[dm-crypt] Passphrase protected key file?

Laurence Darby ldarby at tuffmail.com
Wed Aug 3 14:09:26 CEST 2011


Iggy wrote:

> 
> 
> On 07/14/2011 05:44 PM, Arno Wagner wrote:
> > Well, I think these are borderline scenarios. Also remember than
> > unless you are in certain states like the UK or the US, the police
> > cannot force you to give them your passphrase. But in certain
> > situations, these might be valid approaches. I see your point.
> These may be a marginal percentage of total use-cases, but they may
> also be some of the strongest cases for using strong encryption. 
> Unfortunately in these severe cases you may protect your data, but the
> fact that you are not able to reveal the data may not protect you from
> the rubber hose or worse.
> 

That's what I've been wondering about.  In the UK with the RIPA act, if
the key is destroyed, my guess is they will still send you to prison
out of spite and as an example to others to not do that.

Some other things I've been thinking about - I don't think TrueCrypt's
plausible deniability is worth anything, it depends on your ability to
lie to people whose job it is to tell when people are lying, and if
they don't believe you then it was pointless.  So it may be useful to
be able to prove everything has been decrypted, eg. by comparing disk
sizes of decrypted vs encrypted data.

A really bad scenario is there _isn't_ any encrypted data, it's just
a random data, and they believe it's encrypted, then you are up shit
creek in a barbed wire canoe and will go to prison for nothing.  That
could even be used as an attack - random data and relevant decryption
software could be planted on someone, that could ruin their day, you
don't even have to obtain real illegal information to plant on them
(until they make encryption software illegal, that is)

Laurence


More information about the dm-crypt mailing list