From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from pinus.cc.fer.hr (pinus.cc.fer.hr [161.53.73.18]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 12 Sep 2009 23:54:12 +0200 (CEST) Received: from localhost (fly.srk.fer.hr [161.53.74.66]) (authenticated bits=0) by pinus.cc.fer.hr (8.12.2/8.12.2) with ESMTP id n8CLuiRZ028433 for ; Sat, 12 Sep 2009 23:56:50 +0200 (MEST) Date: Sat, 12 Sep 2009 23:53:45 +0200 From: Ivan Stankovic Message-ID: <20090912215345.GA8666@alpha2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [dm-crypt] cryptsetup, LUKS, plausible deniability List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi everyone, I'd like to start a discussion about plausible deniability for LUKS (see http://code.google.com/p/cryptsetup/issues/detail?id=7). As has already been said in a comment on the issue above, even having an option to hide/encrypt LUKS header would be helpful. One approach is to just encrypt the normal LUKS header with a header key, which is not very user-friendly as one would now have to remember/store both the passphrase and the header key (one might as well use plain dmcrypt with a single key). I guess the goal here would be to have LUKS features (multiple passphrases, ease of use, key splitting...) implemented in such a way that nobody can prove that you're using encryption. Thoughts? -- Ivan Stankovic, pokemon@fly.srk.fer.hr "Protect your digital freedom and privacy, eliminate DRM, learn more at http://www.defectivebydesign.org/what_is_drm"