* Arno Wagner <arno@xxxxxxxxxxx> wrote: > No to nitpick, but my approach would be to not boot the computer > at all, but remove the drive and copy it (e.g. attached by USB) > on a different machine. But thats not always possible with todays technology. You can seal the crypto keys for your data to your bootloader+kernel+initrd, so no one except your own binaries will ever get the keys. Adding txt security features from current intel systems you have runtime secure boot, so no one will be able to break into your bootsequence. So it will only be possibel to decrypt the data on exactly this box with exactly this initrd+kernel. Though the attacker can restore the destroyed luks header from backups. The real problem imho is that with this feature you are actively destroying evidence. Even trying to to this will get you into _real_ problems, instead of just refusing to give out the keys or admit that this isn't just random data. > Oh, and btw, having cryptographically strong randomness on a drive is also > a risk. Come to think of it, I do secure wipoes by mounting with dm-crypt > and random password, then overwrite with ordinary prng-randomness. There is > no way I can prove I do not have the key or the data was random. But that > alone should protect me here. I usually do a whipe with dm-crypt + random password followed by dd with /dev/zero. Much less trouble, just in case someone takes a closer look. michael -- It's already too late! --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
