[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Thu Jan 16 13:01:51 CET 2014


On Thu, Jan 16, 2014 at 10:50:22 CET, Ondrej Kozina wrote:
> On 01/15/2014 09:27 PM, Milan Broz wrote:
> >On 01/14/2014 05:30 AM, Arno Wagner wrote:
> >>I think that in your scenario, "nuke" does not have any real
> >>advantages over just not having the passphrase, and that one
> >>is dangerous.
> >
> >Well, this idea is not new and I responded very similar months ago.
> >http://code.google.com/p/cryptsetup/issues/detail?id=110#c1
> >
> >But seems there is a lot of people in disagreement.
> >
> >I was quite surprised that most of people from
> >our university security&crypto lab I met today and asked
> >(to have some other opinions) said that despite "nuke password"
> >has very limited use it is worth to have something like that...
> >
> >Sigh... :)
> 
> In that case, let me join you with my humble Sigh as well.
> 
> >But what I really want to avoid is that every distribution will
> >add some random patches implementing something like this.
> >
> >It is perhaps better to implement and document this upstream.
> 
> Ok, I just think that this new feature is quite heavily disputed
> already. This is perhaps third discussion I found on that topic in a
> few minutes of searching. Please, make "nuke password" option
> configurable so that it can be easily removed from any distribution
> that wouldn't agree with arguments for including it.

Good idea!

Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list