On 30/09/13 17:52, Eric H. Christensen wrote: > Someone asked me about this recently and I haven't had a chance to > fully wrap my head around the solution but thought it was an > interesting scenario. > > Background: Someone knows you have encrypted your computer using > LUKS. They convince you to enter (or otherwise provide) your > passphrase via the large wrench method[0]. > > Realcrypt method: There is plausible deniability (if properly > implemented) whereas you could provide the person with the > alternate passphrase which would give them access to a portion of > the encrypted partition but not your real working partition. > > LUKS: There is no way to provide plausible deniability. > > Proposed solution: LUKS provides four key slots to use for > decrypting a partition. How about have one key slot that when > used immediately implements a deletion of the encrypted partition > (or at least the key record). > > Thoughts? > > [0] http://www.xkcd.org/538/ > > -- Eric > > -------------------------------------------------- Eric "Sparks" > Christensen Fedora Project > > spa...@fedoraproject.org - spa...@redhat.com 097C 82C3 52DF C64A > 50C2 E3A3 8076 ABDE 024B B3D1 > -------------------------------------------------- -- security > mailing list security@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/security > There is a DM-Steg module. But somebody would probably have to work a little more on it and put it into upstream, so it is maintained.
Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
