[dm-crypt] Passphrase protected key file?

Arno Wagner arno at wagner.name
Wed Aug 3 15:41:24 CEST 2011

On Wed, Aug 03, 2011 at 01:09:26PM +0100, Laurence Darby wrote:
> Iggy wrote:
> > 
> > 
> > On 07/14/2011 05:44 PM, Arno Wagner wrote:
> > > Well, I think these are borderline scenarios. Also remember than
> > > unless you are in certain states like the UK or the US, the police
> > > cannot force you to give them your passphrase. But in certain
> > > situations, these might be valid approaches. I see your point.
> > These may be a marginal percentage of total use-cases, but they may
> > also be some of the strongest cases for using strong encryption. 
> > Unfortunately in these severe cases you may protect your data, but the
> > fact that you are not able to reveal the data may not protect you from
> > the rubber hose or worse.
> > 
> That's what I've been wondering about.  In the UK with the
> RIPA act, if the key is destroyed, my guess is they will still
> send you to prison out of spite and as an example to others to
> not do that.

Or they can just claim that the "destruction" was a misdirection
and that you surely still have the key. Simple scenario:
You have a LUKS header that you do not use and really do 
plain dm-crypt with an offset inside. No way for you to prove 
you do not. Well, maybe if the unused sectors contain
unencrypted zeros.

The whole situation with authorities being able to force you 
to give up keys is really quite amoral, as you never can
conclusively prove you do not have any. It negates "in dubio
pro reo" which is a fundamental guiding principle of all
modern criminal law.
> Some other things I've been thinking about - I don't think
> TrueCrypt's plausible deniability is worth anything, it
> depends on your ability to lie to people whose job it is to
> tell when people are lying, and if they don't believe you then
> it was pointless.  So it may be useful to be able to prove
> everything has been decrypted, eg.  by comparing disk sizes of
> decrypted vs encrypted data.

I completely agree on both points. Actually this is one reason
why I recommend either not using TrueCrypt or having a hidden 
container you can turn over. TrueCrypt without hidden container
is a serious risk, expecially as the hidden container is easily 
found in the documentation, even if you do not understand crypto.

> A really bad scenario is there _isn't_ any encrypted data,
> it's just a random data, and they believe it's encrypted, then
> you are up shit creek in a barbed wire canoe and will go to
> prison for nothing.  That could even be used as an attack -
> random data and relevant decryption software could be planted
> on someone, that could ruin their day, you don't even have to
> obtain real illegal information to plant on them (until they
> make encryption software illegal, that is)

As far as I know, TrueCrypt does cryto-overwite blank space,
removing all possibility of you proving you have given them
everything. I should probably add a warning in the FAQ that
blanking an encrypted device could expose you to the rubber 
hose. Or maybe a complete section about countries that can force
you to give up keys.... :-/

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list