Info wrote: > Although I will agree that this provides a great deal of security for the > data I don't think that it provides 'deniability'. In particular if the > attack consists of physical possession of the computer and an analysis of > the disk drive content without the attempt to boot it, After handing over the passphrase to /dev/hda2 root partition, all hard disk space is accounted for. Files on /dev/hda1 and /dev/hda2 are readable, and user can prove that programs on /dev/hda2 root partition create random encryption keys for /dev/hda3 and /dev/hda4 on each boot, and that user has no way of knowing what earlier encryption keys were on those two partitions. > and even more so if the usb key is available to the attacker. Here user insists that /dev/hda2 is the root partition. That way all hard disk space is accounted for. Attacker can prove existence of one small gpg encrypted file on USB-stick for which user has forgotten passphrase. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
