[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Plausible deniability

To: linux-crypto@xxxxxxxxxxxx
Subject: Plausible deniability
From: Christian <neodaxus@xxxxxxx>
Date: Sat, 31 Jul 2004 03:13:52 +0100
In-reply-to: <410A88A6.D2823C7F@users.sourceforge.net>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <410733D5.2080000@gmx.net> <4107CB0B.166416D0@users.sourceforge.net> <41087F2F.2070105@gmx.net> <200407291044.01246.venkat@rayservers.com> <4109C3EC.2050605@gmx.net> <410A88A6.D2823C7F@users.sourceforge.net>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Hi!

Encrypted swap is working now, however when I first generated the 64 random encryption keys, swap wasn't. So I'm worried if I better create and memorize a new passphrase, or doesn't it matter since I created new 64 keys when I really had encrypted swap working?

Also, is someone aware of howtos or best practices for allowing root encryption and plausibe deniability for protecting e.g. against "lead-pipe" attackers or a provisional court order (which later could be sentenced as unlawful)?

What do you think about adding these issues to your README, Jari? (I saw that you already wrote about this at http://www.spinics.net/lists/crypto/msg01063.html)

> Lead-pipe dudes can't demand a password for encrypted swap partition > because encrypted swap keys are erased at power off or 'swapoff -a' > time. In other words, your real root partition is disguised as unused > encrypted swap partition.

But lead-pipe dudes (or legal enforcement dudes) would probably wonder why you have 2 swap partitions, one of them totally oversized and not in use. Isn't is possible to disguise real root as an unformatted partition?

Everyone enjoy their weekend!

Christian

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Plausible deniability
  - From: alan
- Re: Plausible deniability
  - From: Jari Ruusu

References:
- Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
  - From: Christian
- Re: Encrypted swap, suspend, README, root encryption, potential weaknesses,NSA, dual-ciphers
  - From: Jari Ruusu
- Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
  - From: Christian
- Re: Encrypted swap, suspend, README, root encryption, potential weaknesses, NSA, dual-ciphers
  - From: Venkat Manakkal
- Choosing the passphrase, encrypted swap, naming the kernel
  - From: Christian
- Re: Choosing the passphrase, encrypted swap, naming the kernel
  - From: Jari Ruusu

Prev by Date: Re: Installed Secure [was Re: Trying to set up root encryption with loop-AES on SuSE 9.1]
Next by Date: Re: Plausible deniability
Previous by thread: Re: Choosing the passphrase, encrypted swap, naming the kernel
Next by thread: Re: Plausible deniability
Index(es):
- Date
- Thread