[dm-crypt] nuke password to delete luks header
arno at wagner.name
Sat Jan 18 20:18:29 CET 2014
On Sat, Jan 18, 2014 at 13:42:10 CET, Claudio Moretti wrote:
> On Sat, Jan 18, 2014 at 8:43 AM, Arno Wagner <arno at wagner.name> wrote:
> > The mob has IT security experts and will not allow this person to
> > trick them.
> Fair enough
> > > Without diving into further examples concerning the safety of the people
> > > someone holds most dear, I believe this is the perfect example.
> > For my option 1. "erase container while still free to act" it is
> > a valid example. For option 2. "try to trick adversaries while
> > already in their power", it is just as bad as all the others.
> "try to trick" is the keyword here, and we can circle back to something
> you said (more or less) before: is there any case in which trying to trick
> someone is going to give you any benefits?
> I suppose for every specific case there is a possible counter-response (see
> my mob example and your answer). Still, real life is not so black and
> white, so maybe it could be possible to trick someone.. But here it all
> depends by the person trying to trick (and his or her skills in lying) so...
Just my point. It depends on personal skill far more than on
technical thing and not everybody is "The Mentalist" and can
trick people easily.
The other thing is that in cases where you have a good chance of
pulling it off, "I forgot it" or "I don't know" may work just as
well as trying a technical trick, but the risks of the technical
trick are far far worse. If they are about to torture you, on the
other hand, they will also make that forensic copy and the "nuke"
option is worthless. Really, "nuke" only helps if they are willing
to put so much pressure on you that you fear you cannot refuse
giving the password (whether directly, or by "I do not know it")
but on the other hand, they are incompetent enough to not make
that forensic copy.
I really do not see this combination happen with any relevant
probability, except maybe in a war area or the like. But that
is something we should definitely place out of scope for LUKS.
In such cases password and data should travel two distinct
paths and should not travel at the same time.
Incidentally, for very high value data, that method is used
in peace-time as well, namely have one group take that
encrypted data and have a second group take the password and
do not have both out of a protected environment at the same
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt