Hi, I just got aware of the FreeOTFE project[1] that seems to be somewhat based on LUKS (or at least it is compatible with it). The software runs on Window$ and seems to offer plausible deniability: "Hidden" volumes may be concealed within other FreeOTFE volumes, providing "plausible deniability"" ... Volume file timestamps and attributes are reset after dismounting, increasing "plausible deniability" [1] Unfortunately, reading the documentation, I found out that this plausible deniability relies on the following (pretty weak) theory: "Plausible deniability" in OTFE systems is largely based on the theory that you can claim that your volume files are not encrypted data; you don't know what they are - you can't be expected to know every operation that your OS carries out! Perhaps it's some corrupt data that the system recovered at some stage? [2] I doubt that it won't be suspicious if I had a 250GB file ony my disk and claim that I don't know what it is :P Moreover, file containers are slower that containers on harddisk partition. Considering that laws seem to get more and more restrictive (e.g. Regulation of Investigatory Powers Act (RIPA)" [3]) and there is a possibility that one is sentenced to up to 2 years if you do not release the decryption keys [4], it is IMHO more and more important to have a cryptographic filesystem with support for plausible deniability. Will LUKS/dm-crypt offer plausible deniability in future relases ? Is it planned (maybe similar to truecrypt) ? I'm currently using truecrypt with its support for hidden volumes. Unforntunately, a hidden volume has to reside in a non-hidden volume where FAT is the only possible filesystem. Since using FAT on a LINUX system is suboptimal, I'm still looking for something else. LUKS would definitely be the best solution since there is full linux support and with patching there is even support for hardware accelleration[5][6]. Since the soekris project[7] offers a crypto-accel card (vpn1401)[8] that can do 128/192/256 AES for as much as EUR ~60,- this would be a perfect solution: dm-crypt with plausible deniability and full hardware acceleration -- [1] http://www.freeotfe.org [2] http://www.freeotfe.org/docs/plausible_deniability.htm#plausible_deniability [3] http://www.legislation.hmso.gov.uk/acts/acts2000/20000023.htm) [4] german: http://www.netzpolitik.org/2006/bitte-die-wohnungsschlussel-bei-der-polizei-abgeben [5] http://tservice.net.ru/~s0mbre/old/?section=projects&item=acrypto [6] http://ocf-linux.sourceforge.net [7] http://www.soekris.com [8] http://www.soekris.com/vpn1401.htm --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
