From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] nuke password to delete luks header
Date: Tue, 14 Jan 2014 05:30:42 +0100 [thread overview]
Message-ID: <20140114043042.GA15870@tansi.org> (raw)
In-Reply-To: <638F1A81-8F17-4E18-8993-7F848EA84F08@offensive-security.com>
On Tue, Jan 14, 2014 at 03:52:37 CET, Jim O'Gorman wrote:
> On 13 Jan 2014, at 21:41, .. ink .. wrote:
> >> This situation is very common for us in situations where systems may be
> >> inspected by parties that may not be friendly to us. Border crossings
> >> are a common example of this.
I Assume you have seen my posting of what may happen to you
if you try this stunt? If not, here is a reference:
http://permalink.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/7090
The problem is that the customs-person cannot distinguish between
a "nuked" LUKS header or one with passphrases you do not have or
one with passphrases you do have but refuse to give out. Sure,
"nuking" could be done in a way that zeros the keyslots, making
it obvious. Could sill mean sitting in prison several weeks until
a forensics expert has the time to verify your claim.
Even than, you could have placed a plain dm-crypt container at the
data-offset that you actually have the password for.
I think that in your scenario, "nuke" does not have any real
advantages over just not having the passphrase, and that one
is dangerous.
> >>
> > whats the recommended answer to give in such situation where an encrypted
> > volume is clearly visible since its LUKS but you are unable to open it when
> > asked by authorities since you nuked all key slots?If you cant open the
> > volume and If you are not believed,then any answer you will give most
> > likely will not be believable and hence "the password was XXX but it now
> > doesnt work because i nuked it" is just as believable as "i dont remember
> > the password" or "i dont know the password,i am just carrying the laptop
> > for a friend".
>
> Personally, I think the "right" answer is going to be different for
> everyone and we can only speak to what we do.
In many cases the only right answer is not to get into that situation
in the first place.
Never give "i am just carrying the laptop for a friend"! That is the
usual drug-mule story and customs may immediately recognize it as such.
> We feel strongly about not lying in these sort of situations. I agree,
> that a lie and a truth is very much the same and hard to separate one from
> the other for a front line individual such as a normal customs agent.
> However, its better not to complicate the situation. So, we will
> truthfully say:
>
> "As a matter of company policy, no employees travel with sensitive data
> stored in a manner that is accessible in transit. As such, I have no way
> of accessing any of the data on this system."
>
> Realistically, in the vast majority of the cases this is perfectly
> adequate as all they are really looking to do is ensure the device is a
> real working laptop and not a bomb of some sort.
Not true: In many cases, including UK and US, they are searching
for "illicit" material, like specific types of pornography and,
I suspect, unlicensed music and movies. And they will check
business laptops also.
While not lying is the right approach, it could still mean a few
weeks in a cell. If that riek is covered by your contracts and
your employees are willing to risk it, that may be acceptable.
> In cases where you may
> be suspected of transferring contraband they will often have other
> supporting evidence. As all the work we do is sensitive, but legitimate,
> this is not an issue that we lose any sleep over.
Until it goes wrong. I hope you have a good layer well versed in the
law of your target countries.
But, no, nothing in gere is a good case for a "nuke" option. It is
just a slight variant of the "I do not have the passphrase" version,
and that is fully supported by LUKS as it is.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
next prev parent reply other threads:[~2014-01-14 4:30 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-14 2:10 [dm-crypt] nuke password to delete luks header Jim O'Gorman
2014-01-14 2:41 ` .. ink ..
2014-01-14 2:52 ` Jim O'Gorman
2014-01-14 4:04 ` .. ink ..
2014-01-14 4:36 ` Arno Wagner
2014-01-14 5:00 ` .. ink ..
2014-01-14 7:11 ` Arno Wagner
2014-01-14 12:05 ` .. ink ..
2014-01-14 14:34 ` Arno Wagner
2014-01-14 19:22 ` .. ink ..
2014-01-15 19:36 ` Milan Broz
2014-01-16 11:50 ` Arno Wagner
2014-01-14 4:30 ` Arno Wagner [this message]
2014-01-14 5:01 ` Jim O'Gorman
2014-01-14 7:39 ` [dm-crypt] Re2: " Arno Wagner
2014-01-14 22:42 ` Jonas Meurer
2014-01-15 6:01 ` Arno Wagner
2014-01-15 10:00 ` Jonas Meurer
2014-01-15 10:47 ` Arno Wagner
2014-01-15 11:39 ` Matthias Schniedermeyer
2014-01-15 12:40 ` Arno Wagner
2014-01-15 12:59 ` Matthias Schniedermeyer
2014-01-15 13:38 ` .. ink ..
2014-01-15 20:27 ` [dm-crypt] " Milan Broz
2014-01-16 9:50 ` Ondrej Kozina
2014-01-16 10:30 ` Thomas Bastiani
2014-01-16 13:09 ` Florian Junghanns
2014-01-16 19:33 ` Milan Broz
2014-01-16 20:09 ` helices
2014-01-16 20:11 ` Iggy
2014-01-16 21:36 ` Matthias Schniedermeyer
2014-01-16 21:55 ` Arno Wagner
2014-01-16 22:49 ` Claudio Moretti
2014-01-17 8:17 ` Thomas Bastiani
2014-01-17 23:18 ` Claudio Moretti
2014-01-18 8:43 ` Arno Wagner
2014-01-18 12:42 ` Claudio Moretti
2014-01-18 19:18 ` Arno Wagner
2014-01-16 20:18 ` Matthias Schniedermeyer
2014-01-16 20:28 ` .. ink ..
2014-01-16 21:02 ` Brian
2014-01-16 21:24 ` Arno Wagner
2014-01-16 20:59 ` Milan Broz
2014-01-16 21:43 ` Arno Wagner
2014-01-17 12:43 ` Jonas Meurer
2014-01-17 13:12 ` Arno Wagner
2014-01-17 14:27 ` Jonas Meurer
2014-01-17 15:16 ` Matthias Schniedermeyer
2014-01-17 14:32 ` Rick Moritz
2014-01-17 14:32 ` Jonas Meurer
2014-01-17 14:57 ` Arno Wagner
2014-01-17 14:51 ` Heiko Rosemann
2014-01-17 15:10 ` Arno Wagner
2014-01-16 12:01 ` Arno Wagner
2014-01-16 11:59 ` Arno Wagner
2014-01-21 22:40 ` Jonas
2014-01-23 21:26 ` Milan Broz
2014-01-23 22:11 ` .. ink ..
2014-01-23 22:30 ` Milan Broz
2014-01-23 23:43 ` Arno Wagner
2014-01-27 9:04 ` Jonas Meurer
2014-01-27 12:44 ` Arno Wagner
2014-01-27 20:30 ` Milan Broz
2014-01-28 10:28 ` Jonas Meurer
-- strict thread matches above, loose matches on Subject: below --
2014-01-06 21:01 R3s1stanc3
2014-01-06 21:39 ` Heinz Diehl
2014-01-06 21:44 ` R3s1stanc3
2014-01-06 23:33 ` Claudio Moretti
2014-01-06 23:38 ` R3s1stanc3
2014-01-07 0:03 ` Arno Wagner
2014-01-07 0:01 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140114043042.GA15870@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.