On Fri, Jun 24, 2016 at 18:33:37 CEST, Police Terror wrote: > You obviously did not look at the example because the data is not hidden > steganographically. You obviously did not understand what I wrote, because I never claimed that in this case it was. I only claimed that at this time this is the only valid known way to do plausible deniablility. [...] > About a well engineered solution: today I just found VeraCrypt which > actually works well. I encourage people to try it. It can create hidden > volumes. ... and that have all the problems hidden volumes come with. They also managed to create additional problems TrueCrypt does not have, for example a broken password "quality" assessment that cannot be bypassed (alternatively you get a broken password iteration, that can lead to minutes of unlock time). My trust in the VeraCrypt developers is much, much lower than in the original TrueCrypt developers. Seriously. Bright-eyed "can do" attitudes have no place in IT security. They do much more harm than good and they endanger users. Regards, Arno > Arno Wagner: > > What I would like to see is a plausible deniability technique > > that is not just a worthless tech-demo, but where the > > "plausible" part was actually well engineered with regards > > to how things work in the real world and that is not limited > > to a very small amount of steganographically hidden data. > > So far, none exists. > > > > The thing is, for an incompetent attacker it is already > > enough to just remove a partition from the partition table > > and re-create it at need in the same place. For a competent > > attacker, the things that exist today just provide probable > > cause that you are trying to hide something and hence make > > things worse. > > > > As it is, these tools are of negative worth, as they give > > users a false sense of security. > > > > Also refer to FAQ 5.18 for my analysis of the status-quo. > > The paper by Schneier et. al. I reference provides an > > excellent in-depth analysis of the problems with the idea > > of plausible deniability in a real OS environment. > > > > Regards, > > Arno > > > > On Fri, Jun 24, 2016 at 14:16:05 CEST, Police Terror wrote: > >> Here's the tool: > >> > >> https://github.com/RojavaCrypto/hiddencrypt > >> > >> Mostly proof of concept for now. > >> > >> Would be cool in the future to work something better out by hacking > >> cryptsetup itself. Maybe if there's headerless volumes (that just look > >> like random data). > >> > >> Multiple deniable Linux installs would be a killer feature. > >> > >> Milan Broz: > >>> On 06/24/2016 11:56 AM, Police Terror wrote: > >>>> Ahhh yes! Thank you Diagon and Milan. > >>>> I've added now the -q switch. > >>>> > >>>> I looked at the pycryptsetup but 2 things: > >>>> > >>>> 1. It's not Python 3 > >>>> 2. It's an extra dependency and not in the repos. > >>> > >>> Fedora has both Python3 and 2 builds but other > >>> distros do not compile it probably. > >>> > >>> (It was designed for Anaconda installer mainly.) > >>> > >>> Milan > >>> _______________________________________________ > >>> dm-crypt mailing list > >>> dm-crypt@xxxxxxxx > >>> http://www.saout.de/mailman/listinfo/dm-crypt > >>> > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@xxxxxxxx > >> http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
