[dm-crypt] nuke password to delete luks header

Heiko Rosemann heiko.rosemann at web.de
Fri Jan 17 15:51:16 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/17/2014 02:12 PM, Arno Wagner wrote:
> On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
>> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
>>> In short: The documented existence of such a feature is a risk
>>> by itself.
>> 
>> Same logic applied, even the existence of this discussion is a
>> risk by itself. It proves that people might use a patched
>> cryptsetup with added nuke feature already.
>> 
>> Kind regards, jonas
> 
> Yes, it is. That is one of the reasons why I strongly recommend not
> taking ecrypted data into danger at all and making sure all unused
> space on storage media is zeroed.

...which could, by the same logic applied earlier, make the LEO at the
border suspicious of you having destroyed evidence. Unless you provide
a proof of purchase, showing that the hard-drive is in fact new and
therefore still factory-zeroed.

This train of thought goes some very ugly ways very quickly, and
probably boils down to: Social problems can't be solved by technology.

Just my 2 cents,
Heiko
- -- 
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEUEARECAAYFAlLZQ2AACgkQ/Vb5NagElAWsHgCgqnwGDuagmZXMG5Ej6L3mDIpg
n5sAlj/brCK9og9w10oypThJisAVNaY=
=eHzo
-----END PGP SIGNATURE-----


More information about the dm-crypt mailing list