On Mon, 14 Sep 2009 09:28:21 +0200, Rick Moritz wrote: >A solution to this issue may be the option to load an external LUKS header. >This could be on an encrypted USB device and therefore not trivially linked >to the actual disk. If possible, that certainly sounds like the most practical method using LUKS to create a hidden volume - though of course it does leave you with the question: where do you store your LUKS header?(!) This is not entirely a factious question - if you're storing it on a separate USB flash drive in a location where it can't be found, why not simply store your encrypted data alongside it - *if* it's not going to be found by an attacker? (That's only a half humorous comment; with the capacities of USB flash drives - or even better SD cards/microSD cards, physical concealment is certainly lot more viable than with (say) a 3.5" HDD...) >The option, if not there already, could also aid with >some troubleshooting or backup procedures. >On the other hand plausible deniability is extremely hard, and requires >security measures beyond the dimensions of user friendliness. Therefore >losing the LUKS feature-set should be a least concern. Using a >steganographic approach is more suitable, especially when large amounts of >encrypted, apparently scientificallly used data are used as background noise >- inserting some small amount of hidden extra information into that should >be quite hard to detect, if the system is properly designed not to log >"incriminating" operations on mounts that are supposed to contain other >data. Hiding very small quantities of data reasonably successfully may well be viable - though like encryption, you may well find good steganography looks remarkably similar to bad steganography (i.e. just random looking data) Hiding the volumes of data typically found in most disk encryption systems is a different matter though - *except* perhaps when hiding it within other encrypted material. This is one reason most disk encryption systems offering "hidden volumes" do so using the unused data areas of the disk; preferably having previously overwritten the unused areas of the "host" volume with encrypted data, as I suggest in the FreeOTFE documentation: http://www.FreeOTFE.org/docs/Main/plausible_deniability.htm >I'd like to point to my first line again though: Is it possible to load an >external LUKS header? This may be an approach to superficially adress the >original issue. If not directly supported already; I wouldn't expect this to be *too* difficult to implement? -- Sarah Dean FreeOTFE site: http://www.FreeOTFE.org/ Personal site: http://www.SDean12.org/ For information on SecureTrayUtil, Shredders, On-The-Fly Encryption (OTFE) systems, etc, see the URLs above. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
