Re: [dm-crypt] cryptsetup, LUKS, plausible deniability

[Arno Wagner <arno@wagner.name>]

On Tue, Sep 15, 2009 at 09:04:24PM +0100, Sarah Dean wrote:
> On Mon, 14 Sep 2009 22:56:44 +0200, Arno Wagner wrote:
> 
> >So I would say that plausible deniability is of very low value
> >in practice and may have potential negative value in some
> >situations.
> 
> To say it's of low value in practice is a pretty sweeping statement -
> whether it's of low value in practice is largely dependant on the
> scenario.

I would say that in most practical scenarios it is of low or 
negative value. And yes, it is a sweeping statement that I 
consider justified.

> Like any security tool, it is just a tool; in some cases it may a great
> asset, in some a liability.
> 
> A locked door can keep a murderer out until the police arrive, but it
> can also prevent someone from exiting a burning building.
> 
> >With plausible deniability they are sure to 
> >torture you untill you are completely broken, while without 
> >it, you can give them everything in a way they can actually
> >verify.
> 
> OTOH, the knowledge that "the beatings" (or in our more enlighted
> times, the waterboarding or another form of torture) will continue -
> regardless of whether or not you give an attacker anything, may well
> work *against* any form of torture.
> 
> There's no incentive to hand over your keys, since it won't achieve (or
> stop) anything.

True. But how does plausible deniability factor into
your comment? If you are that hard, you can just use
ordinary encryption and refuse to give the keys.
 
> >It is possible that you have information that still
> >merits being protected under these circumstances, but I don't.
> >Plausible deniability basically assumes the life of the person
> >having the key is worth less than the information.
> 
> Although the information may or may be "worth the life of the persion",
> I don't agree that any such assumption is made.
> 
> I'm a little uncertain as to the alternative you're prompting? Even if
> you stored all your data in plaintext (practically the same scenario
> presented after handing over an encrypted volume's key) - or even if
> you have a system which where it is possible to *prove* no further data
> is hidden away - what's to stop an attacker assuming that you've simply
> hidden your encrypted data elsewhere (e.g. a USB flash drive), and
> continues the torture on the basis they "simply haven't found it yet"?
> 

The alternative is not to give valuable data to people that
are unter threat of torture. A technological solution is not
adequate here. People cannot give away what they do not have.
Plausible deniability means they can claim they do not have the
data, but they do have it, and there is the problem in the 
first place.

An the other way round, if people already have data this critical,
make sure they do not come under threat of torture.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier