[dm-crypt] Duress mode?
arno at wagner.name
Thu Aug 15 12:28:02 CEST 2013
yes, this is asked occasionally. But it is basically worthless
in a forensic scenario (as the forensic analyst will only work
on copies) and not much worth otherwise either.
Basically the only scenario where it would have limited worth is one
where no copy was made before forcing you to enter the passphrase.
In that situation, you can simply refuse to enter the passphrase
and about the same should happen to you that happens when it is
discovered that you wiped the header. In fact, wiping the header
could get you an additional "sabotage" or "destroying evidence"
A typical scenario would be a border inspection. But for that
scenario it is better to not have any problematic data on
your disk in the first place and transfer it later via a
secure connection (ssh, scp).
In basically any other scenario, the attacker will have a copy
of your data and a duress code will be completely ineffective.
Hence it does not solve the problem it is intended to solve (as
that problem is not solvable in software) and represents the
additional problem that people may not understand that and
endanger themselves as a result. Consequentially, there is
no "duress mode" in LUKS.
On Thu, Aug 15, 2013 at 02:45:13AM -0700, strife at riseup.net wrote:
> First, I am sorry because I guess I am not the first person to ask this.
> Still, I could not find any answer via search engines. Point me at
> relevant threads in the archive if possible.
> I found "pam_confused", a PAM layer to run code after entering a "duress
> code".  I am looking for the same for cryptsetup, and I wonder what
> steps would be necessary to make it more easy for people to be able to
> specify a duress code that wipes LUKS headers, for example.
> Are there any efforts made in that direction? Do you think this would be a
> good thing to have by default in <distribution>?
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt