[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)

To: Thomas Weinbrenner <thomas@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
From: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 21 May 2006 15:23:21 +0300
Cc: linux-crypto@xxxxxxxxxxxx
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <b224d3290605200949g5e135efai7bb97763d227136d@mail.gmail.com> <20060520185431.GA6154@genius.thomas-weinbrenner.de>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

Thomas Weinbrenner wrote:
> The timestamps will show that the files weren't accessed for months or
> even years. And there are also all those logfiles in /var/log which
> include dates. I think there will be enough proof that the system wasn't
> can't be the system you are normally using.

Q:  Why haven't files been accessed for months?
A:  Because file system superblocks contain "noatime" default mount option.

Q:  Why aren't there any log files in /var/log/* ?
A:  Because init scripts have been modified to shred and remove /var/log/*
    and some other files and directories in /var on shutdown.

In addition, a shell script, run as cron job once a week from 'normal' root
partition /dev/hda4, does these: (1) Fsck and mount /dev/hda2 (via encrypted
loop) and /dev/hda1 partitions so that their previous fsck and mount times
are updated on their superblocks. (2) Touch some decoy files and directories
from /dev/hda2 partition.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
  - From: Matthias Schniedermeyer

References:
- Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
  - From: Michael Garibaldi
- Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
  - From: Thomas Weinbrenner

Prev by Date: Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
Next by Date: Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
Previous by thread: Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
Next by thread: Re: How about deniability? (read:http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c)
Index(es):
- Date
- Thread