[dm-crypt] nuke password to delete luks header

Arno Wagner arno at wagner.name
Mon Jan 27 13:44:46 CET 2014

On Mon, Jan 27, 2014 at 10:04:28 CET, Jonas Meurer wrote:
> Am 2014-01-23 22:26, schrieb Milan Broz:
> >Hi,
> >
> >as Arno said, let's split this to two parts.
> >
> >>1. Have a secure erase that is easy to use. [...]
> >>
> >>2. Have the option of unlocking a keyslot created with a specific
> >>  option to trigger the function implemented in 1. [...]
> Do you intend to protect the erase feature by asking for a password?
> In that
> case it will be hard to build a nuke wrapper around 'cryptsetup erase'.
> Especially if the nuke password should not reveal access to
> encrypted data
> and merely allow to erase LUKS header.

I think it should not ask for a password, but ask for confirmation,
like having the user type "ERASE" in shell-interaction, unless
-q/--batch-mode is given. 

The password would not protect better as a user that can run 
cryptsetup can also (but less intuitively) call luksFormat to 
erase the container.

Incidentally, that means wrappers are already possible. 
(In fact, Ubuntu already demonstrated erase-on-install, 
abeit unintentionally, see FAQ Item 1.3.) A luksErase 
command is better, as it works cleaner, erasing is its 
primary purpose, not just a side-effect and it does
not ask for a new password. 
> >BTW original patch is INCOMPLETE and DANGEROUS.
> >
> >(For example, did anyone think about cryptsetup-reencrypt? Guess
> >what will
> >happen if user try to *reencrypt* device with this destroy passphrase?
> >Try it... or better not ;-) And there are more missing code which just
> >do not convince me that it was properly thought-out work.
> Isn't that a good argument for implementing it properly upstream? ;)

People making a mess of it? No. Otherwise you would have a really 
easy tool to force upstream to implement things. People making
a mess of it is just a hint that things may be more complicated
than they claim they are. A common occurence, especially with 
security functionality.


Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -  Plato

More information about the dm-crypt mailing list