On Mon, Sep 30, 2013 at 01:40:37PM -0500, Bruno Wolff III wrote: > On Mon, Sep 30, 2013 at 12:52:13 -0400, > "Eric H. Christensen" <sparks@xxxxxxxxxxxxxxxxx> wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA512 > > > >Someone asked me about this recently and I haven't had a chance to fully wrap my head around the solution but thought it was an interesting scenario. > > > >Background: > >Someone knows you have encrypted your computer using LUKS. They convince you to enter (or otherwise provide) your passphrase via the large wrench method[0]. > > > >Realcrypt method: > >There is plausible deniability (if properly implemented) whereas you could provide the person with the alternate passphrase which would give them access to a portion of the encrypted partition but not your real working partition. > > > >LUKS: > >There is no way to provide plausible deniability. > > > >Proposed solution: > >LUKS provides four key slots to use for decrypting a partition. How about have one key slot that when used immediately implements a deletion of the encrypted partition (or at least the key record). > > > >Thoughts? > > They'll just keep using the wrench until you tell them all of the passwords. This isn't theoretical. That's pretty much exactly what happenned to my grandfather: http://en.wikipedia.org/wiki/Gustave_Bieler > Even plausible deniability might not work so well, if someone who > knows what their doing looks at you disk. > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security - RGB -- Richard Guy Briggs <rbriggs@xxxxxxxxxx> Senior Software Engineer Kernel Security AMER ENG Base Operating Systems Remote, Ottawa, Canada Voice: +1.647.777.2635 Internal: (81) 32635 Alt: +1.613.693.0684x3545 -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
