On Tue, Jan 14, 2014 at 06:00:23 CET, .. ink .. wrote: > > > with cryptsetup,the way to do it would be: > > > 1. start with a block device like a usb stick > > > 2. blank it out with random data. > > > 3. put a regular file system like vfat at the beginning of the device. > > > 4. put an encrypted plain volume somewhere at the back of the device. > > > > And any reasonable disk forensics tool will find that automatically > > and fast. My keyslot-checker could be adapted to find something like > > that in maybe one hour. > > > > > are you saying that,if i create a 100MB file with data from "/dev/urandom" > and then put a vfat file system on it,and then i open a plain mapper at > 50MB offset and create a second file system on the file through the > mapper,then your keyslot-checker or any other forensic tool will be able to > detect the presence of this plain volume? No, if you crypto-blank it, it will not. But you need to protect the additional container against overwriting in some way. One way is to not write the outer container at all. This is obvious, as it is going to be either old and not written for a long time or brand-new, i.e. container has been creatded for the border- crossing. The way TC does it by preventing writes to that area is likely to leacve traces of the failed writes. > If true,then i would appreciate any link to any discussion of it because i > am unaware of it. See above. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
