From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ms@citd.de>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qqTcE2GXlH76 for <dm-crypt@saout.de>;
 Thu, 16 Jan 2014 22:36:24 +0100 (CET)
Received: from awesome.dsw2k3.info (unknown [IPv6:2a01:198:661:1f::3])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu, 16 Jan 2014 22:36:24 +0100 (CET)
Date: Thu, 16 Jan 2014 22:36:19 +0100
From: Matthias Schniedermeyer <ms@citd.de>
Message-ID: <20140116213619.GA19498@citd.de>
References: <ED2C3830-3668-4225-B84A-AAAA0F0873F6@offensive-security.com>
 <CAFnMBaQHCp+EnstW6t7OgwdWzXEx9rtY04nzyh8tVmyD31yc1g@mail.gmail.com>
 <638F1A81-8F17-4E18-8993-7F848EA84F08@offensive-security.com>
 <20140114043042.GA15870@tansi.org> <52D6EF1B.4020206@gmail.com>
 <52D7AB5E.8020302@redhat.com>
 <CAEherqDu9ufycoVtbj_a+n=aNrJ9JkLb8rS075td28=WrDGoPw@mail.gmail.com>
 <52D833F1.5010205@gmail.com> <52D83D00.50402@riseup.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <52D83D00.50402@riseup.net>
Subject: Re: [dm-crypt] nuke password to delete luks header
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Iggy <iggy19@riseup.net>
Cc: dm-crypt@saout.de

On 16.01.2014 15:11, Iggy wrote:
> 
> 
> PS:  An interesting, but only marginally helpful, byproduct of such a
> feature is that on the off-chance that an adversary were attempting to
> brute-force the password on their only copy of a volume (this is the
> unlikely bit), and the nuke password had less entropy than the
> decryption passphrase, then there is a chance the adversary themselves
> would remove access to the data, without intervention from the target of
> the attack, by accidentally brute-forcing the nuke password.

You wouldn't brute force using the actual system, much too slow.

You make a copy and brute force the data with something that allows as 
much key/s as possible. Which means you can't use the actual system. 
That also means the system that is actually used to do the brute-forcing 
won't implement the "nuke" capability (Assuming at least some competence 
on the attacker side) but may include code determine that it is a nuke 
key, because there has to be a way to identify that status at least 
after you found the correct passwort. Otherwise the feature would simply 
be impossible to implement.




-- 

Matthias