Re: [dm-crypt] cryptsetup, LUKS, plausible deniability

[test532@codingninjas.org]

> Arno Wagner <arno@wagner.name> wrote:
> > On Mon, Sep 14, 2009 at 01:25:48PM +0200, Mario 'BitKoenig' Holbe wrote:
> >> and the system gives you the ability to plausibly deny the existence of
> >> more keys. Just in the hope they stop cutting your extremities after the
> >
> > I would say plausible deniability has the potential to make
> > them continue even after you have given them everything, after
> 
> Of course. For me (if I'd be in that business) just the presence of a
> system offering plausible deniability capabilities would be enough to
> simply assume they are used and thus continue pressing out keys of the
> suspect :)

That is the beauty of a dm-crypt that supported even just the very elegant 
external luks header feature that Rick mentioned. dm-crypt comes with 
practically every linux. Therefor, having dm-crypt installed on one's system 
means nothing. Potentially, even only with the feature that Rick came up with, 
dm-crypt would be better at plausible deniability than TrueCrypt. This is 
because having TrueCrypt installed on your system pretty much guarantees that 
you have an encrypted volume. Having dm-crypt on your system means nothing. 
Probably less than a percent of people with dm-crypt installed actually use 
it, since at least my distro (SuSE) installs it by default.

> 
> However, not offering such capabilities is only one strategy in the game
> - and not a very cooperative one: it exposes the users of systems that
> *do* offer such capabilities. Thus, the other way around is more
> cooperative: if all major products would support plausible deniability,
> the fact that some suspect uses one specific system loses this
> indication.
> 
> 
> regards
>    Mario
>