[dm-crypt] Re2: nuke password to delete luks header
ms at citd.de
Wed Jan 15 12:39:44 CET 2014
On 15.01.2014 11:00, Jonas Meurer wrote:
> Am 2014-01-15 07:01, schrieb Arno Wagner:
> >Huh? I think you do not understand my arguments at all.
> >A) It puts people in danger
> >I do not think I need to repeat how dangerous, disconnected from
> >reality and stupid this approach is, do I? Your "analysis" shows
> >perfectly why having a "nuke" option is not a good idea. People
> >will start taking risks (carrying sensitive data, trying to nuke
> >in a dangersous situation) they would otherwise not take because
> >they will wrongly think this method protects them.
> >Here is a real-world scenario: You do not nuke, but you pretend
> >to give a password, yet it is invalid. Guess what, before
> >a forensic examination, this behaves exactly the same as "nuke"!
> >After a forensic examination, they _will_ suspect you of having
> >nuked the password in the nukle case. Not good at all.
> I fail to see the point of your "dangerous" argument. A lot of
> things/tools/techniques are able to put people in danger. Still
> they're useful. With the same logic, you could argument against
> cryptography in general. People could actually forget the password
> and see themselves confronted with a bad evil person/institution/
> state who tries to force them to tell the password.
> There's quite some situation where being accused of having nuked
> the password is not a problem at all. In german law for example,
> you're not required to help investigative authorities with their
> investigations. Actually, it's not a criminal action to destroy
> your data. Indeed it is, if the data itself is criminal. But that
> has to be proved first, which might be much harder in case that
> it's not recoverable anymore.
> As I tried to explain above, I still see legitimate scenarios
> for using a nuke password function.
> In cases where using the feature makes things worse, people
> should not use it. But this decision has to be made by the
> individuals themselves. Not implementing a feature because
> people could use it in a stupid way is not an argument, is it?
> I agree with you, that controversal features need some extra
> protection and documentation. But this can be fixed easily:
> the process of setting a nuke password could include a big
> fat warning and point to further documentation.
> The argument against false sense of security again could be
> used for every security technique. People do need to understand
> the limitations of security and cryptography. That's what
> documentation is for (and by the way: your FAQ is a great
> example of doing documentation right. Thanks for your work on
Assuming Law Enforcement:
Before the point in time you get into the vicinity of a LEO you can nuke
to your hearts content. After it's tampering with evidence, which is a
punishable crime of itself (As far as i know or assume. AND IANAL). That
the data couldn't be decrypted beforehand is insubstantial (IANAL too).
The important thing is: You can't "react" to getting into the vicinity
of a LEO other that powering down your device.
Problem is: If a volume is nuked, you can't prove if that was before or
after that point in time. The LEO can construct a crime right there and
The documented existence of such an option is a risk by itself, because
the mere existence of "something" that looks like something nuked can be
a problem. Especially if a LEO asked you to enter a password, which you
did but it didn't work. If something that looks nuked is found after
that, the LEO just assumes you committed the crime of tampering with
Altough if you nuke a LUKS header completely you can't prove that the
data is encrypted by LUKS.
So LEO can assume the data is encrypted with any product that you can't
exclude by analysing the remaining data.
For e.g. "Intact" you can determine that my encrpyted data is NOT LUKS
(At least not the normaly used "inline Header"-version). If i zero-out
the range a LUKS header normaly occupies, i can't prove anymore that the
data is not encrypted by (inline-)LUKS or any other product that doesn't
leave any distinguishing markers (after a possible header).
Or for the Truecypt example:
Try to prove that you don't have a hidden volume. It's a documented
feature of Truecypt, so a LEO just assumes that you use it, regardless
of you actually using one or not.
More information about the dm-crypt