On Tue, Apr 16, 2013 at 02:27:15PM -0400, .. ink .. wrote: > > I am not criticizing TrueCrupt here, this seems to be > > the best that can be done in the given situation, but > > "the best" is not really good. > > > > > Reading back through the mailing list and on the discussion on the feature > request on the bug tracker,it seem you just dont like the idea of a hidden > volume or the idea of having a volume inside another volume. That is a gross simplification. And unfair. Also inaccurate. While KISS applies, I have no objevtions to increasing complexity if there are significant security benefits. They are _not_ there with hidden volumes or embedded volumes, as I have explained. Crypto is for access control, not for hiding things. > Personally,i prefer PLAIN volumes over LUKS.An example of why is because > when you plug in a LUKS based usb encrypted device to a gnome desktop,the > desktop will give a prompt telling whoever is sitting at the desktop that > the device is encrypted with LUKS and will demand a password to unlock it.I > may not be hiding my stuff from government agencies,but i also do not like > to scream at whoever touches my stuff telling them i have encrypted data. Of cpuse, if you are protecting yourself againt incompetent people... But this does neither require gidden volumes not embedded volumes. Plain dm-crypt or plain TrueCrypt is quite enough. > I dont use truecrypt volumes and i never used the hidden volume feature but > i can see its appeal, The appeal is there. But the danger is that people vastly over-estimate the level of security it gives them. > it may not be to hide super secret stuff from > governments but simply to have two volumes in one container to > "compartmentalize" sensitive data and not try to hide any of it from > authorities but from say business competitors. >From my observations, "Business competitors" actually are kept out pretty reliably by open encryption. Just protect your passphrase adequately. No, the issue at hand is whether hidden volumes protect you in case somebody can coerce the passphrase(s) out of you and that somebody does not really need to prove conclusively that there is a hidden volume. In those cases, http://xkcd.com/538/ still applies. Sure, you may go the way of overkill and use hidden volumes against your kid sister or brother, but that does violate KISS and any discussion about encryption here is worldwide visible and some people may actually have to fight off capable attackers. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
