On Fri, Jul 17, 2009 at 01:16:04AM +0200, Michael Gebetsroither wrote: > * Arno Wagner <arno@xxxxxxxxxxx> wrote: > > No to nitpick, but my approach would be to not boot the computer > > at all, but remove the drive and copy it (e.g. attached by USB) > > on a different machine. > > But thats not always possible with todays technology. > You can seal the crypto keys for your data to your > bootloader+kernel+initrd, so no one except your own binaries will ever > get the keys. I am not talking about getting the keys, but about making a backup that defeats the destruction mechanism. > Adding txt security features from current intel systems you have runtime > secure boot, so no one will be able to break into your bootsequence. > > So it will only be possibel to decrypt the data on exactly this box with > exactly this initrd+kernel. > > Though the attacker can restore the destroyed luks header from backups. This is what I am talking about. You can try to destroy your LUKS header, but it will not work. The only thing you will accomplish is another round in torture and then another go with the backup. > The real problem imho is that with this feature you are actively > destroying evidence. Even trying to to this will get you into _real_ > problems, instead of just refusing to give out the keys or admit that > this isn't just random data. And LUKS is totally unsuitable for it, as the header can be clearly recognized. Nobody can prove otherwise if you use dm-crypt and claim it was with a random key for wiping the drive. This is still problematic, however. The only real solution are a true tamper proof module (very hard to do) or that mythical cyanide pill. > > Oh, and btw, having cryptographically strong randomness on a drive is also > > a risk. Come to think of it, I do secure wipoes by mounting with dm-crypt > > and random password, then overwrite with ordinary prng-randomness. There is > > no way I can prove I do not have the key or the data was random. But that > > alone should protect me here. > > I usually do a whipe with dm-crypt + random password followed by dd with > /dev/zero. > Much less trouble, just in case someone takes a closer look. Basically the same thing I do and I doubt it is much less trouble ;-) > michael > -- > It's already too late! Indeed. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
