Forums temporarily locked down! Please read!

Author Topic: Folder sets/plausible deniability  (Read 2852 times)

botchla

  • Newbie
  • **
  • Posts: 2
    • View Profile
Folder sets/plausible deniability
« on: June 20, 2013, 06:08:04 AM »
Hi,

Sorry if this is covered elsewhere; please direct me if so!

I have experimented with creating folder sets and they work fine (I am doing this on an external hard drive). The problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?

zsolt

  • Global Moderator
  • Veteran
  • *****
  • Posts: 823
    • View Profile
Re: Folder sets/plausible deniability
« Reply #1 on: June 21, 2013, 08:44:00 PM »
No, there is no way to get around this. We have to store the data somewhere and it will always be a sparse bundle. So if one knows this, can search for them on the internal hard, unless, as you do, store them on external drive, so you can just disconnect the drive...
Yes, I know, it is not perfect.
You can hide them by renaming them to start with a dot character, still the find command fill find them.
It all depends who is hacking the data, and how much he knows about espionage.
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

greg

  • Administrator
  • Veteran
  • *****
  • Posts: 898
    • View Profile
    • http://www.taoeffect.com
Re: Folder sets/plausible deniability
« Reply #2 on: June 24, 2013, 01:47:19 AM »
The problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?

One step we've taken to mitigate this is to make sure that no information leaks out about the contents of the sparsebundle. There is no evidence that that sparsebundle belongs to Espionage, and it's given a random name that means nothing. It's also protected with a very long, randomly generated password, so it would be basically impossible with today's (or tomorrow's) technology for any entity to brute force the password (unless some bug is discovered in Apple's encryption).

If you want to hide the sparsebundle, that is possible. You can use Espionage to move the sparsebundle into some hidden location (for example, inside of an invisible folder). To move the disk image, click on the popup that shows its name:



Then select the folder you want to move it to.

Keep in mind that if you're hoping to hide the disk image from some professional security agency (like the NSA), then hiding it will probably only draw more attention to it. It's easy to run a 'find' command (as Zsolt mentioned above) on the entire drive to search for files ending in "sparsebundle".

You can also bury it deep inside of a bunch of folders, and play dumb, either saying you don't know the password to it (which is in fact true, as you only know the master password to Espionage, not to the disk image), or you have no idea what it is or how it got there. :-p
« Last Edit: June 25, 2013, 07:48:53 PM by greg »
Follow @espionageapp on twitter for news!

botchla

  • Newbie
  • **
  • Posts: 2
    • View Profile
Re: Folder sets/plausible deniability
« Reply #3 on: June 24, 2013, 11:08:59 AM »
Thanks to both of you for the replies; very useful!