Hello, Am 15.04.2013 16:59, schrieb Arno Wagner: > On Mon, Apr 15, 2013 at 03:47:38PM +0200, octane indice wrote: >> Responding to ".. ink .." <mhogomchungu@xxxxxxxxx> : >> >>> Two differences i can think of are: >>> 3. luks doesnt support hidden volumes. >>> >> It does, in a way. > > True. Not much worse than the TrueCrypt variant actually. Ocatane, thanks for the example. Arno, thanks for additional explanations. May I suggest adding this to the FAQ? Kind regards, jonas > >> Create a loop file (or an existing partition). >> fill it with random data (important!) >> cryptsetup luksFormat it >> cryptsetup luksOpen it >> Format the crypted device with FAT32 (important!) > > Yes, as FAT32 fills a volume from the beginning. > >> Then, use loop with a high offset, e.g. more than half of the disk, >> create a plain cryptsetup > > To avoid metadata. > >> losetup -o 10000000 device >> cryptsetup create loop secretname >> format it with any filesystem, copy your very secret documents in it, close >> this partition. >> >> By doing this, anyone without the knowledge of the offset + the password >> won't be able to prove that you have datas hidden. >> Warning, if you write more data in the first luks device than the offset >> choosen, you destroy data (but in some case, you may want it). >> >> My 2 cents. > > The problem with hidden volumes is this: Either you have the risk > of destroying them, or you cannot use the partition they are > hiding in (which gives a good hint to an attacker), or you need to > reserve space for them explicitely (which gives a strong hint to the > attacker). > > TrueCrypt does not do any better here. Also keep in mind that > in many situations (US border inspection, e.g.) the mere suspicion > of a hidden partition being present will be enough. > > Arno > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
