From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <test532@codingninjas.org>
Received: from op7.codingninjas.org (op7.codingninjas.org [209.222.52.116])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.saout.de (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Tue, 15 Sep 2009 02:06:37 +0200 (CEST)
Received: from sschai.localnet
	(CPE0080c6e9d913-CM000f9f4fecc0.cpe.net.cable.rogers.com
	[99.249.56.245])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by op7.codingninjas.org (Postfix) with ESMTPSA id DFB4A4E2219
	for <dm-crypt@saout.de>; Mon, 14 Sep 2009 20:08:30 -0400 (EDT)
From: test532@codingninjas.org
Date: Mon, 14 Sep 2009 20:04:48 -0400
References: <20090912215345.GA8666@alpha2> <20090914205644.GB4432@tansi.org>
	<slrnhatlce.qfd.Mario.Holbe@darkside.dyn.samba-tng.org>
In-Reply-To: <slrnhatlce.qfd.Mario.Holbe@darkside.dyn.samba-tng.org>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200909142004.49035.test532@codingninjas.org>
Subject: Re: [dm-crypt] cryptsetup, LUKS, plausible deniability
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

> Arno Wagner <arno@wagner.name> wrote:
> > On Mon, Sep 14, 2009 at 01:25:48PM +0200, Mario 'BitKoenig' Holbe wrote:
> >> and the system gives you the ability to plausibly deny the existence of
> >> more keys. Just in the hope they stop cutting your extremities after the
> >
> > I would say plausible deniability has the potential to make
> > them continue even after you have given them everything, after
> 
> Of course. For me (if I'd be in that business) just the presence of a
> system offering plausible deniability capabilities would be enough to
> simply assume they are used and thus continue pressing out keys of the
> suspect :)

That is the beauty of a dm-crypt that supported even just the very elegant 
external luks header feature that Rick mentioned. dm-crypt comes with 
practically every linux. Therefor, having dm-crypt installed on one's system 
means nothing. Potentially, even only with the feature that Rick came up with, 
dm-crypt would be better at plausible deniability than TrueCrypt. This is 
because having TrueCrypt installed on your system pretty much guarantees that 
you have an encrypted volume. Having dm-crypt on your system means nothing. 
Probably less than a percent of people with dm-crypt installed actually use 
it, since at least my distro (SuSE) installs it by default.

> 
> However, not offering such capabilities is only one strategy in the game
> - and not a very cooperative one: it exposes the users of systems that
> *do* offer such capabilities. Thus, the other way around is more
> cooperative: if all major products would support plausible deniability,
> the fact that some suspect uses one specific system loses this
> indication.
> 
> 
> regards
>    Mario
>