From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com
 [IPv6:2a00:1450:400c:c05::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 30 May 2014 17:25:16 +0200 (CEST)
Received: by mail-wi0-f178.google.com with SMTP id cc10so1318818wib.17
 for <dm-crypt@saout.de>; Fri, 30 May 2014 08:25:15 -0700 (PDT)
Received: from [192.168.2.18] (56.157.broadband5.iol.cz. [88.100.157.56])
 by mx.google.com with ESMTPSA id r5sm10705241wjq.26.2014.05.30.07.55.56
 for <dm-crypt@saout.de>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 30 May 2014 07:55:57 -0700 (PDT)
Message-ID: <53889BF8.7060506@gmail.com>
Date: Fri, 30 May 2014 16:55:52 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <53884fd4.c462b40a.0302.ffff9e31@mx.google.com>
 <20140530131326.GA21263@tansi.org>
In-Reply-To: <20140530131326.GA21263@tansi.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Question about backdoors and the NSL
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 05/30/2014 03:13 PM, Arno Wagner wrote:
> On Fri, May 30, 2014 at 11:07:12 CEST, web1bastler@googlemail.com wrote:
>> Hello dear cryptsetup team,
>>  
>> I want to ask if you received a national security letter because I want to
>> know if my LUKS encrypted volumes are still safe. 
> 
> First, you should know that your question is not very bright.
> Recipients of valid NSLs are not allowed to talk about them or 
> admit they have gotten one. Hence what do you expect as answer if
> there were an NSL?
> 
> But second, Milan and I are not located in the US, so I doubt
> that they could legally give either of us an NSL and even if
> they did, I doubt it would have any effect. But please notice
> that I am not answering your question, to be sure you have to 
> verify what I just said yourself.

Exactly.

Cryptsetup is opensource under clear license, every meaningful
and independent audit is welcome of course.

...

>> So I want to know if my sensitive data is still safe on a LUKS encrypted
>> volume.
> 
> It should be. But also note that it depends on more than cryptsetup.
> cryptsetup is just a set-up front-end from dm-crypt and the kernel
> encryption code. On the other hand, the only thing that could have
> a relvant backdoor there is the crypto-RNG, and there is reson to
> believe the kernel folks are taking that one pretty serious and
> it likely is not compromised.

Also I am releasing and signing source code only, so you have to trust
distro maintainers as well which are compiling the code.

Milan