From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] nuke password to delete luks header
Date: Mon, 27 Jan 2014 13:44:46 +0100 [thread overview]
Message-ID: <20140127124446.GA17612@tansi.org> (raw)
In-Reply-To: <62a688cb4fb5803b21139dcc03342e05@imap.steindlberger.de>
On Mon, Jan 27, 2014 at 10:04:28 CET, Jonas Meurer wrote:
> Am 2014-01-23 22:26, schrieb Milan Broz:
> >Hi,
> >
> >as Arno said, let's split this to two parts.
> >
> >>1. Have a secure erase that is easy to use. [...]
> >>
> >>2. Have the option of unlocking a keyslot created with a specific
> >> option to trigger the function implemented in 1. [...]
[...]
> Do you intend to protect the erase feature by asking for a password?
> In that
> case it will be hard to build a nuke wrapper around 'cryptsetup erase'.
> Especially if the nuke password should not reveal access to
> encrypted data
> and merely allow to erase LUKS header.
I think it should not ask for a password, but ask for confirmation,
like having the user type "ERASE" in shell-interaction, unless
-q/--batch-mode is given.
The password would not protect better as a user that can run
cryptsetup can also (but less intuitively) call luksFormat to
erase the container.
Incidentally, that means wrappers are already possible.
(In fact, Ubuntu already demonstrated erase-on-install,
abeit unintentionally, see FAQ Item 1.3.) A luksErase
command is better, as it works cleaner, erasing is its
primary purpose, not just a side-effect and it does
not ask for a new password.
> >BTW original patch is INCOMPLETE and DANGEROUS.
> >
> >(For example, did anyone think about cryptsetup-reencrypt? Guess
> >what will
> >happen if user try to *reencrypt* device with this destroy passphrase?
> >Try it... or better not ;-) And there are more missing code which just
> >do not convince me that it was properly thought-out work.
>
> Isn't that a good argument for implementing it properly upstream? ;)
People making a mess of it? No. Otherwise you would have a really
easy tool to force upstream to implement things. People making
a mess of it is just a hint that things may be more complicated
than they claim they are. A common occurence, especially with
security functionality.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
next prev parent reply other threads:[~2014-01-27 12:44 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-14 2:10 [dm-crypt] nuke password to delete luks header Jim O'Gorman
2014-01-14 2:41 ` .. ink ..
2014-01-14 2:52 ` Jim O'Gorman
2014-01-14 4:04 ` .. ink ..
2014-01-14 4:36 ` Arno Wagner
2014-01-14 5:00 ` .. ink ..
2014-01-14 7:11 ` Arno Wagner
2014-01-14 12:05 ` .. ink ..
2014-01-14 14:34 ` Arno Wagner
2014-01-14 19:22 ` .. ink ..
2014-01-15 19:36 ` Milan Broz
2014-01-16 11:50 ` Arno Wagner
2014-01-14 4:30 ` Arno Wagner
2014-01-14 5:01 ` Jim O'Gorman
2014-01-14 7:39 ` [dm-crypt] Re2: " Arno Wagner
2014-01-14 22:42 ` Jonas Meurer
2014-01-15 6:01 ` Arno Wagner
2014-01-15 10:00 ` Jonas Meurer
2014-01-15 10:47 ` Arno Wagner
2014-01-15 11:39 ` Matthias Schniedermeyer
2014-01-15 12:40 ` Arno Wagner
2014-01-15 12:59 ` Matthias Schniedermeyer
2014-01-15 13:38 ` .. ink ..
2014-01-15 20:27 ` [dm-crypt] " Milan Broz
2014-01-16 9:50 ` Ondrej Kozina
2014-01-16 10:30 ` Thomas Bastiani
2014-01-16 13:09 ` Florian Junghanns
2014-01-16 19:33 ` Milan Broz
2014-01-16 20:09 ` helices
2014-01-16 20:11 ` Iggy
2014-01-16 21:36 ` Matthias Schniedermeyer
2014-01-16 21:55 ` Arno Wagner
2014-01-16 22:49 ` Claudio Moretti
2014-01-17 8:17 ` Thomas Bastiani
2014-01-17 23:18 ` Claudio Moretti
2014-01-18 8:43 ` Arno Wagner
2014-01-18 12:42 ` Claudio Moretti
2014-01-18 19:18 ` Arno Wagner
2014-01-16 20:18 ` Matthias Schniedermeyer
2014-01-16 20:28 ` .. ink ..
2014-01-16 21:02 ` Brian
2014-01-16 21:24 ` Arno Wagner
2014-01-16 20:59 ` Milan Broz
2014-01-16 21:43 ` Arno Wagner
2014-01-17 12:43 ` Jonas Meurer
2014-01-17 13:12 ` Arno Wagner
2014-01-17 14:27 ` Jonas Meurer
2014-01-17 15:16 ` Matthias Schniedermeyer
2014-01-17 14:32 ` Rick Moritz
2014-01-17 14:32 ` Jonas Meurer
2014-01-17 14:57 ` Arno Wagner
2014-01-17 14:51 ` Heiko Rosemann
2014-01-17 15:10 ` Arno Wagner
2014-01-16 12:01 ` Arno Wagner
2014-01-16 11:59 ` Arno Wagner
2014-01-21 22:40 ` Jonas
2014-01-23 21:26 ` Milan Broz
2014-01-23 22:11 ` .. ink ..
2014-01-23 22:30 ` Milan Broz
2014-01-23 23:43 ` Arno Wagner
2014-01-27 9:04 ` Jonas Meurer
2014-01-27 12:44 ` Arno Wagner [this message]
2014-01-27 20:30 ` Milan Broz
2014-01-28 10:28 ` Jonas Meurer
-- strict thread matches above, loose matches on Subject: below --
2014-01-06 21:01 R3s1stanc3
2014-01-06 21:39 ` Heinz Diehl
2014-01-06 21:44 ` R3s1stanc3
2014-01-06 23:33 ` Claudio Moretti
2014-01-06 23:38 ` R3s1stanc3
2014-01-07 0:03 ` Arno Wagner
2014-01-07 0:01 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140127124446.GA17612@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox