The StegFS FAQ * What is StegFS? StegFS is a Steganographic File System. That is an 'Information Hiding' File System. The presence of files stored in it can be plausibly denied. * Why should I use StegFS? StegFS encrypts files stored in its hidden levels. In this it performs the same purpose as a cryptographic file system such as CFS, TCFS, etc. However, StegFS also offers steganography. Allows you to use several levels of hidden files. If someone demands that you give them your keys, you can reveal the contents of some levels whilst plausibly denying that any further levels are used. An attacker cannot identify the existence of any further levels, even if they look at the disk directly. * So StegFS is better than a cryptographic file system such as CFS, TCFS, etc? Well, yes and no. The information hiding comes at a price. To ensure the security we have to allow data in the file system to be accidently overwritten. To avoid losing files we, therefore, write several copies of each file block and inode so that, if some are overwritten, others can hopefully be recovered. This replication obviously requires more disk space for a given file. There is also a performance penalty due to the need to write several copies of everything. There is also the risk that all copies of a given block will be overwritten, in which case its contents are lost. If you don't think you need the plausible deniability aspect, then don't use a steganographic file system, use a cryptographic file system instead. You will get better performance, waste less disk space and stand less chance of files being destroyed. * So, StegFS won't leave any evidence of my files, or even the fact that I'm using it? Well, StegFS itself won't. But something else might. For starters there is your shell history, your 'stegfsopen', 'cd /stegfs/3/', 'vi /stegfs/2/wibble', etc. will show up there if you don't disable it. Does your editor put temporary files in /tmp? Does some application you use keep a list of recently edited files? Also, you can't use a swap partition/file safely, since file names and contents may end up there. While you are going to all these lengths, you ought to consider TEMPEST protection too. Another attack strategy might be to add some kernel component that monitors all disk block accesses, it may be possible to infer existence of hidden data from an analysis this. Using StegFS is a much harder task than writing it in the first place. Also, in the current design it might be possible for changes to the levels in a security context to be seen by an attacker. I do not consider this to be a fatal security flaw (since this should be a rare activity), but I do have some ideas for improvements. * I've forgotten my passphrase, can you get my files back for me? No. I suggest you just try all 2^128 possible keys (or brute forcing the passphrase, which is probably easier unless you have a particularly well chosen passphrase). * I work for the Inland Revenue. Prof. X has shown me the chemical formulae and rock 'n' roll .mp3's in his stegfs file system. I think there are also some tax related records there (about non-reported but taxable income from his world-wide sell out lecturing tour). Can you show me how to prove that these further hidden level exists? No. I suggest you just try all 2^128 possible keys (or brute forcing the passphrase, or one of the other possible attack strategies mentioned above).