[dm-crypt] nuke password to delete luks header

Milan Broz gmazyland at gmail.com
Mon Jan 27 21:30:08 CET 2014


On 01/27/2014 10:04 AM, Jonas Meurer wrote:
>> For 2, (aka self destroy passphrase) - I tried to read the discussion 
>> again
>> and I am really not convinced yet we want it.
> 
> Do you intend to protect the erase feature by asking for a password? In 
> that
> case it will be hard to build a nuke wrapper around 'cryptsetup erase'.
> Especially if the nuke password should not reveal access to encrypted 
> data
> and merely allow to erase LUKS header.

No, only usual YES/no question should (will) be there
(which can be switched off with batch -q option as in other commands).

The luksKillSlot is doing exactly the same, just for one keyslot.

Actually, it is just simple code as
  for all active keyslots:
     crypt_destroy_slot()

>> BTW original patch is INCOMPLETE and DANGEROUS.
>>
>> (For example, did anyone think about cryptsetup-reencrypt? Guess what 
>> will
>> happen if user try to *reencrypt* device with this destroy passphrase?
>> Try it... or better not ;-) And there are more missing code which just
>> do not convince me that it was properly thought-out work.
> 
> Isn't that a good argument for implementing it properly upstream? ;)

I think this argument was mentioned by me :) But I think we have found better
way how to implement it without this feature.
Avoiding upstream to become bloatware is also important ;-)

...

> While I see your argument, reencryption takes a lot more time than using 
> a
> nuke feature. Both features serve completely different purposes.

Sure, it was just a complain about features importance...

(And btw there is in git already function to change only header (hash)
without reencrypting the whole device. This will be a workaround
to solve bad gcrypt whirlpool case. Once gcrypt 1.6.1 is out...)
...

> And if you merely want to destroy access to the data, overwriting it is 
> still
> better than reencrypting, isn't it?

Yes, and removing key with "erase" command should do the same quickly as well.

Milan


More information about the dm-crypt mailing list