From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 31 Mar 2014 11:35:46 +0200 (CEST) Received: from gatewagner.dyndns.org (77-57-44-24.dclient.hispeed.ch [77.57.44.24]) by v6.tansi.org (Postfix) with ESMTPA id E2A8520DC1E4 for ; Mon, 31 Mar 2014 11:35:45 +0200 (CEST) Date: Mon, 31 Mar 2014 11:35:44 +0200 From: Arno Wagner Message-ID: <20140331093544.GA20826@tansi.org> References: <20140331071730.74571bd4@burger.lunch.za.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140331071730.74571bd4@burger.lunch.za.net> Subject: Re: [dm-crypt] LUKS self-destruct key List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de This has been discussed here several times, please search the mailing-list archives and read FAQ Item 5.21. The current take is that it makes no sense security-wise. In fact, the possibility does more harm than good. This is not "Mission: Impossible", this is the real world. The only thing found to make some sense is to have an explicite "erase/luksErase" command that does not take a password. cryptsetup has this since version 1.6.4. Arno On Mon, Mar 31, 2014 at 07:17:30 CEST, Andrew wrote: > Greetings dm-crypt folks, > > Is it feasable to add a self-destruct password to cryptsetup for LUKS, > such that when this password is entered, the decryption code silently and > deliberately overwrites all or part of the master key? > > If you are facing an unjust order to produce a working key, having the > option to produce a self-destruct key would be helpful in some > circumstances. There are a number of ham-fisted regimes and illegal > groups that do not know the difference between decrypting data and running > untrusted code. Destroying the master key would look to these like a > simple failed attempt at decryption, and ensure the permanenty destruction > of the data that they are seeking. > > + Give us your key > - I don't remember it > + Give Us Your Key > - I really don't remember it > + GIVE US YOUR KEY > - I think it's "INITIATE-SELF-DESTRUCT-SEQUENCE" but I'm not sure > + That didn't work > - I told you I don't remember > > > In pseudocode, the decryption would become something like this (based on > my probably faulty understanding of LUKS): > > evaluate_password_for_slot(slot) { > slot_plaintext=decrypt(slot_ciphertext, password); > /* initiate self_destruct */ > if memcmp(slot_plaintext,SELF_DESTRUCT_PLAINTEXT,sizeof(SELF_DESTRUCT_PLAINTEXT))==0) > wipe_master_key(); > wipe_key_slots(); > } > /* self_destruct complete */ > master_key = decrypt(master_ciphertext, slot_key); > if this_is_a_valid_master_key(master_key) { return E_SUCCESS; } > return E_FAIL; > } > > Code changes would include: > Not considering a self-destruct key as a valid remaining key in luksKillSlot > Front-end code to create a slot as a self-destruct key > Back-end code to destroy the master key > s/SELF_DESTRUCT/ESCROW/g /* :) */ > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato