I think this is the wrong approach. LUKS is not designed to hide at all and trying to make it capable of doing so is very likely a lot harder than to use something else, esoecially as several solutions are already available. Incidentially, using plain dm-crypt with a single zero-overwrite of the decrypted device already works very well. I, for example, use plain dm-crypt with a random key and zero overwrite to erase devices and partitions. This is indistinguishable from a denied encrypted volume. It is not feasible to hide the encrypted data istelf, so this is as far as it goes. If you want more, use TrueCrypt, but I would be very careful with plausible deniablility anyways. Your protection is primarily that they cannot force you to give up your keys. If you live in a country were they can, I propose to very seriously consider leaving that country for good. See also http://xkcd.com/538/ This _is_ realistic. Arno On Sat, Sep 12, 2009 at 11:53:45PM +0200, Ivan Stankovic wrote: > Hi everyone, > > I'd like to start a discussion about plausible deniability for LUKS (see > http://code.google.com/p/cryptsetup/issues/detail?id=7). > > As has already been said in a comment on the issue above, even having > an option to hide/encrypt LUKS header would be helpful. One approach is to > just encrypt the normal LUKS header with a header key, which is not very > user-friendly as one would now have to remember/store both the passphrase and > the header key (one might as well use plain dmcrypt with a single key). > > I guess the goal here would be to have LUKS features (multiple passphrases, > ease of use, key splitting...) implemented in such a way that nobody can prove > that you're using encryption. Thoughts? > > > -- > Ivan Stankovic, pokemon@xxxxxxxxxxxxxx > > "Protect your digital freedom and privacy, eliminate DRM, > learn more at http://www.defectivebydesign.org/what_is_drm"; > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
