Gregor Zattler wrote: > does loop-aes provide some kind of deniability? Yes, if you set it up that way. For example, if you set up a computer to first try to boot from USB-stick, and then to try hard disk boot. disk partition Normal boot usage Forced key handover boot usage ~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /dev/hda1 not used unencrypted /boot /dev/hda2 not used encrypted root /dev/hda3 encrypted swap, random keys encrypted swap, random keys /dev/hda4 encrypted root encrypted /tmp, random keys USB-stick Normal boot usage Forced key handover boot usage ~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /dev/sda unencrypted /boot not used You install some small distro on /dev/hda2, and never put any secret data there. You install your normal distro on /dev/hda4, and put your secret data there. On normal usage, you always boot your computer from USB-stick to encrypted root on /dev/hda4. Key files used for encrypting /dev/hda4 and /dev/hda2 are different, and use different gpg passphrases. If you accidentally try to boot from hard disk, you never enter the 'key handover' passphrase. When you are forced to reveal the 'key handover' passphrase, your computer boots to encrypted root on /dev/hda2. You can do that only *once*, because according to /etc/fstab on /dev/hda2 root partition, mount sets up random loop encryption keys on /dev/hda4, and runs 'mkfs' on /dev/hda4, effectively overwriting file system structure there. After one such 'key handover' boot, even when used with correct key file and passphrase from your USB-stick, you or anyone else, have significant difficulties recovering data from /dev/hda4. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
