[dm-crypt] nuke password to delete luks header
arno at wagner.name
Mon Jan 27 13:44:46 CET 2014
On Mon, Jan 27, 2014 at 10:04:28 CET, Jonas Meurer wrote:
> Am 2014-01-23 22:26, schrieb Milan Broz:
> >as Arno said, let's split this to two parts.
> >>1. Have a secure erase that is easy to use. [...]
> >>2. Have the option of unlocking a keyslot created with a specific
> >> option to trigger the function implemented in 1. [...]
> Do you intend to protect the erase feature by asking for a password?
> In that
> case it will be hard to build a nuke wrapper around 'cryptsetup erase'.
> Especially if the nuke password should not reveal access to
> encrypted data
> and merely allow to erase LUKS header.
I think it should not ask for a password, but ask for confirmation,
like having the user type "ERASE" in shell-interaction, unless
-q/--batch-mode is given.
The password would not protect better as a user that can run
cryptsetup can also (but less intuitively) call luksFormat to
erase the container.
Incidentally, that means wrappers are already possible.
(In fact, Ubuntu already demonstrated erase-on-install,
abeit unintentionally, see FAQ Item 1.3.) A luksErase
command is better, as it works cleaner, erasing is its
primary purpose, not just a side-effect and it does
not ask for a new password.
> >BTW original patch is INCOMPLETE and DANGEROUS.
> >(For example, did anyone think about cryptsetup-reencrypt? Guess
> >what will
> >happen if user try to *reencrypt* device with this destroy passphrase?
> >Try it... or better not ;-) And there are more missing code which just
> >do not convince me that it was properly thought-out work.
> Isn't that a good argument for implementing it properly upstream? ;)
People making a mess of it? No. Otherwise you would have a really
easy tool to force upstream to implement things. People making
a mess of it is just a hint that things may be more complicated
than they claim they are. A common occurence, especially with
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt