-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/30/2013 10:52 AM, Eric H. Christensen wrote: > Someone asked me about this recently and I haven't had a chance to > fully wrap my head around the solution but thought it was an > interesting scenario. > > Background: Someone knows you have encrypted your computer using > LUKS. They convince you to enter (or otherwise provide) your > passphrase via the large wrench method[0]. > > Realcrypt method: There is plausible deniability (if properly > implemented) whereas you could provide the person with the > alternate passphrase which would give them access to a portion of > the encrypted partition but not your real working partition. > > LUKS: There is no way to provide plausible deniability. > > Proposed solution: LUKS provides four key slots to use for > decrypting a partition. How about have one key slot that when used > immediately implements a deletion of the encrypted partition (or at > least the key record). > > Thoughts? > > [0] http://www.xkcd.org/538/ > > -- Eric Because they'll be using a cloned copy most likely. If not you're now guilt of destruction of evidence. Truecrypt's plausible deniability is much better, "emergency deletion/crypto shredding is not effective. There are commercial devices you can plugin that will then let the attacker clone the system easily while the system is running: http://www.linux-magazine.com/Issues/2012/140/Security-Lessons-Hacking-Hardware/(language)/eng-US - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSSa56AAoJEBYNRVNeJnmTeeMP/2LM3Q0m7EvK3UaF4GIQyWPU mAdgQ4gBiJgRByX2fNT10feGkvi+slTOUSlya4u8R2iya11lvIVKR4aNplC2D9eh BzYB5dbDXYpv5CR3AnQivRbe4ZJFRayLzOdgzfMNWHen/QenNupKs0ZfTjVpTqcD JVkaCLg5kl5A1iQ2qz0GBdGMC2+7yj+CEOHUrig8NtsySu1O8UWuv3j51JLOGIkW /cUBo2AUYqHwDb0a/10oihnF7or/+g5dQOYeKlqHoHUMQHemqz31GalWUjIbP0VS kpcJbost4nrWlEXEtWNZPBUI3bOdyQnvJUFqGkwe0fBsMVs0S+04VunO0gSF8Ly7 pgriFkxEbVnLOSLHpVfs0EvBIsvxYU/ffCBGempDZHaQij8cMZat9NtF3TH6bnOi yj7aqL/Y5jMzAf/j3NUEVrkfrURUCWrw7umdB+1Zz6j7qIG6U496UtWqpAIywCWe zAuao3UgaKoKUb2uqIbFez/xZCSi/CVSik/RsTd/g5QxW+EpcJBKcZgb044s9l1a ZiWykwl8MLR7ZNa80P8amPRT2678fICUNc42acDq4RNLXme/befBywythtMkl0Gp AZ5zM4BYDfNFa1LskMwxEW7MZpeJVUxumwB6DMkgglK5GjTJW0h7/vPQkGXxBAsD NCPNu+GzLNrrQw9hVKrB =0k9E -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
