wiki log of #dragonfly irc channel

Dmitri Nikulin dnikulin at gmail.com
Fri Mar 9 01:53:13 PST 2007


On 3/9/07, Helge Rohde <heroh at gmx.de> wrote:
Which is precisly why i always envyid that windoze partition encryption
thingy, cant remember the name now, but it provides 2 keys, one will open the
(actual) container and another one will open another encrypted container with
all legal and perfectly harmless files. That way they cannot crack down on
you for destruction of evidence (what second password ? häh? no idea what you
mean!). But afaik theres is no such thing on any of the BSD systems. Which is
sad, because -as you point out pretty precisely - it refutes most of the
points file/HD encryption could be useful for - They will just order you to
give them the PW as soon as they find an encrypted Partition/File.
As clever as this is, isn't it obvious to anyone investigating that
the decrypted partition is much smaller than the encrypted one? Or
however it's split - maybe it's two partitions. I don't know, I
haven't heard of this.
The problem with that scheme is that it requires re-associating the
keys (or their hashes, or whatever) with the containers. So while it
is fine in a highly opaque, secret-based system like Windows, in any
Unix everything is too transparent to hide an association like that.
Even if you keep it in the kernel, the information has to be reloaded
somehow, and as soon as authorities find out it exists they'll just
detect it in use on your machine. It's unreasonable to expect you can
hide it - as soon as you use it they'll know for whatever reason.
I guess the best you can do is sort-of rootkit yourself, and hide the
information even from the kernel (e.g. df, fdisk, etc). They can't
fault you for using a kernel that doesn't match any public kernel
checksums. A really smart investigator will boot from a live CD and
use a trusted kernel, but you can claim you use a homebrew encryption
module and that their kernel won't work with it. It's like the inverse
of trusted computing - using the technology against yourself so it's
also against anyone investigating you.
You know what? Talking about this has probably earned us our own
investigation squads. The unmarked vans are probably outside right
this moment.
---
Dmitri Nikulin
Centre for Synchrotron Science
Monash University
Victoria 3800, Australia





More information about the Users mailing list