[dm-crypt] nuke password to delete luks header

Jonas Meurer jonas at freesources.org
Fri Jan 17 15:27:46 CET 2014


Am 17.01.2014 14:12, schrieb Arno Wagner:
> On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
>> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
>>> Meanwhile increasing the risk of everybody else, because once that 
>>> feature is a documented part of the system everybody will assume that 
>>> everybody will use it. Good look defending against a "Destruction of 
>>> Evidence" accusation, in case that happens in a situation with a LEO.
>>> [...]
>>> In short:
>>> The documented existence of such a feature is a risk by itself.
>>
>> Same logic applied, even the existence of this discussion is a risk by
>> itself. It proves that people might use a patched cryptsetup with added
>> nuke feature already.
> 
> Yes, it is. That is one of the reasons why I strongly recommend 
> not taking ecrypted data into danger at all and making sure all
> unused space on storage media is zeroed.

While in general I agree to your suggestion, Matthias' point rather
seems like a non-argument to me.

I agree that one should consider possible negative implications of wrong
usage of the feature in question. But I don't agree that the risk
created by "documented existance of such a feature" is an argument
against implementing it. Same logic applied again, we should stop
shipping crypto software in distributions at all just because in some
countries it might bring you into trouble, right?

Kind regards,
 jonas





More information about the dm-crypt mailing list