[dm-crypt] nuke password to delete luks header

Matthias Schniedermeyer ms at citd.de
Thu Jan 16 21:18:37 CET 2014


On 16.01.2014 20:33, Milan Broz wrote:
> 
> But I cannot say that all possible situations comes under this qualification.
> Maybe it can help someone in dangerous situation to not leak some important data
> which later help others. Dunno.
> 
> Still it doesn't mean it is worth to be implemented but let's think
> at least twice here please.

Meanwhile increasing the risk of everybody else, because once that 
feature is a documented part of the system everybody will assume that 
everybody will use it. Good look defending against a "Destruction of 
Evidence" accusation, in case that happens in a situation with a LEO.

Same as the hidden volume "feature" of Truecypt which everybody will 
assume you use, because it's such a swell feature. (Plausible 
deniabilty? Yeah sure <snort>)


In short:
The documented existence of such a feature is a risk by itself.



-- 

Matthias


More information about the dm-crypt mailing list