From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Tcrypt hidden volume
Date: Tue, 2 Jul 2013 03:05:38 +0200 [thread overview]
Message-ID: <20130702010538.GA18826@tansi.org> (raw)
In-Reply-To: <51D1D5AF.9060502@gmail.com>
On Mon, Jul 01, 2013 at 09:17:03PM +0200, Milan Broz wrote:
> On 1.7.2013 12:33, Jan Janssen wrote:
> >Hi,
> >
> >while testing how the tcrypt passphrase + keyfile logic works, I
> >realized that there doesn't seem to be a way to protect the hidden
> >volume from being damaged by writes to a mounted outer volume like
> >truecrypt does. I think this deserves a warning in the man page
> >since this is a potential data loss.
>
> Yes, you are right. There is no protection of hidden volume once
> outer volume is mounted.
> (BTW the protection itself reveals hidden volume existence.)
>
> Protection can be done on DM (kernel level) quite easily
> (map this linear part to virtual zero or error target masking
> out the data underneath) but it would require quite big changes
> in cryptsetup wrapper (which was meant to be simple 1:1 mapping).
> So I decided to ignore this problem for now...
>
> But yes, there should be some note in man page.
I have just added one. It seems to me that the TrueCrypt
documentation itself is fuzzy in this issue. The page
at http://www.truecrypt.org/docs/hidden-volume
does describe how it works and it is easy to conclude
that opening the outer volume can compromise the inner
one, but there is no clear warning to that effect.
Also missing is a warning that having an outer volume
that has not been mounted forever and only has old data
is suspicuous in itself. I think the idea of hidden volumes
is not too useful at this time. There would need to be a
way to regularly use the outer volume to change that.
Not that I have any idea how to do that without giving
away that there _is_ a hidden volume.
Anyways, added both warnings to the man-page in git.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
next prev parent reply other threads:[~2013-07-02 1:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-01 10:33 [dm-crypt] Tcrypt hidden volume Jan Janssen
2013-07-01 19:17 ` Milan Broz
2013-07-02 1:05 ` Arno Wagner [this message]
2013-07-02 1:25 ` Arno Wagner
2013-07-02 5:29 ` Milan Broz
2013-07-02 9:45 ` Justin Tracey
2013-07-02 21:54 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130702010538.GA18826@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.