[dm-crypt] Tcrypt hidden volume

Arno Wagner arno at wagner.name
Tue Jul 2 03:05:38 CEST 2013


On Mon, Jul 01, 2013 at 09:17:03PM +0200, Milan Broz wrote:
> On 1.7.2013 12:33, Jan Janssen wrote:
> >Hi,
> >
> >while testing how the tcrypt passphrase + keyfile logic works, I
> >realized that there doesn't seem to be a way to protect the hidden
> >volume from being damaged by writes to a mounted outer volume like
> >truecrypt does. I think this deserves a warning in the man page
> >since this is a potential data loss.
> 
> Yes, you are right. There is no protection of hidden volume once
> outer volume is mounted.
> (BTW the protection itself reveals hidden volume existence.)
> 
> Protection can be done on DM (kernel level) quite easily
> (map this linear part to virtual zero or error target masking
> out the data underneath) but it would require quite big changes
> in cryptsetup wrapper (which was meant to be simple 1:1 mapping).
> So I decided to ignore this problem for now...
> 
> But yes, there should be some note in man page.

I have just added one. It seems to me that the TrueCrypt
documentation itself is fuzzy in this issue. The page
at http://www.truecrypt.org/docs/hidden-volume
does describe how it works and it is easy to conclude 
that opening the outer volume can compromise the inner 
one, but there is no clear warning to that effect. 
Also missing is a warning that having an outer volume 
that has not been mounted forever and only has old data
is suspicuous in itself. I think the idea of hidden volumes
is not too useful at this time. There would need to be a 
way to regularly use the outer volume to change that.
Not that I have any idea how to do that without giving 
away that there _is_ a hidden volume.

Anyways, added both warnings to the man-page in git.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list