From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.web.de (mout.web.de [212.227.15.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 31 Mar 2014 22:51:20 +0200 (CEST) Received: from [192.168.123.201] ([92.227.148.147]) by smtp.web.de (mrweb002) with ESMTPSA (Nemesis) id 0Lcgkx-1WwOYq2FIV-00kAbh for ; Mon, 31 Mar 2014 22:51:19 +0200 Message-ID: <5339D543.20006@web.de> Date: Mon, 31 Mar 2014 22:51:15 +0200 From: Heiko Rosemann MIME-Version: 1.0 References: <20140331071730.74571bd4@burger.lunch.za.net> <7d3555cddaea095e38982411bd6f9447@imap.steindlberger.de> <20140331141929.2af83740@burger.lunch.za.net> <20140331130612.GA21458@tansi.org> <20140331221752.42935543@burger.lunch.za.net> In-Reply-To: <20140331221752.42935543@burger.lunch.za.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] LUKS self-destruct key List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/31/2014 10:17 PM, Andrew wrote: > On Mon, 31 Mar 2014 15:06:12 +0200 Arno Wagner > wrote: >> On Mon, Mar 31, 2014 at 14:19:29 CEST, Andrew wrote: [...] >>> I read the thread -- interesting reading (Gmane seems a little >>> off for me at the moment though.) >>>=20 >>> A few points that were not raised directly by anyone are: >>>=20 >>> * Some of the worst attackers *do* lack technical skills. >>> While various interest groups do have technical experts, less >>> skilled persons may try their hand first, and succeed in >>> destroying the evidence. Terrorism has lately tended towards a >>> cell structure. A particular cell may not have access to >>> adequate technical resources, while not lacking "skills" like >>> kidnapping, robbery and torture of those they target. >>=20 >> Even the dumbest attackers have seen the movies where the magic=20 >> computer destroys all data when the wrong password is entered. > This is not true. Well, the number of attackers which is knowledgeable enough to detect a luks device and figure out that they need a password to open it (or stupid enough to just type a password at an unknown prompt), but not knowledgeable enough to make a backup before trying is probably insignificant, I'm even leaning towards zero. >> And when you come to any writing about compouter forensics, the >> first rule is always to never work on originals. > This is not relevant. Yes it is. Because it's not only in any writing but also common sense. If the attacker works on a backup and still has the original, destroying the backup does not help anybody. This is what renders all your further points moot. I can see exactly one use case for a "destroy password" and that has been discussed in the thread mentioned above and all the neccessary tools have been implemented in the form of the luksErase command. In short: The data is more valuable than your life _and_ you have a few seconds of time on your computer _before_ the attacker takes control over it. You could implement it in such a way as the machine looks for a key on a USB stick and if none is found, runs luksErase instead of luksOpen, or by booting from a USB stick with a working system but when booting from the HDD (when the USB stick is missing) it runs luksErase. Best Regards, Heiko - --=20 eMails verschl=FCsseln mit PGP - privacy is your right! Mein PGP-Key zur Verifizierung: http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlM51UAACgkQ/Vb5NagElAVcvACbByshRHJm5r1GqO1zen0vx9t3 8HkAnRJAhxXrLru6JuKbuVkjDK8RrgD6 =3Djspl -----END PGP SIGNATURE-----