On Sun, 21 May 2006 20:29:24 +0200, Stefan Schönleitner wrote: >Hi, > >I just got aware of the FreeOTFE project[1] that seems to >be somewhat based on LUKS (or at least it is compatible with it). >The software runs on Window$ and seems to offer plausible deniability: [snip] >Unfortunately, reading the documentation, I found out that this plausible >deniability relies on the following (pretty weak) theory: > >"Plausible deniability" in OTFE systems is largely based on the theory that you >can claim that your volume files are not encrypted data; you don't know what >they are - you can't be expected to know every operation that your OS carries >out! Perhaps it's some corrupt data that the system recovered at some stage? Not entirely true; if you read the paragraph following the above in FreeOTFE's documentation, you'll see that I agree with you - it *is* pretty improbable, which is exactly why FreeOTFE doesn't rely on this. >Considering that laws seem to get more and more restrictive (e.g. >Regulation of Investigatory Powers Act (RIPA)" [3]) and there is a >possibility that one is sentenced to up to 2 years if you do not release the >decryption keys [4], it is IMHO more and more important to have a cryptographic >filesystem with support for plausible deniability. > >Will LUKS/dm-crypt offer plausible deniability in future relases ? >Is it planned (maybe similar to truecrypt) ? LUKS cannot offer this in itself as LUKS volumes are readily identifiable for what they are by the standard LUKS header. OTOH, dm-crypt doesn't have any such header... >I'm currently using truecrypt with its support for hidden volumes. >Unforntunately, a hidden volume has to reside in a non-hidden volume where FAT >is the only possible filesystem. >Since using FAT on a LINUX system is suboptimal, I'm still looking for something >else. >LUKS would definitely be the best solution since there is full >linux support and with patching there is even support for hardware >accelleration[5][6]. "Plausible deniability" should certainly be possible with LUKS/dm-crypt, by using a LUKS/dm-crypt "outer" volume, initilized appropriately and using dm-crypt to create "inner" volumes at suitable offsets, as needed. Any filesystem may be used for either the "outer" and "inner" volumes, with "inner" volumes being further nested, if required. -- Sarah Dean FreeOTFE site: http://www.FreeOTFE.org/ Personal site: http://www.SDean12.org/ For information on SecureTrayUtil, Shredders, On-The-Fly Encryption (OTFE) systems, etc, see the URLs above. --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
