[dm-crypt] Re2: nuke password to delete luks header

Arno Wagner arno at wagner.name
Wed Jan 15 13:40:25 CET 2014


On Wed, Jan 15, 2014 at 12:39:44 CET, Matthias Schniedermeyer wrote:
[...]
> Assuming Law Enforcement:
> 
> Before the point in time you get into the vicinity of a LEO you can nuke 
> to your hearts content. 

Or cat /dev/zero > /dev/<lukscontainer> or simply luksFormat.

> After it's tampering with evidence, which is a 
> punishable crime of itself (As far as i know or assume. AND IANAL). That 
> the data couldn't be decrypted beforehand is insubstantial (IANAL too).
> The important thing is: You can't "react" to getting into the vicinity 
> of a LEO other that powering down your device.
> 
> Problem is: If a volume is nuked, you can't prove if that was before or 
> after that point in time. The LEO can construct a crime right there and 
> then.

Indeed. Good point.

> The documented existence of such an option is a risk by itself, because 

Yes, very much so. 

> the mere existence of "something" that looks like something nuked can be 
> a problem. Especially if a LEO asked you to enter a password, which you 
> did but it didn't work. If something that looks nuked is found after 
> that, the LEO just assumes you committed the crime of tampering with 
> evidence.

Indeed again. 

> Altough if you nuke a LUKS header completely you can't prove that the 
> data is encrypted by LUKS.
> So LEO can assume the data is encrypted with any product that you can't 
> exclude by analysing the remaining data.
> 
> For e.g. "Intact" you can determine that my encrpyted data is NOT LUKS 
> (At least not the normaly used "inline Header"-version). If i zero-out 
> the range a LUKS header normaly occupies, i can't prove anymore that the 
> data is not encrypted by (inline-)LUKS or any other product that doesn't 
> leave any distinguishing markers (after a possible header).
>
> Or for the Truecypt example:
> Try to prove that you don't have a hidden volume. It's a documented 
> feature of Truecypt, so a LEO just assumes that you use it, regardless 
> of you actually using one or not.

My advice here is to have a hidden volume and to immediately admit 
it and open it for them. You can even explain that having one with 
harmless data is the only way to prove you do not have one with 
illicit data in it. 

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list