[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Tue Jan 7 01:01:12 CET 2014


On Mon, Jan 06, 2014 at 22:01:56 CET, R3s1stanc3 wrote:
> 
> Hi
> today I read this post by the developers of Kali Linux:
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
> 
> I think, this is a really great feature and should be officially added
> to the cryptsetup source.
> So I wrote Milan and he told me, that there would be no additional
> security, because an "attacker will simple first backup header and then
> use this (or will use key from memory if device is mounted)."

And he is right. There are border-cases though: If you, for example, 
cross the border of some unnamed but well-known states and they ask
you to unlock your LUKS container (a low/no-suspicion situation; on
medium and above suspicion they will already mirror your disk first), 
entering your nuke password will make you unable to do so.

Now, have you won or lost? 

You have lost. First, they will arrest you because you fail to unlock 
your computer. If you are unlucky, they will find the nuke-patch or 
its effects and suspect you of having nuked the container (and maybe 
find out that you indeed did). Then they will not only hold you for 
deportation, but maybe a few years imprisonment first for "destroying 
evidence". Or maybe a long time without trial for being a "terrorist 
suspect".

If you do this on an SSD, all data may still be there anyways. 

If they look at this stuff on medium or higher suspicion and
find the nuke-password option, then you may be screwed in a 
similar fashion, just because of this. 

So, no, this does not add security, but it can get you into 
really bad trouble, including a significant time in prison.

(Yes, it should not, but authoritarian regimes do not have laws 
based on ethics or benefit to its citizens. They have sbverted the 
idea of "the law" to make it an effective instrument of oppression, 
i.e., a weapon against ordinary people. This tendency can now be 
observed in the western world in several places.)	 

My advice for the use-case "border crossing" is to not have 
encrypted data or suspicious data of any kind in the first 
place. If you have encrypted data, immediately and without 
question, allow them access to it.

If you need confidental data in such a situation, download it
later over the net, PGP/GnuPG is still out of the TLA's ability
to break is the passphrase is good. 

> He also told me to move the discussion to the mailinglist and if we
> would find some valuable use case, they would think about it.
> So now I'm here
> In my opinion, a valuable use case would be the following case:
> If you got the possibility to access your computer for a few seconds,
> before an attacker does, you simply could enter your nuke password and
> delete the luks header. This would be much faster, than entering your
> real password, booting your system and deleting the header, using the
> system's tools
> 
> Are there any other ideas of valuable use cases?

That is not an use case. That is merely a description of a technical
situation. A use-case needs a credible real-world situation of some 
detail, see my border-crossing example. It is just way to easy to come 
up with higly abstracted technical situations that do not have any 
real-world equivalent or are missing important real-world aspects, 
such as effects from using the technical feature. 

And, yes, this has been discussed time and again, without ever finding
a situation where it helps and quite a few where it harms. I will add
an FAQ entry for this, I think. But please, feel free to try for
any real-world use-cases. If there are any credible ones, I will add
them to the FAQ entry as well.

Arno 
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list