Re: Emergency destruction of LUKS partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/30/2013 10:52 AM, Eric H. Christensen wrote:
> Someone asked me about this recently and I haven't had a chance to
> fully wrap my head around the solution but thought it was an
> interesting scenario.
> 
> Background: Someone knows you have encrypted your computer using
> LUKS.  They convince you to enter (or otherwise provide) your
> passphrase via the large wrench method[0].
> 
> Realcrypt method: There is plausible deniability (if properly
> implemented) whereas you could provide the person with the
> alternate passphrase which would give them access to a portion of
> the encrypted partition but not your real working partition.
> 
> LUKS: There is no way to provide plausible deniability.
> 
> Proposed solution: LUKS provides four key slots to use for
> decrypting a partition.  How about have one key slot that when used
> immediately implements a deletion of the encrypted partition (or at
> least the key record).
> 
> Thoughts?
> 
> [0] http://www.xkcd.org/538/
> 
> -- Eric

Because they'll be using a cloned copy most likely. If not you're now
guilt of destruction of evidence. Truecrypt's plausible deniability is
much better, "emergency deletion/crypto shredding is not effective.

There are commercial devices you can plugin that will then let the
attacker clone the system easily while the system is running:

http://www.linux-magazine.com/Issues/2012/140/Security-Lessons-Hacking-Hardware/(language)/eng-US

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSSa56AAoJEBYNRVNeJnmTeeMP/2LM3Q0m7EvK3UaF4GIQyWPU
mAdgQ4gBiJgRByX2fNT10feGkvi+slTOUSlya4u8R2iya11lvIVKR4aNplC2D9eh
BzYB5dbDXYpv5CR3AnQivRbe4ZJFRayLzOdgzfMNWHen/QenNupKs0ZfTjVpTqcD
JVkaCLg5kl5A1iQ2qz0GBdGMC2+7yj+CEOHUrig8NtsySu1O8UWuv3j51JLOGIkW
/cUBo2AUYqHwDb0a/10oihnF7or/+g5dQOYeKlqHoHUMQHemqz31GalWUjIbP0VS
kpcJbost4nrWlEXEtWNZPBUI3bOdyQnvJUFqGkwe0fBsMVs0S+04VunO0gSF8Ly7
pgriFkxEbVnLOSLHpVfs0EvBIsvxYU/ffCBGempDZHaQij8cMZat9NtF3TH6bnOi
yj7aqL/Y5jMzAf/j3NUEVrkfrURUCWrw7umdB+1Zz6j7qIG6U496UtWqpAIywCWe
zAuao3UgaKoKUb2uqIbFez/xZCSi/CVSik/RsTd/g5QxW+EpcJBKcZgb044s9l1a
ZiWykwl8MLR7ZNa80P8amPRT2678fICUNc42acDq4RNLXme/befBywythtMkl0Gp
AZ5zM4BYDfNFa1LskMwxEW7MZpeJVUxumwB6DMkgglK5GjTJW0h7/vPQkGXxBAsD
NCPNu+GzLNrrQw9hVKrB
=0k9E
-----END PGP SIGNATURE-----
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux