Most secure linux equivalent to Shadow Defender for live CD-like nonpersistency with no traces left (or traces that are encrypted)

Virtualisation can do reasonably secure nonpersistent drives. Would rather not rely on this alone but also have a host that is nonpersistent too. A live DVD as a host leaves no traces and is physically impossible to permanently infect/own but not very practical to carry around. A live USB flash drive is more practical. Another option is grub2 configured to boot from an ISO image in an internal hard drive.

In Windows there is Shadow Defender that intercepts all writes to disk and makes them nonpersistent by storing deltas instead. The deltas are stored in an encrypted format so in the event of a power-down they cannot be recovered easily. This software is hard to bypass because it uses a driver stub that loads very early in the boot sequence. What can one do in linux that is as securely nonpersistent as Shadow Defender or better?

Is grub2 boot from an ISO image as effective?

Are bootable USB flash drives made with Rufus given any bootable ISO image as effective?

What about fsprotect, is it any better than grub2 boot from an ISO image?

Anything else?

Distros proposed for the host: anything hardened like Pure OS, Astra Linux, Kodachi. Preferably Secure Boot signed.

Which is the most hardened option?

How can we protect encrypted files and directories from being fingerprinted when stored on online storage services?

Assuming that online storage providers are considered untrusted, if files and directories are encrypted, how can these be protected against fingerprinting?

The files are encrypted using rclone’s implementation of Poly1305 and XSalsa20 before being backed up to the cloud provider.

According to rclone’s documentation, the available metadata is file length, file modification date and directory structure.

  • What can be identified?
  • What can be inferred?
  • What attack vectors are there against the encrypted files and directories if the online storage provider is compromised assuming the passphrase is at least 24 characters long and is a combination of alphanumeric and special characters (uppercase and lowercase) as well as salted with similar entropy?

The encrypted data is considered to be sensitive.

How can I protect those files from being fingerprinted and the contents inferred such as ownership, source and the like?

Abusing ElGamal in order to attack a known encrypted text

I saw a very interesting question regarding Elgamal cryptosystem that I don’t know its answer. It is really interesting and I would be very happy if you could elaborate on it and explain the tricky part.

It goes like this: given Elgamal Cryptosystem:

1) Show how it is possible to create a valid new encryption from two different encryptions that we don’t know their decryption

2)How can an adversary take advantage of this property in order to attack a known encrypted text?

I don’t understand it, and it seems really cryptic and interesting. Tried digging on it but couldn’t find the connection or insights.

Seems really fascinating, would appreciate if you could explain it so I can understand this riddle.

Veracrypt encrypted file – how to expand the Volume and what are Drive Letters?

can you help me understand some questions about Veracrypt:

  1. If you have created an encrypted file but the volume which you selected for it needs expansion, is it from security standpoint fine to just use the available option “expand volume” to adjust the file’s volume? Or is it for some reason better to create a totally new encrypted file with your desired larger volume?

  2. What is the meaning of all the different Drive Letters (A-Z)? Do you have to mount a file from a specific drive letter, or can you mount from any letter?


Can’t tell If The OpenVPN Server I Setup Is Encrypted using Wireshark?

This might sound dumb, but I set up an OpenVPN server on a Synology NAS. When I connect via the client at home to the server, everything works for.

I know you can read packets in Wireshark. If I start sniffing on My WiFi that I’m connected to at home, packets show for the OpenVPN protocol and there are few lines that say Synology (I believe this is a handshake) but everything else, every line of data is gibberish so I’m assuming it’s encrypted?

That also said, when I connect to the VPN another local area connection appears in Wireshark as an adapter to sniff. If I sniff the new local network this is NOT encrypted, but isn’t that normal?

Essentially you’re sniffing the new adapter itself locally as soon as you connect via the client? Or is that NOT normal? Why does it show gibberish like it’s encrypted on the WiFi via Wireshark, but not the new connection created upon connection to the VPN called Ethernet 2?