On 30/09/13 17:52, Eric H. Christensen wrote:
Someone asked me about this recently and I haven't had a chance
to
fully wrap my head around the solution but thought it was an
interesting scenario.
Background: Someone knows you have encrypted your computer using
LUKS. They convince you to enter (or otherwise provide) your
passphrase via the large wrench method[0].
Realcrypt method: There is plausible deniability (if properly
implemented) whereas you could provide the person with the
alternate passphrase which would give them access to a portion of
the encrypted partition but not your real working partition.
LUKS: There is no way to provide plausible deniability.
Proposed solution: LUKS provides four key slots to use for
decrypting a partition. How about have one key slot that when
used immediately implements a deletion of the encrypted partition
(or at least the key record).
Thoughts?
[0]
http://www.xkcd.org/538/
-- Eric
-------------------------------------------------- Eric "Sparks"
Christensen Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com 097C 82C3 52DF C64A
50C2 E3A3 8076 ABDE 024B B3D1
-------------------------------------------------- -- security
mailing list security(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security
There is a DM-Steg module. But somebody would probably have to work a
little more on it and put it into upstream, so it is maintained.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org