[dm-crypt] Pass+keyfile

0x14 at unseen.is 0x14 at unseen.is
Tue Dec 2 03:43:53 CET 2014


> No bad logic so far, I overlooked that you use plain devices
> and that you seem to be after some form of plausible deniablility,
> not after increased security. Sorry.

Some form of increased security with help of plausible deniability :-p
I assumed it sounds and looks like another snake oil, so I came here for 
professional opinion :)

> So if that is your goal, that would work. But be aware that
> you always have to type the full (long) command in and that
> you must make sure it does not end up on disk (shell history),
> otherwise it becomes obvious the two things are not random.

Actually, I was writing a bash script to simplify things a bit before I 
realize I need to clarify things here :) And I know about HISTIGNORE and 
stuff.

What`s your opinion anyways? You do support some "plausible deniability" 
efforts with reservations, as I understood. Writing simple bash wrapper 
around common used cryptsetup commands is not hard, does it worth using 
it as I described after all? Will that "encrypted keyfile" decrease 
security in any way?


More information about the dm-crypt mailing list