I bet on N != NP, which would make RSA, PGP and similar technologies save (except against quantum computing, but that’s a different topic).
I just think that this particular style if encryption is just not suitable for everyday business. Imagine, how would you exchange the keys, anyway? As one-time pads are generally speaking symmetric keys (at least I have never heard of a protocol that does that), you have to have a save and reliable way to exchange these keys. Agents during the Cold War got the one-time pads at home to use them in the field. If you want to send your data half across the continent without travelling back and forth to exchange keys, you need to send them encrypted via the net. However, you would need to rely on a weaker encryption method, if this one is cracked, your key is lost. We also do not have the money to put a quantum computer in our basement, so we could use quantum-save algorithms. For the moment, I think that GPG and friends is enough, everything else is not practical.

@user1 is asking for alternative ideas of securing a stored file

Not really close to ‘suitable for everyday business’ or sharing it with your friend at the other side of earth

I’m giving ideas, letting @user1 the judge of if it’s a good fit or not
You are telling what not to use because it doesn’t fit your view
why won’t you let people do, or experiment what they could ? odd thing to do when people ask for new ideas

But anyway, seems to me, @dcz has the best answer here for @user1

Store to tape.

Verify the store operation by restoring it elsewhere.

Delete both the original and the restored verify copy.

Put the tape in a moisture heat resistant container.

Dig a hole.

Bury it somewhere.

That’s what tapes are for, entropy is nil.

Some backup software even has encryption. If so, you’d also need a key to restore the tape.

It would be like the moneybox near the tree in a field in “Shawshank Redemption”.

Someone may note the obvious, why not just use a thumb drive?

You provide the added annoyance that whoever wants to get at your file also needs to get a tape drive for the same type of tape you used.

Veracrypt hidden volumes.

2 Likes

3GB isn’t that much these days. Grab a 3TB hard drive. Fill it up with harmless content. Hide 0.1% of information in amongst the almost 3TB of photos of kittens. You can never have too many photos of kittens, right? :wink:

It is a bit unwieldy.

The obvious direct answer is: store it on an external drive. That answer has already been given.

Another answer is: store it on the internet.

Have a bit of fun with it. Store it distributed on the internet. I believe there are already schemes for that kind of thing but I am not across the details.

That’s in addition to the previous post, which probably has the real answer.

Depending on how long it is stored, bit rot could be a serious problem. For longevity, spinning rust, magneto-optical, or optical.

Streaming rust degrades severely outside of strict temperature/humidity standards. I had Boeing send me a tape that had been “archived” for 15 years. Opened the box and started to pull some off the reel so I could thread it onto the drive… and all the rust just fell off. Total data loss. When I asked, I found that those 15 years were in an un-airconditioned conex out on the tarmac in Long Beach. Brilliant!

Hence the moisture heat resistant container!

And the tree in Shawshank Redemption should offer about a -10F benefit in temperature.

You will want a small Pelican case to store in :wink:

This past year I sent data tapes stored in my attic for over 23 years to a gentleman who still has a reel to reel 9 track. The tapes worked perfectly.

Considering my attic is on the temperate U.S. East Coast with Summer hot and Winter cold and high humidity, something must have been wrong with Boeing’s storage standards.

This guy charges 50 bucks per reel to transfer a reel to new medium by the way:

http://3kranger.com/3khome.shtm

1 Like

Sorry to say, but these are the only useful answers here so far IMO.

1 Like

Here is an example how to achieve this with LUKS encryption: https://blog.linuxbrujo.net/posts/plausible-deniability-with-luks

All you need to protect is LUKS header, but you can store it on some easy-to-protect(hide) medium like SD card. Depending on your thread model, you can additionally encrypt it with GPG, but it is not covered in the article.

1 Like