This has been discussed here several times, please search
the mailing-list archives and read FAQ Item 5.21.
The current take is that it makes no sense security-wise.
In fact, the possibility does more harm than good. This
is not "Mission: Impossible", this is the real world.
The only thing found to make some sense is to have an
explicite "erase/luksErase" command that does not take a
password. cryptsetup has this since version 1.6.4.
Arno
On Mon, Mar 31, 2014 at 07:17:30 CEST, Andrew wrote:
> Greetings dm-crypt folks,
>
> Is it feasable to add a self-destruct password to cryptsetup for LUKS,
> such that when this password is entered, the decryption code silently and
> deliberately overwrites all or part of the master key?
>
> If you are facing an unjust order to produce a working key, having the
> option to produce a self-destruct key would be helpful in some
> circumstances. There are a number of ham-fisted regimes and illegal
> groups that do not know the difference between decrypting data and running
> untrusted code. Destroying the master key would look to these like a
> simple failed attempt at decryption, and ensure the permanenty destruction
> of the data that they are seeking.
>
> + Give us your key
> - I don't remember it
> + Give Us Your Key
> - I really don't remember it
> + GIVE US YOUR KEY
> - I think it's "INITIATE-SELF-DESTRUCT-SEQUENCE" but I'm not sure
> + That didn't work
> - I told you I don't remember
>
>
> In pseudocode, the decryption would become something like this (based on
> my probably faulty understanding of LUKS):
>
> evaluate_password_for_slot(slot) {
> slot_plaintext=decrypt(slot_ciphertext, password);
> /* initiate self_destruct */
> if memcmp(slot_plaintext,SELF_DESTRUCT_PLAINTEXT,sizeof(SELF_DESTRUCT_PLAINTEXT))==0)
> wipe_master_key();
> wipe_key_slots();
> }
> /* self_destruct complete */
> master_key = decrypt(master_ciphertext, slot_key);
> if this_is_a_valid_master_key(master_key) { return E_SUCCESS; }
> return E_FAIL;
> }
>
> Code changes would include:
> Not considering a self-destruct key as a valid remaining key in luksKillSlot
> Front-end code to create a slot as a self-destruct key
> Back-end code to destroy the master key
> s/SELF_DESTRUCT/ESCROW/g /* :) */
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@xxxxxxxx
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
