SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This concerns the practice of filling the partition with random data prior to formatting as luks etc. I filled a partition with random data a while ago and ran an encrypted lvm on it; I would like to change the primary partition set up and put a new lvm on it-do I need to re-fill the new partitions with random data or will the drive still be protected having been written over entirely in the past?
Yep. I wouldn't worry too much about it. The idea behind filling the disk with random data is so that an attacker can't identify what is encrypted data and what is just noise. Even without that noise, cryptanalysis is going to be challenging for any but the professionals, and lets face it, there are easier ways. (xkcd: 538)
"Plausible deniability" is a two-edged sword. You can't prove you've not used it either, so they'll just keep hitting you with that $5 wrench asking for a password that you can't possibly provide them with.
Yep. I wouldn't worry too much about it. The idea behind filling the disk with random data is so that an attacker can't identify what is encrypted data and what is just noise. Even without that noise, cryptanalysis is going to be challenging for any but the professionals, and lets face it, there are easier ways. (xkcd: 538)
"Plausible deniability" is a two-edged sword. You can't prove you've not used it either, so they'll just keep hitting you with that $5 wrench asking for a password that you can't possibly provide them with.
Your argument is flawed. In order for your statement to true it would require that:
A) The deniability isn't plausible, hence the guy with the wrench isn't convinced.
B) The guy with the wrench would actually stop hitting you if he knew you gave the real password and he still didn't like what he found.
If you have plausible deniability, then it should fool an unsophisticated attacker with a wrench.
But even if that was the case, what makes you think anything you can say will is going to make the guy stop hitting you with the wrench anyways?
C) Plausibility isn't enough and he's looking for certainty.
Can't really see the CIA going; "Yeah... there might not be a hidden volume inside this truecrypt volume, so lets let this guy go. No need to waterboard him any more"
If you use something like LUKS that contains nice big headers saying that it's a luks encrypted volume and which doesn't have plausible deniability features then it either unlocks or it doesn't, and you don't get extra waterboarding "just to be on the safe side".
I stand by my statement that Plausible deiniability is a two-edged sword. Uncertainty doesn't always work in your favour.
C) Plausibility isn't enough and he's looking for certainty.
Can't really see the CIA going; "Yeah... there might not be a hidden volume inside this truecrypt volume, so lets let this guy go. No need to waterboard him any more"
That's my point. Either they will be inclined to suspect a hidden volume (whether there's any evidence of one or not), in which case you're screwed anyways.
OR if the deniability was actually plausible there would be no suspicious evidence to suggest a hidden volume and when you give up a password (any password) you're done.
In which case I don't see why you said my original statement was 'flawed' as we seem to be arguing the same point.
Anyway, it was just a throwaway comment and not worth spending any more time on.
I was saying that if it was truly "plausibly deniable" then it wouldn't have any bearing on how much you got hit with the hammer. In the real world, how much you get hit with the hammer is probably not dependent on whether or not you use hidden stores. It's probably more dependent on who's pissed off at you. ;-)
ok so if you were committing crimes, you would have to have evidence of such to something that you could bargain away. All the serious crimes would be on the hidden volume.
Fake taxes or finantial info would be easier to fake but quick to validate and they could just beat you for the hardcopies.
I was saying that if it was truly "plausibly deniable" then it wouldn't have any bearing on how much you got hit with the hammer. In the real world, how much you get hit with the hammer is probably not dependent on whether or not you use hidden stores. It's probably more dependent on who's pissed off at you. ;-)
Ahh, yes, I'll concede that. If the guy with the hammer is having fun playing "this little piggy!" then you're pretty much screwed.
What kind of terrible things are you people up to that you are worried about being tortured for your passwords!?
That's a kind of joke. I do take this stuff seriously, though.
In my opinion, the best form of deniable encryption would be the "rubberhose" type. My understanding is that this would allow you to have two passwords, a real one and a fake one. The real password unlocks your real partition, while the fake one unlocks the decoy partition. These two partitions would be "layered" above one another. Either one of these file systems, once unlocked, would appear to be a standard encrypted partition. Obviously, if you ever find yourself being tortured for the password you give them the fake one. They will unlock the partition and find your decoy files and, hopefully, fall for it.
Examples of this type of encryption include, rubberhose, PhoneBookFS, and StegFS.
I think that StegFS is the most recent of these. Sadly it suffers from some strange features: "[It is] a lossy file system: writing a file to the file system may overwrite an existing file."
What kind of terrible things are you people up to that you are worried about being tortured for your passwords!?
lol. I'm not falling for that one!
If you want to find out about my secret picture of Lord Lucan riding Shergar or my "Plan to bring chaos to the world by replacing the cherries in Chocolate Coated Cherries with rotten mayonnaise", then you'll just have to tor.... OH!.. nuts..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.