Re: cryptsetup: encrypted filesystem on your N900
 

Hi,

cryptsetup seems to work fine,
but with your kernel cameras are not working.

(mplayer show only green screen, build-in camera tool
report "failed to start")

n.

Re: cryptsetup: encrypted filesystem on your N900
 

please have a look at this brainstorm http://talk.maemo.org/showthread.php?t=34563

Re: cryptsetup: encrypted filesystem on your N900
 

You have something else going on unrelated then. I have been using the camera a lot in the past week (and in the past day) and it's going fine.

Re: cryptsetup: encrypted filesystem on your N900
 

Overwriting the file with urandom is unnecessary and not really helpful. The underlying device uses wear leveling, so your data remains on the physical device. What yoou gain is that the data is not accessible by simply reading blocks of the mmc. But you gain this, no matter what you write, even all zeros. It is actually best to write all ones, as that requires no write to flash (only erase), so causes the least wear for the device. If the mmc controller is smart, it might even improve the chance that it will erase the actual nand sectors that contain the data you want to wipe.

In short - write /dev/zero or all ones, but don't use /dev/urandom, it is a waste of good entropy.

Re: cryptsetup: encrypted filesystem on your N900
 

Nothing is being overwritten. We're not trying to erase anything here, this is before data has been written. The idea is to make it so it can't be seen how much data has been written to the filesystem. In other words, if you have a 100 meg filesystem with 99 megs of zeros, it's known there is 1 meg of data that needs to get cracked. If it's all filled with random/encrypted data, then the attacker doesn't know how much real data is there.

Re: cryptsetup: encrypted filesystem on your N900
 

Could you please supply an argument for why an attacker would care about the size of data stored on the encrypted device? No matter the amount of data, it's still encrypted and if you picked good enough a passphrase and enough bits in the key, it will still take as much time to crack, no matter what the attacker knows.

Or have I completely misunderstood what one does when mounting and supplying the passphrase/key?

Re: cryptsetup: encrypted filesystem on your N900
 

First, there are situations where just knowing that something is there is equally as good (or as bad) as knowing what is there.

Second, by analyzing the exact size it is possible to help to infer what kind of information is there.

Third, it is a lot easier to perform cryptanalysis when the exact size is known.

Re: cryptsetup: encrypted filesystem on your N900
 

@jebba

Did you try to store N900 personal data in the encrypted file? In other words, did you try to encrypt the partition that N900 stores personal information?

My idea is simple. I want my personal info (contacts, alarms, emails, pins, etc) to be unavailable if my device is stolen or lost.

Since there is nothing big deal (I just don't want my pictures, PINs and contacts being posted to the Internet or to credit card scammers), i could use a really fast but not so state of the art encryption...

Re: cryptsetup: encrypted filesystem on your N900
 

So, you're thinking about "plausible deniability"? If you get pulled over in customs and have your phone device searched, you want to be able to deny that there's anything on it without them being able to find out?

I understand the need in that situation, but it's not related to actually finding out what's stored on the device.

Eh? File systems typically work in blocks. Within blocks you get fragmentation, half a block per file on average. So, by looking at the amount of blocks that are used (if that's something that you can infer) would give you an accuracy of half a block.

I'd say that it's very hard to find "the exact size" without actually reading the file system which requires decryption.

See above.

Re: cryptsetup: encrypted filesystem on your N900
 

I haven't really used this on my N900 except a month ago or so and just that "it works". I do use something similar on my laptop for years for the reasons you describe above.