[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Fri Jan 17 16:10:09 CET 2014

On Fri, Jan 17, 2014 at 15:51:16 CET, Heiko Rosemann wrote:
> On 01/17/2014 02:12 PM, Arno Wagner wrote:
> > On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
> >> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
> >>> In short: The documented existence of such a feature is a risk
> >>> by itself.
> >> 
> >> Same logic applied, even the existence of this discussion is a
> >> risk by itself. It proves that people might use a patched
> >> cryptsetup with added nuke feature already.
> >> 
> >> Kind regards, jonas
> > 
> > Yes, it is. That is one of the reasons why I strongly recommend not
> > taking ecrypted data into danger at all and making sure all unused
> > space on storage media is zeroed.
> ...which could, by the same logic applied earlier, make the LEO at the
> border suspicious of you having destroyed evidence. Unless you provide
> a proof of purchase, showing that the hard-drive is in fact new and
> therefore still factory-zeroed.

That is not likely to happen. First, it is only the UNused space
to be zeroed, and second, the LEO is not a forensics expert. The
zeroing is not for the LEO, but for some forensics tools
he may be able to hook up  or some real forensic examination.

And there is nothing wrong with haing only zeros and non-encrypted 
data. Having a lot of zeros in a place where a header ro encrypted
data would be might be a different story. But here we run into 
issues. For example, while it is recommended to overwrite a new
LUKS volume (on the decrypted side), it is not done automatically.
So not zeroing the LUKS header but crypto-blanking it can be just
as problematic.

I would say trying to get clever with encrypted containers 
(real-time nuke while a LEO or criminal watches, hidden containers, 
etc.) is not a good idea in general at this time. On the other hand,
erasing data while you are free to act does not need trickery
and should be legal (even if many LEOs will not like that).

That is why I proposed to split the discussion: 1. Explicite 
erase command 2. "trickery" like an erase-password.

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

More information about the dm-crypt mailing list