Realtime disk encryption options
Ben Scott
dragonhawk at gmail.com
Thu Feb 22 17:29:21 EST 2007
On 2/22/07, Bill McGonigle <bill at bfccomputing.com> wrote:
>> It can actually maintain deniability by encrypting data in such a way that
>> giving one pasword decrypts to one filesystem, and different password
>> another, encrypting the data front to back for the 'right'
>> credentials, and back to front for the fake one.
>
> There must be some TrueCrypt binary in the MBR or something, right?
> And so the "bad guys" would know that it's TrueCrypt, and therefore
> know you have two passwords, right?
More importantly, if someone is after something badly enough that
they're after *you*, they're generally going to know what they're
after. Failure to produce when ordered generally results in things
like going to jail for obstruction of justice (if we're talking
standard practice), or being shot/disappeared (if we're talking
high-end conspiracy theory stuff). Of course, maybe those are better
than the alternatives if you did produce.
I also suspect the real threat is not in the direct approach (i.e.,
coercion to reveal your passphrase), but convert monitoring. Maybe
they install a keystroke logger to sniff your passphrase first, then
break down your door and confiscate everything.
Which is not to say whole disk encryption is useless. It's
particularly nice for a laptop that travels and is easily lost or
stolen. But the "two passphrase" idea sounds more like Hollywood to
me.
-- Ben
More information about the gnhlug-discuss
mailing list