[dm-crypt] nuke password to delete luks header

.. ink .. mhogomchungu at gmail.com
Tue Jan 14 05:04:35 CET 2014


> We feel strongly about not lying in these sort of situations. I agree,
> that a lie and a truth is very much the same and hard to separate one from
> the other for a front line individual such as a normal customs agent.
> However, its better not to complicate the situation. So, we will truthfully
> say:
>
>
perhaps the best way to pass sensitive data through unsuspecting customs
agent is to hide an encrypted volume under a normal file system.

with cryptsetup,the way to do it would be:
1. start with a block device like a usb stick
2. blank it out with random data.
3. put a regular file system like vfat at the beginning of the device.
4. put an encrypted plain volume somewhere at the back of the device.

If someone ask to see whats on the drive,you just open it with udisks or
any other mounting tool and show them its contents.
If they take the drive and check it out in their window's machine,they will
see a regular fat file system and they will be non the wiser.They will have
to inspect the drive with forensic tool first to see high quality random
data at the back of the file system and at this point,you can play the
plausible deniability thing but they wouldnt do this if they didnt already
suspect you are carrying something they want.

The above seem like a better alternative than a crippled LUKS volume.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140113/84ef77f5/attachment.html>


More information about the dm-crypt mailing list