From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <okozina@redhat.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ABbS61DZEcgt for <dm-crypt@saout.de>;
 Thu, 16 Jan 2014 10:58:33 +0100 (CET)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Thu, 16 Jan 2014 10:58:33 +0100 (CET)
Message-ID: <52D7AB5E.8020302@redhat.com>
Date: Thu, 16 Jan 2014 10:50:22 +0100
From: Ondrej Kozina <okozina@redhat.com>
MIME-Version: 1.0
References: <ED2C3830-3668-4225-B84A-AAAA0F0873F6@offensive-security.com>
 <CAFnMBaQHCp+EnstW6t7OgwdWzXEx9rtY04nzyh8tVmyD31yc1g@mail.gmail.com>
 <638F1A81-8F17-4E18-8993-7F848EA84F08@offensive-security.com>
 <20140114043042.GA15870@tansi.org> <52D6EF1B.4020206@gmail.com>
In-Reply-To: <52D6EF1B.4020206@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] nuke password to delete luks header
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Milan Broz <gmazyland@gmail.com>, dm-crypt@saout.de

On 01/15/2014 09:27 PM, Milan Broz wrote:
> On 01/14/2014 05:30 AM, Arno Wagner wrote:
>> I think that in your scenario, "nuke" does not have any real
>> advantages over just not having the passphrase, and that one
>> is dangerous.
>
> Well, this idea is not new and I responded very similar months ago.
> http://code.google.com/p/cryptsetup/issues/detail?id=110#c1
>
> But seems there is a lot of people in disagreement.
>
> I was quite surprised that most of people from
> our university security&crypto lab I met today and asked
> (to have some other opinions) said that despite "nuke password"
> has very limited use it is worth to have something like that...
>
> Sigh... :)

In that case, let me join you with my humble Sigh as well.

> But what I really want to avoid is that every distribution will
> add some random patches implementing something like this.
>
> It is perhaps better to implement and document this upstream.

Ok, I just think that this new feature is quite heavily disputed 
already. This is perhaps third discussion I found on that topic in a few 
minutes of searching. Please, make "nuke password" option configurable 
so that it can be easily removed from any distribution that wouldn't 
agree with arguments for including it.

Best regards
Ondra