Re: LUKS emergency self-destruct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/13/2014 03:57 AM, Paladin wrote:
> Hi, does anyone know if there is plan to implement this: 
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ in
> Arch?
> 
> Patch https://github.com/offensive-security/cryptsetup-nuke-keys is
> not too big and IMHO it would be great to have this option..
> 
> Patch is for 1.6.1 but it cannot be that difficult to port it to 
> 1.6.3 which we have.
> 

If you use this, be careful that you're using it for the right thing.
Unfortunately the way it's implemented makes it seem like it's purpose
is something that it's not.

The intent is for it to be an easy and fast way to destroy the key
information (and optionally recover it if you have a backup), when you
are in a SAFE environment. A convenient alternative to manually doing
it with dd and a live CD.

It's not intended to be an "If I'm tortured I can enter the duress
password and it will destroy the keys" feature. Obviously, your
torturers (or law enforcement (they can be the same thing)), will
clone the disk and make you enter your password into the cloned system.

Just a warning.

- -- 
Taylor Hornby
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS1FEXAAoJEP5tMebkC3Ru7oEP+gPNCGgmyi0ovRLLZhwb+BV8
jU0+6MYKFYoZiTCe3VGSWsOBdAp1J14+f7q0NkG24fFvmlN6g8WYfHGsENGjn1ZO
JrsPSMwD3rl7C9pEKS2zCzGlVhQcTgUTwkz7KaWqhoaZ2XoGTdSL3N9Hdkpl1hxo
VreJC4hpBF42ON+3Up6ZUCPsgY67U2kGe5Mz4CZxm7uDKa15CtqFsbcUQIN+Ep0m
e2VzztRZECz7NVYbcAPFA+XXWG5gU8lGNL29j8I49sdjZfOQGSsmM0VUDpXMfaN6
OLeOP1i/oBCQ/5AUMZJu/EK5xsbO+vTauAPSHCvxy1Go9lugYcxTYU2LdwrPFnDH
2rWCwRijyARoKvF+hsrfuXTPOSzH5jhnw827DQfL/PsimkWv1C0ZkbYqDEpy9cT9
/13TGonoOfm0uMgOvG2y9A7ZA8Z7OsqPXSKvZG/iife5q4513Lry9o8EwKOzIyNp
yuiVD5o1ZW+fcBi11mlUu2D2wrKDp9YGBOUbRb2yHzgapjJ92Dh6L/kCVlC179AX
ZnJqjXOltuGYLFCpZPmBXSYaMkt5rLkVvoD7X1NETNHRDUOucdRo3sxWT9ZAWOve
o01J0y7QKH/eJQgJCObHlGQjdsCM9iFMPuEBodXwDH+FpZrodgvSJ3+BhoA0IUVX
Rub5n0E/8OsuzGEU3mp6
=hll7
-----END PGP SIGNATURE-----


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux