[dm-crypt] nuke password to delete luks header

Milan Broz gmazyland at gmail.com
Wed Jan 15 21:27:07 CET 2014

On 01/14/2014 05:30 AM, Arno Wagner wrote:
> I think that in your scenario, "nuke" does not have any real
> advantages over just not having the passphrase, and that one
> is dangerous.

Well, this idea is not new and I responded very similar months ago.

But seems there is a lot of people in disagreement.

I was quite surprised that most of people from
our university security&crypto lab I met today and asked
(to have some other opinions) said that despite "nuke password"
has very limited use it is worth to have something like that...

Sigh... :)

But what I really want to avoid is that every distribution will
add some random patches implementing something like this.

It is perhaps better to implement and document this upstream.

Anyway, you have to manually create such key.
And cryptsetup never blocked you from shooting yourself in
the foot if you really want.

>From the pure technical POV (ignoring the use case discussion)

The principle is ok (it should be implemented on libcryptsetup
level, so it works from every GUI extension etc).

But I do not like the details:

- we do not need additional luksAddNuke command, switch like
"--use-slot-destruction-key" option to luksAddKey is enough

- I do not like that special key is all zeroes.
(This is sometimes used for testing etc).

IMHO "nuke key" should be linked to exact header key
(if you copy this keyslot area to another LUKS header it
should not work there).
To be extra paranoid, I think nuke key should be randomized.

This can be done e.g. if nuke key contains some salt, part
of real key fingerprint (from LUKS header) and some magic string.

- I think that "nuke" keyslot should remain active.
(not really sure about this)



More information about the dm-crypt mailing list