On 30/09/13 17:52, Eric H. Christensen wrote: > Someone asked me about this recently and I haven't had a chance to > fully wrap my head around the solution but thought it was an > interesting scenario. > > Background: Someone knows you have encrypted your computer using > LUKS. They convince you to enter (or otherwise provide) your > passphrase via the large wrench method[0]. > > Realcrypt method: There is plausible deniability (if properly > implemented) whereas you could provide the person with the > alternate passphrase which would give them access to a portion of > the encrypted partition but not your real working partition. > > LUKS: There is no way to provide plausible deniability. > > Proposed solution: LUKS provides four key slots to use for > decrypting a partition. How about have one key slot that when > used immediately implements a deletion of the encrypted partition > (or at least the key record). > > Thoughts? > > [0] http://www.xkcd.org/538/ > > -- Eric > > -------------------------------------------------- Eric "Sparks" > Christensen Fedora Project > > sparks@xxxxxxxxxxxxxxxxx - sparks@xxxxxxxxxx 097C 82C3 52DF C64A > 50C2 E3A3 8076 ABDE 024B B3D1 > -------------------------------------------------- -- security > mailing list security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security > There is a DM-Steg module. But somebody would probably have to work a little more on it and put it into upstream, so it is maintained. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore@xxxxxxxxxxxxxxxxx -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
