Hi, On Fri, Nov 29, 2013 at 00:32:30 CET, anderson jackson wrote: > Hello, > > I have a small question regarding luks and plain dm-crypt, and I am unsure > what to use. > > I feel that the advantages provided by Luks obviously offers extra > security compared to plain, however I feel uneasy about the obviousness of > the fact that the drive is encrypted. That issue question crops up from time to time. See also FAQ Item 5.18. > Mainly because a disk with just random data could have been wiped instead > of encrypted. I would like the extra security provided by luks without it > being obvious that the disk is encrypted. To combat this I was thinking > about doing a cascade of two identical ciphers in plain mode, in this case > AES because the AES-NI acceleration will severely limit the performance > penalty of cascading two ciphers, I had the following setup in mind: The problem you now have is that you asked about this here. If you do such a set-up and somebody (law enforcement, e.g.) finds a "randomized" partition, they can just use that as argumentation why you are likely hiding an encrypted partition. Remember that law enforcement is an authoritarian concept and they do not care about right or wrong, but desire that you bow to their wishes. So if they have enough to hold you, they will just imprison you for a while until you hand them the key. If they do not, you can just refuse to give out the LUKS key. For LUKS, you can always claim that it was an old experiment and you do not know the passphrase anymore. Gives about as much protection. Same applies in even worse form if somebody extorts you or kidnaps you together with your disk. > first step: cryptsetup –-cipher=aes-xts-plain –-offset=0 –-key-size=512 > open –-type=plain /dev/sdx cascade1, with the first independend password. > Second step: cryptsetup –-cipher=aes-xts-plain –-offset=0 –-key-size=512 > open –-type=plain /dev/mapper/cascade1 cascade2, with the second independed > unrelated password. > Third step: nwipe --rounds=1 --noblank --prng=twister --method=random > /dev/mapper/cascade2, this will fill the last block device with random data to > completely fill up the entire disk. > Fourth step: format the last block device with ext4. > > My theory then is, that even when an attacker finds the first passwords, he > will never know he has because the result will be random just as with a wrong > password. With the fist password correct, you see the LUKS header. > In fact all possible passwords will result in random data. The attacker > has no way of knowing if there are cascades and how many. Am I right to > come to this conclusion or should I stick with luks and deal with it being > an obvious encrypted disk? Stick with LUKS and know it is obvious (and prevent the situation where you may have to lie to the attacker "it is not an encrypted partition", and may later have to retract that lie resulting in additional problems). Refuse to provide the passphrase before talking to an attorney for "legal" attacks or plain refuse for others. Alternatively, use a plain dm-crypt container, do the random wiping as well, and use a better passphrase. See FAQ Item 5.1 for my current recomendations for LUKS and plain. In both cases, make sure your attacker cannot brute-force the passphrase. At this time, I would recommend using at least 100 bit of entropy for both LUKS and plain if you want to be sure. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
