I obsess over privacy to the point that it's probably counter-productive but maybe I can save other people the time and aggravation of doing the same. Plus I thought it would be useful to create a thread on OPSEC procedures in general.

Personally I've taken an interest in steganography as a way of hiding passwords. There are a number of stego software options for hiding files and information inside other files. But the problem with steganography software is it kind of defeats its own purpose. Having stego software on your machine gives away the fact that you're using stego. You could hide your stego software on a separate USB stick but then it becomes one more thing to hide. Again, it defeats the purpose.

I've thought of a different approach that lets you stego your own stego. It's not as streamlined as using pre-built software to do the job but it does allow you to hide much larger files: gigabytes as opposed to kilobytes. I only know how to do this on linux ATM so if you're using anything else you'll just have to figure it out yourself.

Let's say you want to conceal files on your USB stick. First create an encrypted archive that's large enough to completely fill it up. Any of you should have enough video files kicking around to manage that. Encrypt this archive with a password you don't intend to remember and then use linux's "dd" utility to write it directly to your stick. This fills your drive with essentially random data and also makes it unusable unless you reformat it. For our purposes that's a bonus since it'll keep out casual snoopers but you can still read and write to it using dd. You can write your own encrypted files over top of what's already there and it blends in with all the surrounding encrypted data. The only way to retrieve it is to know its exact size and offset position.

You first need to open the "Disks" utility to find the device path for your USB stick. Select your USB device in the left pane and then on the right you'll see something like "/dev/sdb" or "/dev/sdc" Use that information to run the following command:

sudo dd if=/path/to/giant/encrypted/archive.7z.gpg of=/dev/sdb bs=1000000 status=progress

The bs value here is arbitrary and only serves as a counter. It'll take a few minutes to fill up your USB drive but you only have to do this once. Afterwords let's say you want to hide an encrypted file on this drive at offset position 2000000

sudo dd if=/path/to/encrypted/archive.7z.gpg of=/dev/sdb seek=2000000 bs=1 status=progress

To retrieve it you need to remember the offset position and file size. If it was 1944 bytes the command would be:

sudo dd if=/dev/sdb of=/path/to/my/hidden/files.7z.gpg skip=2000000 bs=1 count=1944 status=progress

IMPORTANT

By "encrypted archive" I mean an archive you encrypt after you create it. Don't use 7zip's own native password option to encrypt your archive. File recovery software like photorec can still find it. Yes it'll still be encrypted but that's not the point. You also want to conceal it.