[dm-crypt] few questions on truecrypt and luks
jonas at freesources.org
Tue Apr 16 00:40:48 CEST 2013
Am 15.04.2013 16:59, schrieb Arno Wagner:
> On Mon, Apr 15, 2013 at 03:47:38PM +0200, octane indice wrote:
>> Responding to ".. ink .." <mhogomchungu at gmail.com> :
>>> Two differences i can think of are:
>>> 3. luks doesnt support hidden volumes.
>> It does, in a way.
> True. Not much worse than the TrueCrypt variant actually.
Ocatane, thanks for the example. Arno, thanks for additional
explanations. May I suggest adding this to the FAQ?
>> Create a loop file (or an existing partition).
>> fill it with random data (important!)
>> cryptsetup luksFormat it
>> cryptsetup luksOpen it
>> Format the crypted device with FAT32 (important!)
> Yes, as FAT32 fills a volume from the beginning.
>> Then, use loop with a high offset, e.g. more than half of the disk,
>> create a plain cryptsetup
> To avoid metadata.
>> losetup -o 10000000 device
>> cryptsetup create loop secretname
>> format it with any filesystem, copy your very secret documents in it, close
>> this partition.
>> By doing this, anyone without the knowledge of the offset + the password
>> won't be able to prove that you have datas hidden.
>> Warning, if you write more data in the first luks device than the offset
>> choosen, you destroy data (but in some case, you may want it).
>> My 2 cents.
> The problem with hidden volumes is this: Either you have the risk
> of destroying them, or you cannot use the partition they are
> hiding in (which gives a good hint to an attacker), or you need to
> reserve space for them explicitely (which gives a strong hint to the
> TrueCrypt does not do any better here. Also keep in mind that
> in many situations (US border inspection, e.g.) the mere suspicion
> of a hidden partition being present will be enough.
More information about the dm-crypt