What is PUREE?
PUREE is a full-disk encryption header format (and tool, currently only supported on Linux) which gives
you the ability to perform full-disk encryption in a way that ensures that it is infeasible for someone to determine
which of the following is true:
- Your disk is encrypted, or
- Your disk has been "wiped" with random bits.
In comparison, the most common disk encryption header format used on Linux systems is LUKS (Linux Unified Key Setup). If you were to look at the first 512 bytes of a disk encrypted with LUKS, you would see something like this:
4c554b53babe00016165730000000000 |LUKS....aes.....|
00000000000000000000000000000000 |................|
00000000000000007874732d706c6169 |........xts-plai|
6e363400000000000000000000000000 |n64.............|
00000000000000007368613235360000 |........sha256..|
00000000000000000000000000000000 |................|
00000000000000000000100000000020 |............... |
6ce3947b013bcbb77d0e2347b346101e |l..{.;..}.#G.F..|
1ba31e6314661b2be2a545add8d9fc65 |...c.f.(..E....e|
38f9dd9f107730e1037d2c5f47d52eef |8....w...}..G...|
bc884d1b0002bf4b3363623964393330 |..M....K3cb9d930|
2d333461382d343635642d383437322d |-34a8-465d-8472-|
30353265346339663132323800000000 |052e4c9f1228....|
00ac71f3002bf4beb512a9fce71a579d |..q..+........W.|
2ff516cc38ce8ab77086b53ac40d28be |/...8...p..:..(.|
68b48cd93054be6b0000000800000fa0 |h...0T.k........|
0000dead000000000000000000000000 |................|
00000000000000000000000000000000 |................|
00000000000000000000010800000fa0 |................|
0000dead000000000000000000000000 |................|
00000000000000000000000000000000 |................|
00000000000000000000020800000fa0 |................|
0000dead000000000000000000000000 |................|
00000000000000000000000000000000 |................|
00000000000000000000030800000fa0 |................|
0000dead000000000000000000000000 |................|
00000000000000000000000000000000 |................|
00000000000000000000040800000fa0 |................|
0000dead000000000000000000000000 |................|
00000000000000000000000000000000 |................|
00000000000000000000050800000fa0 |................|
0000dead000000000000000000000000 |................|
Clearly, it is trivial to detect that a disk is encrypted with LUKS. In fact, this isn't just a problem with LUKS; but also with most password-based disk encryption solutions. This isn't surprising: it turns out to be a difficult problem to solve.
But PUREE does solve this problem, and guarantees that all data on the disk, including the header, looks completely random. Since it has long been common practice to wipe disks by overwriting with random data, PUREE introduces the plausibility that disk may actually have been wiped and therefore contain no information. For example:
5428898ff0f38e9d4437e36c3fbed0bc |T(......D7.l?...|
8a56fbe09c2ffd50fc25f420b6edc43e |.V.../.P.%. ...>|
f67d40635168013bafb9598f5a34e6c1 |.}@cQh.;..Y.Z4..|
2dd819b451fd16a36fdbc05ae3d4ee7c |-...Q...o..Z...||
a4df25e96903f99cc1034da21a2519b0 |..%.i.....M..%..|
145459c13551336ac3156057b2581d3d |.TY.5Q3j...W.X.=|
ef9296c4f7dd9c0bf6cc6690b0096420 |..........f...d |
acfdd8ecafb0b30907e2b42b033a801a |...........+.:..|
71fa31990ac9c14d446f542d3c83dd74 |q.1....MDoT-<..t|
7c6dc1b956a78d497ec99111a5e58ad1 ||m..V..I~.......|
543e6699d4ae77f6675d3fc3a2fd871e |T>f...w.g]?.....|
3d0491231c2d187142c99772983abac4 |=..#.-.qB..r.:..|
33c83c9ff5b976b857e6332279bc5653 |3.<...v.W.3"y.VS|
4762b74abbd7a055d6ed143a3d51446f |Gb.J...U...:=QDo|
16db104718780165044c43481fcb2ba7 |...G.x.e.LCH..+.|
f478a04ad9709389d7854847f74f650a |.x.J.p....HG.Oe.|
85aa99e3da85c77c0f89dbccfc1d0fd0 |.......|........|
7462e3319b94f0bf6436fa67f7ef825e |tb.1....d6.g...^|
3db8ae78b1f75d61dd466adcc3ddafda |=..x..]a.Fj.....|
dac554df4443c45ec934fda6576ef8c7 |..T.DC.^.4..Wn..|
17cd9d426cf496d909b856b42778ab70 |...Bl.....V.'x.p|
6efd4d4e02e0b3ff4c76bf294e0c2009 |n.MN....Lv.)N. .|
d99be35b1d75b87094685d7b84c71215 |...[.u.p.h]{....|
b2b2edd300c0f25567a671fd01996c31 |.......Ug.q...l1|
522b67a08c3ce316a2011334e9daf3b7 |R+g..<.....4....|
656fd409ba103461014cf47226e87c48 |eo....4a.L.r&.|H|
718ace2294d081fcbc7df1177358b1e9 |q..".....}..sX..|
c0848e2f04c9b848f689f10dceb11b73 |.../...H.......s|
90fba8df163148d07208c2e108a9c51a |.....1H.r.......|
2506238114b5c293bf8ebf246f6ab1d2 |%.#........$oj..|
d669f7f48ba09590e49472440196c1ab |.i........rD....|
deab098fa0fc74c0f43a8501d16a1101 |......t..:...j..|
Despite being indistinguishable from random to an eavesdropper, there is in fact a structure to the disk layout—only observable if the password is known—which is explained in the white paper.
PUREE also provides a pretty convenient command-line interface for encrypting disks, which you might find useful (even if you don't care about the whole indistinguishable-from-random thing). To try it out, move on to Quick Start.