Re: Luks, use the double force! :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 26/05/2021 08:00, Michael Kjörling wrote:
> On 25 May 2021 11:44 +0000, from xxjacs@xxxxxxxxx (JAC):
>> Once the option 2 password is entered, the system will decrypt 
>> correctly but "covertly". The partition will be presented
>> containing a series of files and/or directories that the user has
>> previously wanted to incorporate and present to whoever has tried
>> to force him to reveal his data. /.../ I suppose that I am not the
>> first person who thinks about this solution, but I leave it there,
>> in case it is possible to implement this second option (or
>> password).
> 
> No, you're not the first person to think about having something like 
> this. In fact, it's covered in the LUKS FAQ, and has been for a
> while. 
> <https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions>
>
>  See in particular questions 5.2 "Is LUKS insecure? Everybody can see
> I have encrypted data!" and 5.18 "What about Plausible
> Deniability?".

Just from the LUKS maintainer side, I'll repeat my opinions to two ideas
that appears here again and again:

1) LUKS will not implement any "self destruct" passphrases or anything like this.

   Everyone doing forensic analysis will work on the copy to prevent destruction
   of the master device. LUKS is designed to work on common hardware that is not
   tamper resistant - we cannot avoid that someone make copies of the encrypted drive.

2) LUKS is not designed to provide strong plausible deniability.

   While you can store header detached, and you can play with data offsets
   to unlock one device with two headers pointing to two content views of the drive,
   this is not a strong plausible deniability.

   Even if you invent some clever steganographic techniques, there will
   be problem with current storage devices that track used space (TRIM etc),
   I do not believe we can implement reliable plausible deniability system these days
   without help of a hardware level (FTL - flash translation layer, for example).

If you know about any paper or publication that tries to solve these problems
(and it has some proved concept behind it), please share it with us!

Thanks,
Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux