> > My idea for self-destruct would be the following: > There are two passphrases for an encrypted partition: the "real" one and the > self-destruct passphrase. > The "real" one just mounts the encrypted disk of course. > The self-destruct passphrase will set up a new filesystem (thus no real secure > self-destruct) and then run some encrypted script or program which will > populate the newly created filesystem with "nonsensitive" but meaningful data > (like some kernel source or newsgroup messages). Only an idiot would let you type in the password yourself. And what if they backup your data first before trying to "hack" into it? A known from-the-shelf solution will probably not be safe enough because your attackers will know about it. A more feasible solution might be some kind of "time lock feature" (multiple locks, automatic password change...) but there are lots of scenarios to take into consideration here. > > Maybe it would be better to just store 2 data-partitions in one (real) > partition ? This is in the lines what True Crypt 4.x implements. Check it out http://www.truecrypt.org/ Regards, Henrik Holst --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
