On Fri, Jan 17, 2014 at 15:51:16 CET, Heiko Rosemann wrote: > On 01/17/2014 02:12 PM, Arno Wagner wrote: > > On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote: > >> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer: > >>> In short: The documented existence of such a feature is a risk > >>> by itself. > >> > >> Same logic applied, even the existence of this discussion is a > >> risk by itself. It proves that people might use a patched > >> cryptsetup with added nuke feature already. > >> > >> Kind regards, jonas > > > > Yes, it is. That is one of the reasons why I strongly recommend not > > taking ecrypted data into danger at all and making sure all unused > > space on storage media is zeroed. > > ...which could, by the same logic applied earlier, make the LEO at the > border suspicious of you having destroyed evidence. Unless you provide > a proof of purchase, showing that the hard-drive is in fact new and > therefore still factory-zeroed. That is not likely to happen. First, it is only the UNused space to be zeroed, and second, the LEO is not a forensics expert. The zeroing is not for the LEO, but for some forensics tools he may be able to hook up or some real forensic examination. And there is nothing wrong with haing only zeros and non-encrypted data. Having a lot of zeros in a place where a header ro encrypted data would be might be a different story. But here we run into issues. For example, while it is recommended to overwrite a new LUKS volume (on the decrypted side), it is not done automatically. So not zeroing the LUKS header but crypto-blanking it can be just as problematic. I would say trying to get clever with encrypted containers (real-time nuke while a LEO or criminal watches, hidden containers, etc.) is not a good idea in general at this time. On the other hand, erasing data while you are free to act does not need trickery and should be legal (even if many LEOs will not like that). That is why I proposed to split the discussion: 1. Explicite erase command 2. "trickery" like an erase-password. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
