Avatar
Hanshan 1y ago

i dont know who needs to hear this

but

you can create a Veracrypt volume on some removable media (USB or flash card) and put it *inside a dummy volume.

ie, its clear there's Veracrypt in the media but there are TWO passwords to access it.

one for the dummy volume

one for the real one

so if forced to reveal your PW you can plausibly reveal the dummy one.

while keeping the REAL secret safe.

but it gets better

you can then install a VM from an .iso INSIDE the secret volume and boot it with KVM.

you are then running a customizable computing environment that lives completely inside a secret encrypted volume you can put in your pocket 😎

Reply to this note

Please Login to reply.

Discussion

Avatar
Kensho 1y ago

You got a guide somewhere for lazy people?

Avatar
Hanshan 1y ago

I could write something...

I thought you had given up on anything that wasnt totally drool-proof 🤣

Avatar
NostrNaught 1y ago

I was browsing (not hopping, Linus forbid! 😁) Linux distros last week and came across one called Split Linux... I put it on my "to try" list... It sounds like it might fit your use case...

Avatar
Hanshan 1y ago

I use endeavorOS

Avatar
Hanshan 1y ago

but not for my secret VM, although you should be able to install anything.

i mostly use Debian for that.

Avatar
Duncan Cary Palmer 1y ago

I for one prolly need to listen up, so thank you...🙏🏻🫂💖😀

What sort of hidden VM .iso candidates do you recommend for this task?🤔 I think for my purposes, Linux preferred?

Avatar
Hanshan 1y ago

probably just stock Debian is easiest.

I had a problem booting my fav arch-based distro

https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/

Avatar
S!ayer 1y ago

Explain this to me like I'm eight

Avatar
Hanshan 1y ago

you access a secret partition on your USB stick and start a hidden operating system that lives inside it.

Avatar
S!ayer 1y ago

okay, I'm starting to get it - secret partitions, hidden OS.

now explain it to me like I'm five

Avatar
Bill Cypher 1y ago

Let's see how many layers we can go! TailsOS as both your VM and Host OS. You could add TailsOS to the drive so still all you need is that USB stick and any random computer you can set the boot order on.

Avatar
surfhosting 1y ago

another potential configuration:

a "blank" Tails boot stick with no persistent volume

a separate USB stick with a whole-device Veracrypt partition, which once created resembles a device that's been securely overwritten with random data (provided you actually do so before creating the Veracrypt partition, or have Veracrypt do it for you)

then, mount the Veracrypt stick from within Tails, and have scripts to install/set up stuff as needed after boot