[dm-crypt] cryptsetup with Python subprocess + pipes

Arno Wagner arno at wagner.name
Fri Jun 24 17:28:56 CEST 2016


What I would like to see is a plausible deniability technique
that is not just a worthless tech-demo, but where the 
"plausible" part was actually well engineered with regards
to how things work in the real world and that is not limited
to a very small amount of steganographically hidden data.
So far, none exists.

The thing is, for an incompetent attacker it is already 
enough to just remove a partition from the partition table 
and re-create it at need in the same place. For a competent
attacker, the things that exist today just provide probable
cause that you are trying to hide something and hence make
things worse.

As it is, these tools are of negative worth, as they give 
users a false sense of security.

Also refer to FAQ 5.18 for my analysis of the status-quo.
The paper by Schneier et. al. I reference provides an 
excellent in-depth analysis of the problems with the idea 
of plausible deniability in a real OS environment.

Regards,
Arno

On Fri, Jun 24, 2016 at 14:16:05 CEST, Police Terror wrote:
> Here's the tool:
> 
> https://github.com/RojavaCrypto/hiddencrypt
> 
> Mostly proof of concept for now.
> 
> Would be cool in the future to work something better out by hacking
> cryptsetup itself. Maybe if there's headerless volumes (that just look
> like random data).
> 
> Multiple deniable Linux installs would be a killer feature.
> 
> Milan Broz:
> > On 06/24/2016 11:56 AM, Police Terror wrote:
> >> Ahhh yes! Thank you Diagon and Milan.
> >> I've added now the -q switch.
> >>
> >> I looked at the pycryptsetup but 2 things:
> >>
> >> 1. It's not Python 3
> >> 2. It's an extra dependency and not in the repos.
> > 
> > Fedora has both Python3 and 2 builds but other
> > distros do not compile it probably.
> > 
> > (It was designed for Anaconda installer mainly.)
> > 
> > Milan
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> > 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list