On Sun, May 18, 2008 at 11:50:02PM +0200, Lurkos wrote: > On Sun, May 18, 2008 at 4:51 PM, Arno Wagner <arno@xxxxxxxxxxx> wrote: > > Incidentially, actually proving some data is encrypted is not possible > > from the encrypted data itself, e.g. when using dm-crypt. (With LUKS > > there is the header, which may be enough to convince a court.) > > If I've right understood what you mean, using LUKS the security of the > system decreases, because the presence of the header is enough to > demonstrate that an encrypted content is present. Yes, that can happen, depending on the circumstances. > So... why use LUKS and not directly cryptsetup *without* LUKS extensions? Whenever you do not need to hide the fact that something encrypted is present, LUKS gives you improved functionality, like multiple keys and a possibility to change them. Think for example data-theft prevention on a laptop. You do not need to hide the presence of encrypted data form the thief. Also, there are countries left, were the authorties cannot compel you to hand over an encryption key. Typically the reasoning is that you are not obliged to actively help in prosecuting yourself or that as accused you have the right to lie. There are also serious problems with an oblicgation to hand over keys. What if you claim that stress made you forget them? Or that they were on a pice of paper you managed to destroy? Or something like it? Can you be punished for not handing over the keys if it is not clear whether you actually _can_ hand them over in the first place? Arno -- Arno Wagner, Dipl. Inform., CISSP --- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
