Jari Ruusu wrote:
Gregor Zattler wrote:
does loop-aes provide some kind of deniability?
Yes, if you set it up that way. For example, if you set up a computer to
first try to boot from USB-stick, and then to try hard disk boot.
disk partition Normal boot usage Forced key handover boot usage
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/dev/hda1 not used unencrypted /boot
/dev/hda2 not used encrypted root
/dev/hda3 encrypted swap, random keys encrypted swap, random keys
/dev/hda4 encrypted root encrypted /tmp, random keys
USB-stick Normal boot usage Forced key handover boot usage
~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/dev/sda unencrypted /boot not used
You install some small distro on /dev/hda2, and never put any secret data
there. You install your normal distro on /dev/hda4, and put your secret data
there.
On normal usage, you always boot your computer from USB-stick to encrypted
root on /dev/hda4. Key files used for encrypting /dev/hda4 and /dev/hda2 are
different, and use different gpg passphrases. If you accidentally try to
boot from hard disk, you never enter the 'key handover' passphrase. When you
are forced to reveal the 'key handover' passphrase, your computer boots to
encrypted root on /dev/hda2. You can do that only *once*, because according
to /etc/fstab on /dev/hda2 root partition, mount sets up random loop
encryption keys on /dev/hda4, and runs 'mkfs' on /dev/hda4, effectively
overwriting file system structure there. After one such 'key handover' boot,
even when used with correct key file and passphrase from your USB-stick, you
or anyone else, have significant difficulties recovering data from
/dev/hda4.
Although I will agree that this provides a great deal of security for
the data I don't think
that it provides 'deniability'. In particular if the attack consists of
physical possession of the
computer and an analysis of the disk drive content without the attempt
to boot it, and even
more so if the usb key is available to the attacker.
Truecrypt does provide some degree of deniability, although you have
clearly demonstrated
previously its vulnerability to watermark attacks (which somewhat
diminishes the deniability).
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
