From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Detecting the use of a keyfile
Date: Thu, 23 May 2013 19:36:33 +0200 [thread overview]
Message-ID: <20130523173633.GA15237@tansi.org> (raw)
In-Reply-To: <1369329183.4350.140661234833693.19467071@webmail.messagingengine.com>
On Thu, May 23, 2013 at 07:13:03PM +0200, sector9@ftml.net wrote:
> Understood. The problematic nature of claiming plausible deniability
> with regard to a lost non-existent keyfile comes down to extralegal
> practices and testimony on behalf of the user.
Indeed. Or legal practices where the police or prosecution
has a lot of leeway and when they think you are "difficult"
they can bring the hammer down. Completely unethical of course,
but entirely legal.
Remember that any form of authorities traditionally had the
purpose to make the subjects do what the ruling class wanted,
typically by threat of force. Laws were not about what is right,
but about what behaviours were undesired by those in power. This
still shows and by my impression some western countries are
again strongly going in that direction, e.g. by calling people
"terrorists" more and more frequently to take the rights away
they would have had as mere murderers.
> On the technical side, if done properly, one could place the boot
> partition on a separate USB and claim it is lost along with the keyfile.
> This setup would allow one to perfectly conceal whether or not one is
> using a keyfile and therefore provide plausible deniability about access
> to an encrypted system.
>
> The good old xkcd depiction of the reality of rubberhose cryptanalysis
> is so eloquent in its simplicity.
Indeed. The message could not be clearer. Some XKCDs are
prue genius.
> Yet we explore sidechannel attacks,
> social engineering, etc to bolster the use of the strong crypto ciphers.
> This variety of defense that I was inquiring about is another
> possibility to explore.
>
> I appreciate your answers very much.
You are very welcome. It is a discussion that needs
revisiting from time to time as things change. And there
is a lot of change currently.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
prev parent reply other threads:[~2013-05-23 17:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-23 13:27 [dm-crypt] Detecting the use of a keyfile sector9
2013-05-23 14:55 ` Arno Wagner
2013-05-23 15:21 ` sector9
2013-05-23 15:40 ` Arno Wagner
2013-05-23 17:13 ` sector9
2013-05-23 17:36 ` Arno Wagner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130523173633.GA15237@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.