Re: nuke password to delete luks header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/27/2014 10:04 AM, Jonas Meurer wrote:
>> For 2, (aka self destroy passphrase) - I tried to read the discussion 
>> again
>> and I am really not convinced yet we want it.
> 
> Do you intend to protect the erase feature by asking for a password? In 
> that
> case it will be hard to build a nuke wrapper around 'cryptsetup erase'.
> Especially if the nuke password should not reveal access to encrypted 
> data
> and merely allow to erase LUKS header.

No, only usual YES/no question should (will) be there
(which can be switched off with batch -q option as in other commands).

The luksKillSlot is doing exactly the same, just for one keyslot.

Actually, it is just simple code as
  for all active keyslots:
     crypt_destroy_slot()

>> BTW original patch is INCOMPLETE and DANGEROUS.
>>
>> (For example, did anyone think about cryptsetup-reencrypt? Guess what 
>> will
>> happen if user try to *reencrypt* device with this destroy passphrase?
>> Try it... or better not ;-) And there are more missing code which just
>> do not convince me that it was properly thought-out work.
> 
> Isn't that a good argument for implementing it properly upstream? ;)

I think this argument was mentioned by me :) But I think we have found better
way how to implement it without this feature.
Avoiding upstream to become bloatware is also important ;-)

...

> While I see your argument, reencryption takes a lot more time than using 
> a
> nuke feature. Both features serve completely different purposes.

Sure, it was just a complain about features importance...

(And btw there is in git already function to change only header (hash)
without reencrypting the whole device. This will be a workaround
to solve bad gcrypt whirlpool case. Once gcrypt 1.6.1 is out...)
...

> And if you merely want to destroy access to the data, overwriting it is 
> still
> better than reencrypting, isn't it?

Yes, and removing key with "erase" command should do the same quickly as well.

Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux