DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] cryptsetup, LUKS, plausible deniability
Date: Sun, 13 Sep 2009 00:22:24 +0200	[thread overview]
Message-ID: <20090912222223.GA23233@tansi.org> (raw)
In-Reply-To: <20090912215345.GA8666@alpha2>

I think this is the wrong approach. LUKS is not designed to hide
at all and trying to make it capable of doing so is very likely
a lot harder than to use something else, esoecially as several
solutions are already available. 

Incidentially, using plain dm-crypt with a single zero-overwrite 
of the decrypted device already works very well. I, for example,
use plain dm-crypt with a random key and zero overwrite to
erase devices and partitions. This is indistinguishable from
a denied encrypted volume. It is not feasible to hide the 
encrypted data istelf, so this is as far as it goes. 

If you want more, use TrueCrypt, but I would be very careful
with plausible deniablility anyways. Your protection is primarily
that they cannot force you to give up your keys. If you live
in a country were they can, I propose to very seriously consider
leaving that country for good. See also http://xkcd.com/538/
This _is_ realistic.
  
Arno



On Sat, Sep 12, 2009 at 11:53:45PM +0200, Ivan Stankovic wrote:
> Hi everyone,
> 
> I'd like to start a discussion about plausible deniability for LUKS (see
> http://code.google.com/p/cryptsetup/issues/detail?id=7).
> 
> As has already been said in a comment on the issue above, even having
> an option to hide/encrypt LUKS header would be helpful. One approach is to
> just encrypt the normal LUKS header with a header key, which is not very
> user-friendly as one would now have to remember/store both the passphrase and
> the header key (one might as well use plain dmcrypt with a single key).
> 
> I guess the goal here would be to have LUKS features (multiple passphrases,
> ease of use, key splitting...) implemented in such a way that nobody can prove
> that you're using encryption. Thoughts?
> 
> 
> -- 
> Ivan Stankovic, pokemon@fly.srk.fer.hr
> 
> "Protect your digital freedom and privacy, eliminate DRM, 
> learn more at http://www.defectivebydesign.org/what_is_drm"
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

  reply	other threads:[~2009-09-12 22:22 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-12 21:53 [dm-crypt] cryptsetup, LUKS, plausible deniability Ivan Stankovic
2009-09-12 22:22 ` Arno Wagner [this message]
2009-09-13  8:56   ` Tommaso
2009-09-13  9:07     ` [dm-crypt] OT: spam? Tommaso
2009-09-13  9:12       ` Rick Moritz
2009-09-13 10:00       ` Heinz Diehl
2009-09-13 18:37       ` Arno Wagner
2009-09-13 18:36     ` [dm-crypt] cryptsetup, LUKS, plausible deniability Arno Wagner
2009-09-13 19:44       ` Ivan Stankovic
2009-09-14  3:32         ` Arno Wagner
2009-09-14  7:28           ` Rick Moritz
2009-09-14 21:04             ` Arno Wagner
2009-09-13 18:04   ` Sven Eschenberg
     [not found]   ` <4AACA98F.2060002@redhat.com>
2009-09-13 18:28     ` Arno Wagner
2009-09-13 18:52       ` Milan Broz
2009-09-14  1:21   ` Sitaram Chamarty
2009-09-14 11:25   ` Mario 'BitKoenig' Holbe
2009-09-14 20:56     ` Arno Wagner
2009-09-14 23:45       ` Mario 'BitKoenig' Holbe
2009-09-15  0:04         ` test532
     [not found]           ` <6842.57094185359$1253045311@news.gmane.org>
2009-09-16 19:32             ` Mario 'BitKoenig' Holbe
2009-09-16 21:41               ` Debian User
2009-09-17 18:26                 ` test532
2009-09-18  1:20                   ` Arno Wagner
2009-09-18  4:00                     ` test532
     [not found]       ` <20090915200808.2DD0F4250006@tansi.org>
2009-09-15 20:32         ` Arno Wagner
2009-09-16 19:41           ` Mario 'BitKoenig' Holbe
2009-09-16 21:30             ` Arno Wagner
2009-09-16  1:50       ` Moji
2009-09-16 19:50         ` Mario 'BitKoenig' Holbe
2009-09-16 21:05           ` test532

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090912222223.GA23233@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox