[dm-crypt] nuke password to delete luks header
arno at wagner.name
Fri Jan 17 14:12:09 CET 2014
On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
> > On 16.01.2014 20:33, Milan Broz wrote:
> >> But I cannot say that all possible situations comes under this qualification.
> >> Maybe it can help someone in dangerous situation to not leak some important data
> >> which later help others. Dunno.
> >> Still it doesn't mean it is worth to be implemented but let's think
> >> at least twice here please.
> > Meanwhile increasing the risk of everybody else, because once that
> > feature is a documented part of the system everybody will assume that
> > everybody will use it. Good look defending against a "Destruction of
> > Evidence" accusation, in case that happens in a situation with a LEO.
> > Same as the hidden volume "feature" of Truecypt which everybody will
> > assume you use, because it's such a swell feature. (Plausible
> > deniabilty? Yeah sure <snort>)
> > In short:
> > The documented existence of such a feature is a risk by itself.
> Same logic applied, even the existence of this discussion is a risk by
> itself. It proves that people might use a patched cryptsetup with added
> nuke feature already.
> Kind regards,
Yes, it is. That is one of the reasons why I strongly recommend
not taking ecrypted data into danger at all and making sure all
unused space on storage media is zeroed.
However, the risk gets more serious if it is a standard feature.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt