On Wed, Oct 10, 2007 at 05:30:34PM -0600, Gavin Wahl wrote: > I was reading the LUKS specification and noticed that revoking a > user's key does nothing to stop them from accessing the encrypted > partition if they have stored the master key from the > partition. Once given access, they can decrypt and store the master > key, and nothing short of changing the master key can prevent future > access. Indeed. That is as intended. Key revocation does not serve to make encrypted data unavailable. Key revocation is for declaring a signature-key no longher trustworthy or a crypto key no longer fit to be used to encrypt additional data. In anutshell it is an advisory that tells people: "From now on, do not trust this key." If you want to remove access from encrypted data, you have to either erase all copies of the encryption key (may be difficult) or to erase the encrypted data itself (easy, but takes time). It looks like for modertn harddisk a single overwrite with zeros is already enough to make recovery impossible, but there is no hard proof aither way. For added security, do 2-3 passes with random data in addition to the zero-pass. Arno -- Arno Wagner, Dipl. Inform., CISSP --- CSG, ETH Zurich, wagner@xxxxxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
