From: Milan Broz <gmazyland@gmail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] nuke password to delete luks header
Date: Thu, 16 Jan 2014 21:59:03 +0100 [thread overview]
Message-ID: <52D84817.5060001@gmail.com> (raw)
In-Reply-To: <20140116201837.GA16656@citd.de>
On 01/16/2014 09:18 PM, Matthias Schniedermeyer wrote:
> On 16.01.2014 20:33, Milan Broz wrote:
>>
>> But I cannot say that all possible situations comes under this qualification.
>> Maybe it can help someone in dangerous situation to not leak some important data
>> which later help others. Dunno.
>>
>> Still it doesn't mean it is worth to be implemented but let's think
>> at least twice here please.
>
> Meanwhile increasing the risk of everybody else, because once that
> feature is a documented part of the system everybody will assume that
> everybody will use it. Good look defending against a "Destruction of
> Evidence" accusation, in case that happens in a situation with a LEO.
>
> Same as the hidden volume "feature" of Truecypt which everybody will
> assume you use, because it's such a swell feature. (Plausible
> deniabilty? Yeah sure <snort>)
>
>
> In short:
> The documented existence of such a feature is a risk by itself.
Hm. I do not think TrueCrypt hidden disk and this feature can be compared
this way.
For TrueCrypt, yes, you cannot prove that random noise is not a hidden disk.
So it can be assumed there is one.
But LUKS keyslot are clearly marked as used / unused.
If all slots are unused, the disk key is gone. (You can do this
today easily with luksKillSlot already.)
If some slot is used - it is up to you to provide proper password or
destruction one when requested. In one situation you reveal the data
(and possible nuke password is then irrelevant) in the second case you
just deleted all slots and revealed you had a destruction password.
And not providing any password will have the same effect as before IMHO.
Perhaps missing something, too late here :)
Milan
next prev parent reply other threads:[~2014-01-16 20:59 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-14 2:10 [dm-crypt] nuke password to delete luks header Jim O'Gorman
2014-01-14 2:41 ` .. ink ..
2014-01-14 2:52 ` Jim O'Gorman
2014-01-14 4:04 ` .. ink ..
2014-01-14 4:36 ` Arno Wagner
2014-01-14 5:00 ` .. ink ..
2014-01-14 7:11 ` Arno Wagner
2014-01-14 12:05 ` .. ink ..
2014-01-14 14:34 ` Arno Wagner
2014-01-14 19:22 ` .. ink ..
2014-01-15 19:36 ` Milan Broz
2014-01-16 11:50 ` Arno Wagner
2014-01-14 4:30 ` Arno Wagner
2014-01-14 5:01 ` Jim O'Gorman
2014-01-14 7:39 ` [dm-crypt] Re2: " Arno Wagner
2014-01-14 22:42 ` Jonas Meurer
2014-01-15 6:01 ` Arno Wagner
2014-01-15 10:00 ` Jonas Meurer
2014-01-15 10:47 ` Arno Wagner
2014-01-15 11:39 ` Matthias Schniedermeyer
2014-01-15 12:40 ` Arno Wagner
2014-01-15 12:59 ` Matthias Schniedermeyer
2014-01-15 13:38 ` .. ink ..
2014-01-15 20:27 ` [dm-crypt] " Milan Broz
2014-01-16 9:50 ` Ondrej Kozina
2014-01-16 10:30 ` Thomas Bastiani
2014-01-16 13:09 ` Florian Junghanns
2014-01-16 19:33 ` Milan Broz
2014-01-16 20:09 ` helices
2014-01-16 20:11 ` Iggy
2014-01-16 21:36 ` Matthias Schniedermeyer
2014-01-16 21:55 ` Arno Wagner
2014-01-16 22:49 ` Claudio Moretti
2014-01-17 8:17 ` Thomas Bastiani
2014-01-17 23:18 ` Claudio Moretti
2014-01-18 8:43 ` Arno Wagner
2014-01-18 12:42 ` Claudio Moretti
2014-01-18 19:18 ` Arno Wagner
2014-01-16 20:18 ` Matthias Schniedermeyer
2014-01-16 20:28 ` .. ink ..
2014-01-16 21:02 ` Brian
2014-01-16 21:24 ` Arno Wagner
2014-01-16 20:59 ` Milan Broz [this message]
2014-01-16 21:43 ` Arno Wagner
2014-01-17 12:43 ` Jonas Meurer
2014-01-17 13:12 ` Arno Wagner
2014-01-17 14:27 ` Jonas Meurer
2014-01-17 15:16 ` Matthias Schniedermeyer
2014-01-17 14:32 ` Rick Moritz
2014-01-17 14:32 ` Jonas Meurer
2014-01-17 14:57 ` Arno Wagner
2014-01-17 14:51 ` Heiko Rosemann
2014-01-17 15:10 ` Arno Wagner
2014-01-16 12:01 ` Arno Wagner
2014-01-16 11:59 ` Arno Wagner
2014-01-21 22:40 ` Jonas
2014-01-23 21:26 ` Milan Broz
2014-01-23 22:11 ` .. ink ..
2014-01-23 22:30 ` Milan Broz
2014-01-23 23:43 ` Arno Wagner
2014-01-27 9:04 ` Jonas Meurer
2014-01-27 12:44 ` Arno Wagner
2014-01-27 20:30 ` Milan Broz
2014-01-28 10:28 ` Jonas Meurer
-- strict thread matches above, loose matches on Subject: below --
2014-01-06 21:01 R3s1stanc3
2014-01-06 21:39 ` Heinz Diehl
2014-01-06 21:44 ` R3s1stanc3
2014-01-06 23:33 ` Claudio Moretti
2014-01-06 23:38 ` R3s1stanc3
2014-01-07 0:03 ` Arno Wagner
2014-01-07 0:01 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52D84817.5060001@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.