On Mon, Jan 27, 2014 at 10:04:28 CET, Jonas Meurer wrote: > Am 2014-01-23 22:26, schrieb Milan Broz: > >Hi, > > > >as Arno said, let's split this to two parts. > > > >>1. Have a secure erase that is easy to use. [...] > >> > >>2. Have the option of unlocking a keyslot created with a specific > >> option to trigger the function implemented in 1. [...] [...] > Do you intend to protect the erase feature by asking for a password? > In that > case it will be hard to build a nuke wrapper around 'cryptsetup erase'. > Especially if the nuke password should not reveal access to > encrypted data > and merely allow to erase LUKS header. I think it should not ask for a password, but ask for confirmation, like having the user type "ERASE" in shell-interaction, unless -q/--batch-mode is given. The password would not protect better as a user that can run cryptsetup can also (but less intuitively) call luksFormat to erase the container. Incidentally, that means wrappers are already possible. (In fact, Ubuntu already demonstrated erase-on-install, abeit unintentionally, see FAQ Item 1.3.) A luksErase command is better, as it works cleaner, erasing is its primary purpose, not just a side-effect and it does not ask for a new password. > >BTW original patch is INCOMPLETE and DANGEROUS. > > > >(For example, did anyone think about cryptsetup-reencrypt? Guess > >what will > >happen if user try to *reencrypt* device with this destroy passphrase? > >Try it... or better not ;-) And there are more missing code which just > >do not convince me that it was properly thought-out work. > > Isn't that a good argument for implementing it properly upstream? ;) People making a mess of it? No. Otherwise you would have a really easy tool to force upstream to implement things. People making a mess of it is just a hint that things may be more complicated than they claim they are. A common occurence, especially with security functionality. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
