[dm-crypt] nuke password to delete luks header

Jonas Meurer jonas at freesources.org
Fri Jan 17 13:43:42 CET 2014


Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
> On 16.01.2014 20:33, Milan Broz wrote:
>>
>> But I cannot say that all possible situations comes under this qualification.
>> Maybe it can help someone in dangerous situation to not leak some important data
>> which later help others. Dunno.
>>
>> Still it doesn't mean it is worth to be implemented but let's think
>> at least twice here please.
> 
> Meanwhile increasing the risk of everybody else, because once that 
> feature is a documented part of the system everybody will assume that 
> everybody will use it. Good look defending against a "Destruction of 
> Evidence" accusation, in case that happens in a situation with a LEO.
> 
> Same as the hidden volume "feature" of Truecypt which everybody will 
> assume you use, because it's such a swell feature. (Plausible 
> deniabilty? Yeah sure <snort>)
> 
> 
> In short:
> The documented existence of such a feature is a risk by itself.

Same logic applied, even the existence of this discussion is a risk by
itself. It proves that people might use a patched cryptsetup with added
nuke feature already.

Kind regards,
 jonas



More information about the dm-crypt mailing list