[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Thu Jan 16 22:24:18 CET 2014


Difficult to answer in general. On a magnetic disk, it could
be implemented in a way that the header and _any_ of its
features are impossible to recover and the only thing left
is an indicator of encrypted data. On a hubrid disk or SSD,
it gets far more murky. The "sneak in" depends on the 
implementation. If it is an additional flag (bad, as this
would require modification of the ehader), then yes. 
If decryption yields a modified master key or some special 
value derived from the master key, then no. 

Arno

On Thu, Jan 16, 2014 at 21:28:55 CET, .. ink .. wrote:
> if this feature is implemented as proposed.Can somebody tell a LUKS volume
> has a "kill switch" simply by looking at the LUKS header?
> 
> do destroyed key slots leaves traces of their destruction? ie,can a person
> know a slot was once used simply by looking at the LUKS header?
> 
> if this feature is implemented as proposed, can somebody "sneak in" a "kill
> switch" by modifying a used/unused slot manually?

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list