[dm-crypt] LUKS self-destruct key

Jonas Meurer jonas at freesources.org
Mon Mar 31 11:52:34 CEST 2014


Am 2014-03-31 07:17, schrieb Andrew:
> Greetings dm-crypt folks,
> 
> Is it feasable to add a self-destruct password to cryptsetup for LUKS,
> such that when this password is entered, the decryption code silently
> and deliberately overwrites all or part of the master key?

Hello Andrew,

As others already pointed out, the topic has been discussed on the
list recently. The discussion was quite controversal. And while it is
true, that the majority of expressed opinions was against implementing
the requested nuke feature, there've been quite some statements that
opposed to this majority. In my eyes, quite some valid realworld
examples have been mentioned.

You can read the full discussion thread here:
http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/7104

Please also note that Kali Linux already implemented the nuke feature
into their distribution:
http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
http://www.kali.org/how-to/nuke-kali-linux-luks/

Kind Regards,
  jonas



More information about the dm-crypt mailing list