[dm-crypt] nuke password to delete luks header
ms at citd.de
Fri Jan 17 16:16:36 CET 2014
On 17.01.2014 15:27, Jonas Meurer wrote:
> Am 17.01.2014 14:12, schrieb Arno Wagner:
> > On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
> >> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
> >>> Meanwhile increasing the risk of everybody else, because once that
> >>> feature is a documented part of the system everybody will assume that
> >>> everybody will use it. Good look defending against a "Destruction of
> >>> Evidence" accusation, in case that happens in a situation with a LEO.
> >>> [...]
> >>> In short:
> >>> The documented existence of such a feature is a risk by itself.
> >> Same logic applied, even the existence of this discussion is a risk by
> >> itself. It proves that people might use a patched cryptsetup with added
> >> nuke feature already.
> > Yes, it is. That is one of the reasons why I strongly recommend
> > not taking ecrypted data into danger at all and making sure all
> > unused space on storage media is zeroed.
> While in general I agree to your suggestion, Matthias' point rather
> seems like a non-argument to me.
> I agree that one should consider possible negative implications of wrong
> usage of the feature in question. But I don't agree that the risk
> created by "documented existance of such a feature" is an argument
> against implementing it.
There is a difference, it is relativly easy to prove you don't have
anything encrypted(*), but it's hard to prove you didn't use a
documented part of the encryption software you are using.
So, the mere existance of encryption software doesn't increase the risk
of people not using encryption software as there is a "provability" of
not using encryption. The same "provability" is NOT given in the case of
"nuking" or e.g. the "Hidden Volumes"-Feature of Truecrypt.
*: Ignoring Steganography
More information about the dm-crypt