LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-12-2011, 10:52 AM   #1
Phorize
Member
 
Registered: Sep 2005
Location: UK
Distribution: Slackware
Posts: 226

Rep: Reputation: 29
Encrypted LVM


Hi All. More questions about encrypted LVMs.

This concerns the practice of filling the partition with random data prior to formatting as luks etc. I filled a partition with random data a while ago and ran an encrypted lvm on it; I would like to change the primary partition set up and put a new lvm on it-do I need to re-fill the new partitions with random data or will the drive still be protected having been written over entirely in the past?

Kris
 
Old 05-12-2011, 12:17 PM   #2
kgs
Member
 
Registered: Apr 2011
Posts: 34

Rep: Reputation: 4
You only have to fill the disk with random data once, so long as you always use encryption on it.
 
1 members found this post helpful.
Old 05-12-2011, 02:28 PM   #3
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
Yep. I wouldn't worry too much about it. The idea behind filling the disk with random data is so that an attacker can't identify what is encrypted data and what is just noise. Even without that noise, cryptanalysis is going to be challenging for any but the professionals, and lets face it, there are easier ways. (xkcd: 538)
 
1 members found this post helpful.
Old 05-12-2011, 10:38 PM   #4
lumak
Member
 
Registered: Aug 2008
Location: Phoenix
Distribution: Arch
Posts: 799
Blog Entries: 32

Rep: Reputation: 111Reputation: 111
TrueCrypt has Plausible deniability. Additionally if you never remember your pass because you use a micro sd keycard, you can at least destroy it.
 
Old 05-13-2011, 07:01 AM   #5
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
"Plausible deniability" is a two-edged sword. You can't prove you've not used it either, so they'll just keep hitting you with that $5 wrench asking for a password that you can't possibly provide them with.
 
Old 05-13-2011, 12:19 PM   #6
Phorize
Member
 
Registered: Sep 2005
Location: UK
Distribution: Slackware
Posts: 226

Original Poster
Rep: Reputation: 29
Quote:
Originally Posted by GazL View Post
Yep. I wouldn't worry too much about it. The idea behind filling the disk with random data is so that an attacker can't identify what is encrypted data and what is just noise. Even without that noise, cryptanalysis is going to be challenging for any but the professionals, and lets face it, there are easier ways. (xkcd: 538)

LOL. True.
 
Old 05-13-2011, 02:45 PM   #7
DragonWisard
Member
 
Registered: Sep 2004
Location: MD, USA (D.C. Suburbs)
Distribution: Slackware
Posts: 95

Rep: Reputation: 53
Quote:
Originally Posted by GazL View Post
"Plausible deniability" is a two-edged sword. You can't prove you've not used it either, so they'll just keep hitting you with that $5 wrench asking for a password that you can't possibly provide them with.
Your argument is flawed. In order for your statement to true it would require that:
A) The deniability isn't plausible, hence the guy with the wrench isn't convinced.
B) The guy with the wrench would actually stop hitting you if he knew you gave the real password and he still didn't like what he found.

If you have plausible deniability, then it should fool an unsophisticated attacker with a wrench.
But even if that was the case, what makes you think anything you can say will is going to make the guy stop hitting you with the wrench anyways?
 
Old 05-13-2011, 04:39 PM   #8
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
C) Plausibility isn't enough and he's looking for certainty.

Can't really see the CIA going; "Yeah... there might not be a hidden volume inside this truecrypt volume, so lets let this guy go. No need to waterboard him any more"


If you use something like LUKS that contains nice big headers saying that it's a luks encrypted volume and which doesn't have plausible deniability features then it either unlocks or it doesn't, and you don't get extra waterboarding "just to be on the safe side".


I stand by my statement that Plausible deiniability is a two-edged sword. Uncertainty doesn't always work in your favour.
 
Old 05-13-2011, 05:29 PM   #9
DragonWisard
Member
 
Registered: Sep 2004
Location: MD, USA (D.C. Suburbs)
Distribution: Slackware
Posts: 95

Rep: Reputation: 53
Quote:
Originally Posted by GazL View Post
C) Plausibility isn't enough and he's looking for certainty.

Can't really see the CIA going; "Yeah... there might not be a hidden volume inside this truecrypt volume, so lets let this guy go. No need to waterboard him any more"
That's my point. Either they will be inclined to suspect a hidden volume (whether there's any evidence of one or not), in which case you're screwed anyways.

OR if the deniability was actually plausible there would be no suspicious evidence to suggest a hidden volume and when you give up a password (any password) you're done.
 
Old 05-13-2011, 06:20 PM   #10
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
In which case I don't see why you said my original statement was 'flawed' as we seem to be arguing the same point.

Anyway, it was just a throwaway comment and not worth spending any more time on.
 
Old 05-13-2011, 06:32 PM   #11
DragonWisard
Member
 
Registered: Sep 2004
Location: MD, USA (D.C. Suburbs)
Distribution: Slackware
Posts: 95

Rep: Reputation: 53
Quote:
Originally Posted by GazL View Post
In which case I don't see why you said my original statement was 'flawed' as we seem to be arguing the same point.

Anyway, it was just a throwaway comment and not worth spending any more time on.
I was saying that if it was truly "plausibly deniable" then it wouldn't have any bearing on how much you got hit with the hammer. In the real world, how much you get hit with the hammer is probably not dependent on whether or not you use hidden stores. It's probably more dependent on who's pissed off at you. ;-)
 
Old 05-14-2011, 02:22 AM   #12
lumak
Member
 
Registered: Aug 2008
Location: Phoenix
Distribution: Arch
Posts: 799
Blog Entries: 32

Rep: Reputation: 111Reputation: 111
ok so if you were committing crimes, you would have to have evidence of such to something that you could bargain away. All the serious crimes would be on the hidden volume.

Fake taxes or finantial info would be easier to fake but quick to validate and they could just beat you for the hardcopies.
 
Old 05-14-2011, 03:52 AM   #13
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
Quote:
Originally Posted by DragonWisard View Post
I was saying that if it was truly "plausibly deniable" then it wouldn't have any bearing on how much you got hit with the hammer. In the real world, how much you get hit with the hammer is probably not dependent on whether or not you use hidden stores. It's probably more dependent on who's pissed off at you. ;-)
Ahh, yes, I'll concede that. If the guy with the hammer is having fun playing "this little piggy!" then you're pretty much screwed.
 
Old 05-14-2011, 05:23 AM   #14
kgs
Member
 
Registered: Apr 2011
Posts: 34

Rep: Reputation: 4
What kind of terrible things are you people up to that you are worried about being tortured for your passwords!?

That's a kind of joke. I do take this stuff seriously, though.

In my opinion, the best form of deniable encryption would be the "rubberhose" type. My understanding is that this would allow you to have two passwords, a real one and a fake one. The real password unlocks your real partition, while the fake one unlocks the decoy partition. These two partitions would be "layered" above one another. Either one of these file systems, once unlocked, would appear to be a standard encrypted partition. Obviously, if you ever find yourself being tortured for the password you give them the fake one. They will unlock the partition and find your decoy files and, hopefully, fall for it.

Examples of this type of encryption include, rubberhose, PhoneBookFS, and StegFS.

I think that StegFS is the most recent of these. Sadly it suffers from some strange features: "[It is] a lossy file system: writing a file to the file system may overwrite an existing file."

Last edited by kgs; 05-14-2011 at 05:28 AM.
 
Old 05-14-2011, 06:22 AM   #15
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,250
Blog Entries: 18

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
Quote:
Originally Posted by kgs View Post
What kind of terrible things are you people up to that you are worried about being tortured for your passwords!?
lol. I'm not falling for that one!

If you want to find out about my secret picture of Lord Lucan riding Shergar or my "Plan to bring chaos to the world by replacing the cherries in Chocolate Coated Cherries with rotten mayonnaise", then you'll just have to tor.... OH!.. nuts..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted setup w/ LVM Alexvader Slackware 10 12-21-2009 06:36 PM
Kubuntu 9.04 and Encrypted LVM tmerriam Ubuntu 3 05-02-2009 05:33 PM
Encrypted LVM mashcaster Linux - Security 1 12-19-2008 12:17 PM
Ubuntu 7.10 on encrypted LVM - boots not! taylorkh Ubuntu 6 01-27-2008 09:06 AM
Encrypted LVM needs a initrd Zmyrgel Slackware 3 09-10-2006 10:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration