-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Someone asked me about this recently and I haven't had a chance to fully wrap my head around the solution but thought it was an interesting scenario. Background: Someone knows you have encrypted your computer using LUKS. They convince you to enter (or otherwise provide) your passphrase via the large wrench method[0]. Realcrypt method: There is plausible deniability (if properly implemented) whereas you could provide the person with the alternate passphrase which would give them access to a portion of the encrypted partition but not your real working partition. LUKS: There is no way to provide plausible deniability. Proposed solution: LUKS provides four key slots to use for decrypting a partition. How about have one key slot that when used immediately implements a deletion of the encrypted partition (or at least the key record). Thoughts? [0] http://www.xkcd.org/538/ - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project sparks@xxxxxxxxxxxxxxxxx - sparks@xxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQGcBAEBCgAGBQJSSaw6AAoJEB/kgVGp2CYvDTAL/jeuWo8r39Apq7QA6hQKmDI9 Oe+GB5SRk99ecqmBKcapC6nGewfVajoeuNo27AG9CfmQ97ZSk6Oabvt8OibgXXc5 S64me8zy+Rqx2uu8i271P8DGbf3IFENMMtCdkPCfJWNU5ZAepGwBXCQXRJwC09jn MWeQ9kDFmvHZE4a8bO/G6ZPkXI+Vm7BxJYsGq6f5SVcAnqWdKWSUiZPfEcAIGPzx AFDmiR8wQpQ2e3PiHEstLYK9DHr6ALIqZxbdwwlLM/vOi7N2Xk3PobIby3KREU4b yCh5lkp2oZKkWhGY2AYgFwm1uo7/jWSDFArcJDTtr9amU1mihrpmRPBxAzcplSFK oj9LJeYXXnpGFRHNyr68Zp8Dp5ckhDgUVMV1m8MCgVgmyn7cIexIvib4kng/c/aE Wo/32VXw8T/++Gszlv4AjLKjMlD4PEVWSO9saJLeQIlwEQFZYulpVkRa/6RKesYZ NbuMocam5uk2z0BeXCXjD5A1nvh7YHnhuCjv4HizqQ== =Tdc5 -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
