[dm-crypt] nuke password to delete luks header

R3s1stanc3 r3s1stanc3 at riseup.net
Mon Jan 6 22:01:56 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi
today I read this post by the developers of Kali Linux:
http://www.kali.org/how-to/emergency-self-destruction-luks-kali/

I think, this is a really great feature and should be officially added
to the cryptsetup source.
So I wrote Milan and he told me, that there would be no additional
security, because an "attacker will simple first backup header and then
use this (or will use key from memory if device is mounted)."
He also told me to move the discussion to the mailinglist and if we
would find some valuable use case, they would think about it.
So now I'm here
In my opinion, a valuable use case would be the following case:
If you got the possibility to access your computer for a few seconds,
before an attacker does, you simply could enter your nuke password and
delete the luks header. This would be much faster, than entering your
real password, booting your system and deleting the header, using the
system's tools

Are there any other ideas of valuable use cases?

greets R3s1stanc3
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlLLGcQACgkQUaCkMJCt6r7pMAD/ahtaUWTCmuw4Q8QwdlpD/dZM
SSDgTw2U/fM6mZH618AA/0MuHeitb94r+mNVFniPBiKVz53ZtoguFXnXsczx7Qs4
=f/OJ
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDBCB4A0A.asc
Type: application/pgp-keys
Size: 21034 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140106/e57a9edc/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDBCB4A0A.asc.sig
Type: application/pgp-signature
Size: 96 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140106/e57a9edc/attachment.sig>


More information about the dm-crypt mailing list