Re: Plain dm-crypt

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Plain dm-crypt

From:	Vladimir 'phcoder' Serbinenko
Subject:	Re: Plain dm-crypt
Date:	Thu, 29 Oct 2015 09:49:53 +0100

On 29 Oct 2015 6:24 am, <address@hidden> wrote:
>
> Actually, plain dm-crypt has one distinct advantage to LUKS, and that is one of plausible deniability. In some countries, you can be court-ordered to decrypt the contents of a device if it can be proven that encrypted contents exist. With LUKS, there is no denying it; with plain dm-crypt and its lack of an encryption header, the device could just as well have been overwritten with random data.
>
> I boot my OS off of an encrypted thumb drive in libreboot using "cryptomount -a (usb0)",
-a already means "all". Having to indicate usb0 manually is already a proof that you have an unmarked cryptocontainer. Moreover this line exactly illustrates my point: what is usb0 depends on other plugged device and even his fast they are and may vary from boot to boot. I'm not quite convinced you can deny this line plausibly
>so UUIDs don't matter to me at all. I understand that for most users, this will not be the case, but I'm sure that there are enough of us out there who could really make use of this feature.
>
> Also, for those like myself who want this feature for reasons of plausible deniabilty, patching it ourselves is not an option, as going to that length to include the feature would indicate that we are most likely using it, thus throwing plausible deniability out the window. In other words, to keep it plausible, it would have to be a stock feature across the board.
>
> Chris
>
>
> On 2015-10-27 11:10, Vladimir 'phcoder' Serbinenko wrote:
>>
>> There are patches for it but they will not be integrated as plain dm-crypt
>> has no advantages compared to LUKS and cannot be configured reliably when
>> device names change as they have no UUID
>> Le 27 oct. 2015 8:20 AM, <address@hidden> a écrit :
>>
>>> Hello;
>>> I apologize if this question has already been asked. A web search didn't
>>> turn anything up. Are there any plans to include plain dm-crypt support in
>>> a future version of grub?
>>>
>>> Thank you.
>>> Chris
>>>
>>> _______________________________________________
>>> Grub-devel mailing list
>>> address@hidden
>>> https://lists.gnu.org/mailman/listinfo/grub-devel
>>>
>>
>> _______________________________________________
>> Grub-devel mailing list
>> address@hidden
>> https://lists.gnu.org/mailman/listinfo/grub-devel
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Plain dm-crypt, christopher . toews, 2015/10/27
- Re: Plain dm-crypt, Vladimir 'phcoder' Serbinenko, 2015/10/27
  - Re: Plain dm-crypt, Andrei Borzenkov, 2015/10/27
  - Re: Plain dm-crypt, christopher . toews, 2015/10/29
    - Re: Plain dm-crypt, Vladimir 'phcoder' Serbinenko <=
    - Re: Plain dm-crypt, christopher . toews, 2015/10/29
    - Re: Plain dm-crypt, Daniel Kahn Gillmor, 2015/10/30

Prev by Date: Re: [PATCH v3 0/4] arm64: Add Xen boot support (via fdt)
Next by Date: Re: [PATCH v3 0/4] arm64: Add Xen boot support (via fdt)
Previous by thread: Re: Plain dm-crypt
Next by thread: Re: Plain dm-crypt
Index(es):
- Date
- Thread