Gregor Zattler wrote:
does loop-aes provide some kind of deniability?
Yes, if you set it up that way. For example, if you set up a computer to
first try to boot from USB-stick, and then to try hard disk boot.
disk partition Normal boot usage Forced key handover boot usage
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/dev/hda1 not used unencrypted /boot
/dev/hda2 not used encrypted root
/dev/hda3 encrypted swap, random keys encrypted swap, random keys
/dev/hda4 encrypted root encrypted /tmp, random keys
USB-stick Normal boot usage Forced key handover boot usage
~~~~~~~~~ ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/dev/sda unencrypted /boot not used
You install some small distro on /dev/hda2, and never put any secret data
there. You install your normal distro on /dev/hda4, and put your secret data
there.
On normal usage, you always boot your computer from USB-stick to encrypted
root on /dev/hda4. Key files used for encrypting /dev/hda4 and /dev/hda2 are
different, and use different gpg passphrases. If you accidentally try to
boot from hard disk, you never enter the 'key handover' passphrase. When you
are forced to reveal the 'key handover' passphrase, your computer boots to
encrypted root on /dev/hda2. You can do that only *once*, because according
to /etc/fstab on /dev/hda2 root partition, mount sets up random loop
encryption keys on /dev/hda4, and runs 'mkfs' on /dev/hda4, effectively
overwriting file system structure there. After one such 'key handover' boot,
even when used with correct key file and passphrase from your USB-stick, you
or anyone else, have significant difficulties recovering data from
/dev/hda4.