[dm-crypt] LUKS self-destruct key
heiko.rosemann at web.de
Mon Mar 31 22:51:15 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 03/31/2014 10:17 PM, Andrew wrote:
> On Mon, 31 Mar 2014 15:06:12 +0200 Arno Wagner <arno at wagner.name>
>> On Mon, Mar 31, 2014 at 14:19:29 CEST, Andrew wrote: [...]
>>> I read the thread -- interesting reading (Gmane seems a little
>>> off for me at the moment though.)
>>> A few points that were not raised directly by anyone are:
>>> * Some of the worst attackers *do* lack technical skills.
>>> While various interest groups do have technical experts, less
>>> skilled persons may try their hand first, and succeed in
>>> destroying the evidence. Terrorism has lately tended towards a
>>> cell structure. A particular cell may not have access to
>>> adequate technical resources, while not lacking "skills" like
>>> kidnapping, robbery and torture of those they target.
>> Even the dumbest attackers have seen the movies where the magic
>> computer destroys all data when the wrong password is entered.
> This is not true.
Well, the number of attackers which is knowledgeable enough to detect
a luks device and figure out that they need a password to open it (or
stupid enough to just type a password at an unknown prompt), but not
knowledgeable enough to make a backup before trying is probably
insignificant, I'm even leaning towards zero.
>> And when you come to any writing about compouter forensics, the
>> first rule is always to never work on originals.
> This is not relevant.
Yes it is. Because it's not only in any writing but also common sense.
If the attacker works on a backup and still has the original,
destroying the backup does not help anybody. This is what renders all
your further points moot.
I can see exactly one use case for a "destroy password" and that has
been discussed in the thread mentioned above and all the neccessary
tools have been implemented in the form of the luksErase command. In
short: The data is more valuable than your life _and_ you have a few
seconds of time on your computer _before_ the attacker takes control
over it. You could implement it in such a way as the machine looks for
a key on a USB stick and if none is found, runs luksErase instead of
luksOpen, or by booting from a USB stick with a working system but
when booting from the HDD (when the USB stick is missing) it runs
eMails verschlüsseln mit PGP - privacy is your right!
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the dm-crypt