[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Tue Jan 14 05:30:42 CET 2014


On Tue, Jan 14, 2014 at 03:52:37 CET, Jim O'Gorman wrote:
> On 13 Jan 2014, at 21:41, .. ink .. wrote:
> >> This situation is very common for us in situations where systems may be
> >> inspected by parties that may not be friendly to us. Border crossings
> >> are a common example of this.

I Assume you have seen my posting of what may happen to you
if you try this stunt? If not, here is a reference:

http://permalink.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/7090

The problem is that the customs-person cannot distinguish between
a "nuked" LUKS header or one with passphrases you do not have or
one with passphrases you do have but refuse to give out. Sure, 
"nuking" could be done in a way that zeros the keyslots, making
it obvious. Could sill mean sitting in prison several weeks until
a forensics expert has the time to verify your claim. 

Even than, you could have placed a plain dm-crypt container at the
data-offset that you actually have the password for.

I think that in your scenario, "nuke" does not have any real
advantages over just not having the passphrase, and that one
is dangerous.


> >>
> > whats the recommended answer to give in such situation where an encrypted
> > volume is clearly visible since its LUKS but you are unable to open it when
> > asked by authorities since you nuked all key slots?If you cant open the
> > volume and If you are not believed,then any answer you will give most
> > likely will not be believable and hence "the password was XXX but it now
> > doesnt work because i nuked it" is just as believable as "i dont remember
> > the password" or "i dont know the password,i am just carrying the laptop
> > for a friend".
> 
> Personally, I think the "right" answer is going to be different for
> everyone and we can only speak to what we do.

In many cases the only right answer is not to get into that situation
in the first place. 

Never give "i am just carrying the laptop for a friend"!  That is the 
usual drug-mule story and customs may immediately recognize it as such.
 
> We feel strongly about not lying in these sort of situations. I agree,
> that a lie and a truth is very much the same and hard to separate one from
> the other for a front line individual such as a normal customs agent. 
> However, its better not to complicate the situation.  So, we will
> truthfully say:
> 
> "As a matter of company policy, no employees travel with sensitive data
> stored in a manner that is accessible in transit.  As such, I have no way
> of accessing any of the data on this system."
> 
> Realistically, in the vast majority of the cases this is perfectly
> adequate as all they are really looking to do is ensure the device is a
> real working laptop and not a bomb of some sort.  

Not true: In many cases, including UK and US, they are searching
for "illicit" material, like specific types of pornography and, 
I suspect, unlicensed music and movies. And they will check 
business laptops also.

While not lying is the right approach, it could still mean a few 
weeks in a cell. If that riek is covered by your contracts and
your employees are willing to risk it, that may be acceptable.

> In cases where you may
> be suspected of transferring contraband they will often have other
> supporting evidence.  As all the work we do is sensitive, but legitimate,
> this is not an issue that we lose any sleep over.

Until it goes wrong. I hope you have a good layer well versed in the
law of your target countries.

But, no, nothing in gere is a good case for a "nuke" option. It is
just a slight variant of the "I do not have the passphrase" version, 
and that is fully supported by LUKS as it is.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list