LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-01-2009, 08:07 AM   #1
lroy1978
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Rep: Reputation: 0
Encryption and plausible deniability


Hi

I'm using Debian Linux and I have a few questions regarding encryption.

I want to create a truecrypt container for a user that is automatically mounted on login, and dismounted on the user's eventual disconnection. I think this is possible using PAM.

However, I want to know if I can create a hidden container within the truecrypt container and have one login password that mounts the outer-container to the user's home directory, and then another login password that mounts the hidden container to the home directory.

So if I'm ever forced to hand over the passphrase, I give the passphrase to the outer container and not the hiddden one.

I guess this means that linux would have to accept two passwords for a single user and then pass that information on to Truecrypt. Is this possible?

Does anyone have any ideas / suggestions ?

Cheers
L
 
Old 04-01-2009, 08:15 AM   #2
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
Hi,

Couldn't you just have the user type the password. That way you just don't have the password.

You could also tell him to create an ' encrypted container' that he could mount when needed.

Just a thought.
 
Old 04-01-2009, 08:41 AM   #3
lroy1978
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the response eco.

I could do it manually, ie have the user login and then mount an encrypted container via a shell.

I would prefer (if possible) to do it automatically though. I wanted the user to sign in via gdm which would then start an XFCE session using an encrypted home directory.
 
Old 04-01-2009, 09:17 AM   #4
lukav
Member
 
Registered: Sep 2008
Distribution: Slackware & Ubuntu
Posts: 39

Rep: Reputation: 15
For those of you not familiar with TrueCrypt's hidden volume feature, you may want to read this.

lroy1978 - There is no automatic way to do this that would not give away that something else is in the encrypted file
 
Old 04-01-2009, 03:00 PM   #5
wsduvall
Member
 
Registered: Aug 2006
Posts: 92

Rep: Reputation: 16
If you had two password for a login, would that be evident in your shadow/passwd file, thus destroying your plausible deniability?

Also if you looking of PD in the US Court system, you can use external keys on a USB or Smartcard et cetera. In the US court system, if you won't give up your password, then they can put you in jail until you do. However they can't force you to give up your key. Just make sure its well hidden.

Last edited by wsduvall; 04-02-2009 at 07:41 AM.
 
Old 04-02-2009, 12:48 PM   #6
lukav
Member
 
Registered: Sep 2008
Distribution: Slackware & Ubuntu
Posts: 39

Rep: Reputation: 15
lroy1978 - Have you thought about TrueCrypt's hidden OS capability? This will seem more "automatic" as there will be a password when the machine is booting up. The OS that loads will depend on the password typed. You can read more on TrueCrypt's website here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encryption Gortex Linux - Security 5 08-19-2007 07:02 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Encryption craigs1987 Programming 1 05-01-2005 11:47 PM
Encryption shaf.rahman Red Hat 1 04-19-2005 02:59 PM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM


All times are GMT -5. The time now is 11:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration