[dm-crypt] few questions on truecrypt and luks

octane indice octane at alinto.com
Tue Apr 16 10:26:58 CEST 2013


Responding Arno Wagner <arno at wagner.name> :
> > > 3. luks doesnt support hidden volumes.
> > >
> > It does, in a way.
> 
> True. Not much worse than the TrueCrypt variant actually. 
>  
 
> The problem with hidden volumes is this: Either you have
> the risk of destroying them, or you cannot use the
> partition they are hiding in (which gives a good hint to an
> attacker), or you need to  reserve space for them
> explicitely (which gives a strong hint to the attacker). 
> 
> TrueCrypt does not do any better here. 

Truecrypt helps here:
If you know both password (normal + hidden) container,
you have a mode where you can't overwrite your
hidden datas, it helps for safety of hidden datas.

>Also keep in mind that in many situations (US border
> inspection, e.g.) the mere suspicion of a hidden 
> partition being present will be enough.
> 
But with truecrypt you can only have at most
two partitions: a normal one, and a hidden one.
So, if you're really in big trouble you can 
tell the two password, proving that there is
not anymore hidden data.

With cryptsetup method, you can have 
unlimited hidden parts, leading to
unlimited suspicions, no matter how many
password you give. 

Don't know which is worse.
-- 
Octane

Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com





More information about the dm-crypt mailing list