Re: [dm-crypt] nuke password to delete luks header

DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Matthias Schniedermeyer <ms@citd.de>
To: Iggy <iggy19@riseup.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] nuke password to delete luks header
Date: Thu, 16 Jan 2014 22:36:19 +0100	[thread overview]
Message-ID: <20140116213619.GA19498@citd.de> (raw)
In-Reply-To: <52D83D00.50402@riseup.net>

On 16.01.2014 15:11, Iggy wrote:
> 
> 
> PS:  An interesting, but only marginally helpful, byproduct of such a
> feature is that on the off-chance that an adversary were attempting to
> brute-force the password on their only copy of a volume (this is the
> unlikely bit), and the nuke password had less entropy than the
> decryption passphrase, then there is a chance the adversary themselves
> would remove access to the data, without intervention from the target of
> the attack, by accidentally brute-forcing the nuke password.

You wouldn't brute force using the actual system, much too slow.

You make a copy and brute force the data with something that allows as 
much key/s as possible. Which means you can't use the actual system. 
That also means the system that is actually used to do the brute-forcing 
won't implement the "nuke" capability (Assuming at least some competence 
on the attacker side) but may include code determine that it is a nuke 
key, because there has to be a way to identify that status at least 
after you found the correct passwort. Otherwise the feature would simply 
be impossible to implement.

-- 

Matthias

next prev parent reply	other threads:[~2014-01-16 21:36 UTC|newest]

Thread overview: 71+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-14  2:10 [dm-crypt] nuke password to delete luks header Jim O'Gorman
2014-01-14  2:41 ` .. ink ..
2014-01-14  2:52   ` Jim O'Gorman
2014-01-14  4:04     ` .. ink ..
2014-01-14  4:36       ` Arno Wagner
2014-01-14  5:00         ` .. ink ..
2014-01-14  7:11           ` Arno Wagner
2014-01-14 12:05             ` .. ink ..
2014-01-14 14:34               ` Arno Wagner
2014-01-14 19:22                 ` .. ink ..
2014-01-15 19:36                   ` Milan Broz
2014-01-16 11:50                     ` Arno Wagner
2014-01-14  4:30     ` Arno Wagner
2014-01-14  5:01       ` Jim O'Gorman
2014-01-14  7:39         ` [dm-crypt] Re2: " Arno Wagner
2014-01-14 22:42           ` Jonas Meurer
2014-01-15  6:01             ` Arno Wagner
2014-01-15 10:00               ` Jonas Meurer
2014-01-15 10:47                 ` Arno Wagner
2014-01-15 11:39                 ` Matthias Schniedermeyer
2014-01-15 12:40                   ` Arno Wagner
2014-01-15 12:59                     ` Matthias Schniedermeyer
2014-01-15 13:38                       ` .. ink ..
2014-01-15 20:27       ` [dm-crypt] " Milan Broz
2014-01-16  9:50         ` Ondrej Kozina
2014-01-16 10:30           ` Thomas Bastiani
2014-01-16 13:09             ` Florian Junghanns
2014-01-16 19:33             ` Milan Broz
2014-01-16 20:09               ` helices
2014-01-16 20:11               ` Iggy
2014-01-16 21:36                 ` Matthias Schniedermeyer [this message]
2014-01-16 21:55                   ` Arno Wagner
2014-01-16 22:49                     ` Claudio Moretti
2014-01-17  8:17                       ` Thomas Bastiani
2014-01-17 23:18                         ` Claudio Moretti
2014-01-18  8:43                           ` Arno Wagner
2014-01-18 12:42                             ` Claudio Moretti
2014-01-18 19:18                               ` Arno Wagner
2014-01-16 20:18               ` Matthias Schniedermeyer
2014-01-16 20:28                 ` .. ink ..
2014-01-16 21:02                   ` Brian
2014-01-16 21:24                   ` Arno Wagner
2014-01-16 20:59                 ` Milan Broz
2014-01-16 21:43                   ` Arno Wagner
2014-01-17 12:43                 ` Jonas Meurer
2014-01-17 13:12                   ` Arno Wagner
2014-01-17 14:27                     ` Jonas Meurer
2014-01-17 15:16                       ` Matthias Schniedermeyer
2014-01-17 14:32                     ` Rick Moritz
2014-01-17 14:32                     ` Jonas Meurer
2014-01-17 14:57                       ` Arno Wagner
2014-01-17 14:51                     ` Heiko Rosemann
2014-01-17 15:10                       ` Arno Wagner
2014-01-16 12:01           ` Arno Wagner
2014-01-16 11:59         ` Arno Wagner
2014-01-21 22:40         ` Jonas
2014-01-23 21:26           ` Milan Broz
2014-01-23 22:11             ` .. ink ..
2014-01-23 22:30               ` Milan Broz
2014-01-23 23:43             ` Arno Wagner
2014-01-27  9:04             ` Jonas Meurer
2014-01-27 12:44               ` Arno Wagner
2014-01-27 20:30               ` Milan Broz
2014-01-28 10:28                 ` Jonas Meurer
  -- strict thread matches above, loose matches on Subject: below --
2014-01-06 21:01 R3s1stanc3
2014-01-06 21:39 ` Heinz Diehl
2014-01-06 21:44   ` R3s1stanc3
2014-01-06 23:33     ` Claudio Moretti
2014-01-06 23:38       ` R3s1stanc3
2014-01-07  0:03     ` Arno Wagner
2014-01-07  0:01 ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140116213619.GA19498@citd.de \
    --to=ms@citd.de \
    --cc=dm-crypt@saout.de \
    --cc=iggy19@riseup.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox