[dm-crypt] nuke password to delete luks header
arno at wagner.name
Tue Jan 14 15:34:03 CET 2014
On Tue, Jan 14, 2014 at 13:05:32 CET, .. ink .. wrote:
> > No, if you crypto-blank it, it will not. But you need to protect
> > the additional container against overwriting in some way. One
> > way is to not write the outer container at all. This is obvious,
> > as it is going to be either old and not written for a long time
> > or brand-new, i.e. container has been creatded for the border-
> > crossing. The way TC does it by preventing writes to that
> > area is likely to leacve traces of the failed writes.
> Its possible to use the first volume normally without harming the hidden
> one by not filling up the out volume
> to near capacity.If you dont cross past 30% volume utilization of the outer
> volume,then the hidden volume will be
> safe.This assumes using a proper file system and fat seem to be the best
> one to use since its the most advanced
> among the simplest file systems.
While I have not looked at it for some time, the last time I looked,
FAT did a create-at-end Strategy. This way the data "wanders" over
the partition towrds the end. ext2/3/4 will create files all over
the disk in the first place.
> The scenario i am working with says something like this,you are at a border
> cross with a external hard drive and there are 10 other people with
> external hard drives and there is a government agent who is tasked with
> examining external hard drives.What he may do is ask everybody to put their
> hard drives in a bucket and he may go through them one by one.He will take
> one,plug it in to a computer and look into it by doing file searches,then
> go to the next one and do the same.If they reach yours,plug it in and get a
> LUKS prompt,then they will call you up and ask you to open it,they will
> probably be annoyed at you for slowing them down too.Once there,bringing up
> the fifth amendment to the constitution or any other privacy related
> explanation will probably not do you any good.The more you delay them,the
> more they will be unhappy with you and the more unpleasant they will be.
> If they have no reason to suspect you have an encrypted volume hidden at
> the back of a regular file system,they will not look for it or ask you
> about it and will just go past your hard drive uneventfully,the only time
> they will examine your hard drive forensically is if you are already at the
> backroom being interrogated while your possessions are being closely
> scrutinized and they will do this most likely because they already know who
> you are and what you could be carrying and you did something stupid to draw
> suspicion to your hard drive.
> If asked if the drive has a hidden volume,you could then answer "yes" and
> proceed to do what you would have done if asked to unlock a LUKS volume or
> any other encrypted volume.
Well, if you are willing to give up a hidden volume, that would
work, I guess.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt