Re: [dm-crypt] cryptsetup, LUKS, plausible deniability

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Moji <lordmoji@gmail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup, LUKS, plausible deniability
Date: Tue, 15 Sep 2009 20:50:07 -0500	[thread overview]
Message-ID: <4AB0444F.4090000@gmail.com> (raw)
In-Reply-To: <20090914205644.GB4432@tansi.org>

Arno Wagner wrote:
> On Mon, Sep 14, 2009 at 01:25:48PM +0200, Mario 'BitKoenig' Holbe wrote:
>> Arno Wagner <arno@wagner.name> wrote:
> [...]
>>> If you want more, use TrueCrypt, but I would be very careful
>>> with plausible deniablility anyways. Your protection is primarily
>>> that they cannot force you to give up your keys. If you live
>>> in a country were they can, I propose to very seriously consider
>>> leaving that country for good. See also http://xkcd.com/538/
>> That's exactly the reason for plausible deniability. You know they are
>> able to force you to give them your key(s), so you prepare some keys to
>> give them (along with some data which makes some sense to be encrypted)
>> and the system gives you the ability to plausibly deny the existence of
>> more keys. Just in the hope they stop cutting your extremities after the
>> 6th finger because you convinced them.
> 
> I would say plausible deniability has the potential to make
> them continue even after you have given them everything, after
> all you could have hidden more with the "plausible deniability
> thing". 
> 
> On a related note, there has been a lot of evidence that
> torture does not work (foremost the French in Aleria, that 
> failed to find the headquaters of the resistance for years,
> despite torturing resistance fighters). For one thing people
> are likely to give you false information. This leads me to the
> conclusion that most torturers and their bosses are actually
> not interested in information, but in the cruelty itself. 
> 
> So I would say that plausible deniability is of very low value
> in practice and may have potential negative value in some
> situations. With plausible deniability they are sure to 
> torture you untill you are completely broken, while without 
> it, you can give them everything in a way they can actually
> verify. It is possible that you have information that still
> merits being protected under these circumstances, but I don't.
> Plausible deniability basically assumes the life of the person
> having the key is worth less than the information.

Many countries can and do torture people, but this is not true for all
countries.
So I do not think that everything should have to pass the "What if
torture" filter in order for it to be considered a valid idea.

Plausible deniability has legal ramifications that are beneficial in
those more litigious societies, to which many people belong.
This shifts the burden of proof to the opposing attorney/agency to prove
that random data represents information that you are obscuring.
Something that should be cryptologically difficult as long as the
algorithm you used is sound.

-MJ

next prev parent reply	other threads:[~2009-09-16  1:50 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-12 21:53 [dm-crypt] cryptsetup, LUKS, plausible deniability Ivan Stankovic
2009-09-12 22:22 ` Arno Wagner
2009-09-13  8:56   ` Tommaso
2009-09-13  9:07     ` [dm-crypt] OT: spam? Tommaso
2009-09-13  9:12       ` Rick Moritz
2009-09-13 10:00       ` Heinz Diehl
2009-09-13 18:37       ` Arno Wagner
2009-09-13 18:36     ` [dm-crypt] cryptsetup, LUKS, plausible deniability Arno Wagner
2009-09-13 19:44       ` Ivan Stankovic
2009-09-14  3:32         ` Arno Wagner
2009-09-14  7:28           ` Rick Moritz
2009-09-14 21:04             ` Arno Wagner
2009-09-13 18:04   ` Sven Eschenberg
     [not found]   ` <4AACA98F.2060002@redhat.com>
2009-09-13 18:28     ` Arno Wagner
2009-09-13 18:52       ` Milan Broz
2009-09-14  1:21   ` Sitaram Chamarty
2009-09-14 11:25   ` Mario 'BitKoenig' Holbe
2009-09-14 20:56     ` Arno Wagner
2009-09-14 23:45       ` Mario 'BitKoenig' Holbe
2009-09-15  0:04         ` test532
     [not found]           ` <6842.57094185359$1253045311@news.gmane.org>
2009-09-16 19:32             ` Mario 'BitKoenig' Holbe
2009-09-16 21:41               ` Debian User
2009-09-17 18:26                 ` test532
2009-09-18  1:20                   ` Arno Wagner
2009-09-18  4:00                     ` test532
     [not found]       ` <20090915200808.2DD0F4250006@tansi.org>
2009-09-15 20:32         ` Arno Wagner
2009-09-16 19:41           ` Mario 'BitKoenig' Holbe
2009-09-16 21:30             ` Arno Wagner
2009-09-16  1:50       ` Moji [this message]
2009-09-16 19:50         ` Mario 'BitKoenig' Holbe
2009-09-16 21:05           ` test532

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AB0444F.4090000@gmail.com \
    --to=lordmoji@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.