On Mon, Apr 15, 2013 at 03:47:38PM +0200, octane indice wrote: > Responding to ".. ink .." <mhogomchungu@xxxxxxxxx> : > > > Two differences i can think of are: > > 3. luks doesnt support hidden volumes. > > > It does, in a way. True. Not much worse than the TrueCrypt variant actually. > Create a loop file (or an existing partition). > fill it with random data (important!) > cryptsetup luksFormat it > cryptsetup luksOpen it > Format the crypted device with FAT32 (important!) Yes, as FAT32 fills a volume from the beginning. > Then, use loop with a high offset, e.g. more than half of the disk, > create a plain cryptsetup To avoid metadata. > losetup -o 10000000 device > cryptsetup create loop secretname > format it with any filesystem, copy your very secret documents in it, close > this partition. > > By doing this, anyone without the knowledge of the offset + the password > won't be able to prove that you have datas hidden. > Warning, if you write more data in the first luks device than the offset > choosen, you destroy data (but in some case, you may want it). > > My 2 cents. The problem with hidden volumes is this: Either you have the risk of destroying them, or you cannot use the partition they are hiding in (which gives a good hint to an attacker), or you need to reserve space for them explicitely (which gives a strong hint to the attacker). TrueCrypt does not do any better here. Also keep in mind that in many situations (US border inspection, e.g.) the mere suspicion of a hidden partition being present will be enough. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
