-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Rosales wrote: > On a somewhat related note, I was thinking it would be cool to build in a > self-destruct mechanism into cryptsetup- IE if a specific password is > entered twice, have it destroy the keyblock of the encrypted disk. Thoughts? I've been playing around with such a thing lately, only it's been a feature of the /init shellscript within an initramfs rather than a function of cryptsetup. As I understand it, overwriting the first megabyte or so of a partition encrypted with LUKS should destroy the keyblock, so the code basically /bin/dd's the biggest file inside the initramfs (/sbin/cryptsetup, in my case) into every partition listed in /proc/partitions. I haven't rigged the script up to trigger after /x/ failed passphrases, rather, whenever a certain passphrase is given by the user. - -- Eric Grejda - Security Engineer, the Prometheus Group PGP: 3651F89F / D04B D4D0 E5E2 5746 7CB7 05CA 1C92 4610 3651 F89F -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpd0HsACgkQHJJGEDZR+J8miwCeLHJPlCgSsLXYMSA2wykYU0Dj XswAoIGxYUMV4vqpgPumSE3TMvfyJhVi =OrUT -----END PGP SIGNATURE----- --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
