[dm-crypt] nuke password to delete luks header

Jim O'Gorman jim at offensive-security.com
Tue Jan 14 03:10:14 CET 2014


> Hi
> today I read this post by the developers of Kali Linux:
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
...
> Are there any other ideas of valuable use cases?
>
> greets R3s1stanc3

Hi there! We were just pointed to this discussion so thought we would chime in.

The practical application of this functionality is real for us. This is not an academic issue for us, as we will often travel in the real world with large amounts of encrypted data to areas where high speed internet is not accessible. Please check a common use case we deploy very often, that we documented at http://www.kali.org/how-to/nuke-kali-linux-luks/

In that, we mention:

> Our main purpose for introducing this feature in Kali Linux is to simplify the process of securely traveling with confidential client information. While “LUKS Nuking” your drive will result in an inaccessible disk, it is possible to backup your keyslots beforehand and restore them after the fact. What this allows us to do is to “brick” our sensitive laptops before any travel, separate ourselves from the restoration keys (which we encrypt), and then “restore” them to the machines once back in a safe location. This way, if our hardware is lost or otherwise accessed midway through our travels, no one is able to restore the data on it, including ourselves.
>
> There are other ways to delete your keyslots, however the advantage of the Nuke option is it is quick, easy, and does not require you to fully login to your Kali installation. If you maintain a backup of your header, you can Nuke the keyslots whenever you feel uncomfortable. Then conduct a restoration when you feel secure.

This situation is very common for us in situations where systems may be inspected by parties that may not be friendly to us. Border crossings are a common example of this.

I am not a big believer in the concept of providing the nuke password to this unfriendly third party, but more of using it yourself without having to fully log into the system (with the assumption that you travel with the systems fully powered off). The Nuke option, for us makes this process of deleting the keys quick, simple, and error proof. Having the ability to restore the data later on makes this practical to do on a regular basis. 

Additionally it is important to be realistic about who your adversary is. Is it really a nation state? Or is it simply a customs agent? We don't think its practical to cover all threats with a function like this, and we don't believe that "if you can't do it all, its better to do nothing". Remember, that in most cases when you can't/won't give up an encryption password in the US the hardware is simply taken from you. You don't go right to jail unless there is other suspicion to justify incarceration. 

Thanks everyone!
-- 
Jim O'Gorman
jim at offensive-security.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 710 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140113/269b0884/attachment.asc>


More information about the dm-crypt mailing list