there is an easy way to encrypt: Full disk encryption upon installation.
there is an easy way to encrypt: Full disk encryption upon installation.
It's simple really: you have two goals in defeating border guards:
1. Don't attract suspicion.
2. Have all of your data encrypted.
Partition your hard drive as such:
<10 GB of Windows NTFS><8 GB for Linux><The Rest for your encrypted /home>
For the first goal, I would overwrite the MBR (back it up first) and install windows on the first 10GB of your laptop. So when your friendly TSA official boots the laptop they will see nothing but a friendly windows desktop with family pictures and boring stuff. Windows will not see the other partitions because they are in linux AND you overwrote the partition table so windows can't find them. As far as windows is concerned you only have a 10GB hard drive. Quite pathetic, but not unheard of.
When you land in the states, revert the MBR and you can boot back into linux like nothing happened.
To satisfy goal two, use something like Truecrypt to encrypt the /home directory of your Linux install or go all the way and just encrypt the whole damn Filesystem if you want to bother with it.
You could make a .tar file of your entire filesystem with something like partimage live cd
Encrypt it with truecrypt.
Keep the key on a usb drive and the encrypted/compressed filesystem on dvd's or an external harddrive.
delete your original hard drive.
Travel to USA.
un-encrypt
uncompress the entire filesystem onto the harddisk with partimage live cd.
Good luck-
Why not bypass the issue altogether and ship the hard disk to yourself? Backup your critical data prior to departure.
If you are really concerned about private data, encrypt your firefox data folder in your home, or encrypt your whole home. Log in as a different user if they ask you to boot. If you have more sensitive data than your banking information, you are taking an unnecessary risk by delivering it to customs at all. Encrypt it and upload it to rapidshare(or whatever you like). If you arouse their suspicion and they feel like doing it, they will pressure you to unlock any encrypted information they find or just keep your computer. Don't risk your computer by standing up for your "right" to privacy.
I'd recommend you put your hard drive in your luggage, and keep a LiveCD ready in case they tell you to turn on your laptop. However, I'm not 100% sure if data on your hard drive would be safe from their X-ray machines or not. I remember reading that someone put a hard drive through an X-ray machine at the airport many times (I believe 50 or more) and it didn't change a single bit. If you don't want to risk it, I suggest you mail it.
Edit: nitrogensixteen beat me to it
In reality the only way to get this to a satisfactory level of security is (as has been suggested) to encrypt from the bottom up. I would back up my entire linux partition to a tar or bzip file, and do the same for the windows side (though I have not done this), and copy the backups to an external drive. Now that you have the backups, you can set about building a more secure system.
- Whipe the drives
- Overwrite with random data
- Create 4 or more partitions (1 windows, 1 hidden windows, 1 Linux, 1 Shared and/or /home)
- Install windows to the first partition.
- Use Truecrypt to create a hidden OS on the second partition.
- Restore windows backup to hidden OS
- Place family photos, bs documents, etc, on encrypted, but not hidden OS.
- Install encrypted linux to third partition, possibly with /home encrypted on the 4th (or just use the 4th as shared encrypted space via Truecrypt).
This would be even more sound if we could create a hidden linux OS too. I know you said you didn't want to do the hidden OS thing, but it is really the only way to have deniability and to be able to give them a key that satisfies them and does not put you at risk. Plus this will not be an issue further trips.
Not a good idea.... Taken from the MAN page for shred.
CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way todo things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file sys-tem modes:
* log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
* file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems
* file systems that make snapshots, suchasNetworkAppliance's NFS server
* file systems that cache in temporary locations, such as NFS version 3 clients
* compressed file systems
A better option is the DBAN (http://www.dban.org/) or the secure-delete packaeg (http://www.thefreecountry.com/securi...redelete.shtml)
Bookmarks