[dm-crypt] nuke password to delete luks header

Matthias Schniedermeyer ms at citd.de
Fri Jan 17 16:16:36 CET 2014


On 17.01.2014 15:27, Jonas Meurer wrote:
> Am 17.01.2014 14:12, schrieb Arno Wagner:
> > On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote:
> >> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer:
> >>> Meanwhile increasing the risk of everybody else, because once that 
> >>> feature is a documented part of the system everybody will assume that 
> >>> everybody will use it. Good look defending against a "Destruction of 
> >>> Evidence" accusation, in case that happens in a situation with a LEO.
> >>> [...]
> >>> In short:
> >>> The documented existence of such a feature is a risk by itself.
> >>
> >> Same logic applied, even the existence of this discussion is a risk by
> >> itself. It proves that people might use a patched cryptsetup with added
> >> nuke feature already.
> > 
> > Yes, it is. That is one of the reasons why I strongly recommend 
> > not taking ecrypted data into danger at all and making sure all
> > unused space on storage media is zeroed.
> 
> While in general I agree to your suggestion, Matthias' point rather
> seems like a non-argument to me.
> 
> I agree that one should consider possible negative implications of wrong
> usage of the feature in question. But I don't agree that the risk
> created by "documented existance of such a feature" is an argument
> against implementing it.

There is a difference, it is relativly easy to prove you don't have 
anything encrypted(*), but it's hard to prove you didn't use a 
documented part of the encryption software you are using.

So, the mere existance of encryption software doesn't increase the risk 
of people not using encryption software as there is a "provability" of 
not using encryption. The same "provability" is NOT given in the case of 
"nuking" or e.g. the "Hidden Volumes"-Feature of Truecrypt.



*: Ignoring Steganography

-- 

Matthias


More information about the dm-crypt mailing list