On Mon, 23/05/2011 at 09:09 +0200, Milan Broz wrote: > One simple change will be support for detached LUKS header in some > next version of cryptsetup. > So you can have header on separate (USB or so) device or in file. > The unlocked drive then does not contain any visible metadata then. Reasonable intention. Arno Wagner You consider only two extreme situations. First, you may easily refuse to give the key. Second, government is hunting for you and keen to find out your secrets. You will not believe, but there are many other situations. Opponents may not be so intelligent and they do not know that random-looking parts of a disk can contain information. If they suspect presence of encryption, the extent how much they will try to affect you depends on their confidence, and presence of a cryptographic header would apparently be bad. And so on. I don't claim that deniable encryption guarantee personal security. However there is a lot of situations when visible cryptographic header is definitely undesirable. I think it is obvious and I wouldn't like to argue about that. At last, there is no legal ground to demand the key if there is no indication of encryption. Citizens must not explain anything. Otherwise, it is lawlessness. They should get used to random bits. All I am interested in this topic is how to modify initramfs so that kernel would understand option root=/dev/mapper/hhd2 or something like that. In brief, task is following. Bootloader (grub), kernel (vmlinuz) and vfs (initramfs) are placed on a usb flash drive. Encrypted root file system is placed on hdd drive (with no cryptographic header). Kernel should be able to decrypt root file system. Any hints are welcome. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
