From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt@saout.de
Subject: [dm-crypt] Re: Luks, use the double force! :)
Date: Wed, 26 May 2021 08:47:56 +0200 [thread overview]
Message-ID: <bfb284d7-495c-9194-507e-5a6347d9696a@gmail.com> (raw)
In-Reply-To: <5c8f59a4-bdb4-4ca5-bc09-3c8aa5274ceb@localhost>
On 26/05/2021 08:00, Michael Kjörling wrote:
> On 25 May 2021 11:44 +0000, from xxjacs@yahoo.com (JAC):
>> Once the option 2 password is entered, the system will decrypt
>> correctly but "covertly". The partition will be presented
>> containing a series of files and/or directories that the user has
>> previously wanted to incorporate and present to whoever has tried
>> to force him to reveal his data. /.../ I suppose that I am not the
>> first person who thinks about this solution, but I leave it there,
>> in case it is possible to implement this second option (or
>> password).
>
> No, you're not the first person to think about having something like
> this. In fact, it's covered in the LUKS FAQ, and has been for a
> while.
> <https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions>
>
> See in particular questions 5.2 "Is LUKS insecure? Everybody can see
> I have encrypted data!" and 5.18 "What about Plausible
> Deniability?".
Just from the LUKS maintainer side, I'll repeat my opinions to two ideas
that appears here again and again:
1) LUKS will not implement any "self destruct" passphrases or anything like this.
Everyone doing forensic analysis will work on the copy to prevent destruction
of the master device. LUKS is designed to work on common hardware that is not
tamper resistant - we cannot avoid that someone make copies of the encrypted drive.
2) LUKS is not designed to provide strong plausible deniability.
While you can store header detached, and you can play with data offsets
to unlock one device with two headers pointing to two content views of the drive,
this is not a strong plausible deniability.
Even if you invent some clever steganographic techniques, there will
be problem with current storage devices that track used space (TRIM etc),
I do not believe we can implement reliable plausible deniability system these days
without help of a hardware level (FTL - flash translation layer, for example).
If you know about any paper or publication that tries to solve these problems
(and it has some proved concept behind it), please share it with us!
Thanks,
Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
next prev parent reply other threads:[~2021-05-26 6:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2040424248.1461349.1621943054284.ref@mail.yahoo.com>
2021-05-25 11:44 ` [dm-crypt] Luks, use the double force! :) JAC
2021-05-26 6:00 ` [dm-crypt] " Michael Kjörling
2021-05-26 6:47 ` Milan Broz [this message]
2021-05-26 7:23 ` Michael Kjörling
2021-05-26 17:02 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bfb284d7-495c-9194-507e-5a6347d9696a@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox