Announcement

Collapse
No announcement yet.

A Self-Destruct Option For Linux Disk Encryption

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A Self-Destruct Option For Linux Disk Encryption

    Phoronix: A Self-Destruct Option For Linux Disk Encryption

    The security-minded Kali Linux distribution has proposed a feature of adding "emergency self-destruction of LUKS" to their cryptsetup package when doing full-disk encrypted Linux installations...

    http://www.phoronix.com/vr.php?view=MTU2MjQ

  • #2
    The attacker enters this password and all your data is gone. Poof.

    What a "nice" idea.

    I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.

    Comment


    • #3
      Originally posted by birdie View Post
      The attacker enters this password and all your data is gone. Poof.

      What a "nice" idea.

      I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
      Why would I tell an attacker my nuke password. Just as I wouldn't tell him my main password. If you are giving away your main password, he can also delete your data...

      Comment


      • #4
        Originally posted by birdie View Post
        The attacker enters this password and all your data is gone. Poof.

        What a "nice" idea.

        I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
        What makes you think this password is not configurable?

        Comment


        • #5
          Originally posted by stikonas View Post
          Why would I tell an attacker my nuke password. Just as I wouldn't tell him my main password. If you are giving away your main password, he can also delete your data...
          http://xkcd.com/538/

          Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

          I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.

          Comment


          • #6
            Originally posted by IanS View Post
            http://xkcd.com/538/

            Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

            I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.
            This exactly.
            This is also the reason why truecrypts dev always refused to give the option of a "nuke" password.
            The only case there this helps is if the attacker does not have access to the hardware yet.
            So you have an already encrypted drive which will protect you if your hardware is taken and add a option to protect you if your hardware
            is not yet taken. Seems redundant to me.
            Maybe if this option would provably delete your access to the data but even then, they will just beat you thinking you might have a backup somewhere.

            Comment


            • #7
              This is an excellent idea to prevent the CIA/NSA/FBI triad from seeing your data at airports.

              Comment


              • #8
                Originally posted by IanS View Post
                http://xkcd.com/538/

                Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

                I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.
                Depends on the situation, there was one story on /. about a guy being forced to give up the encryption key to his laptop. Give up the nuke password then say that they must've damaged the hard drive in transit, or that the drive must be suffering from corruption. Or have the nuke password be something one letter off from the real password (like a strange letter, z instead of s maybe) then when they enter it and blame you just say they heard you incorrectly.

                Really depends on if maybe you're a reporter and the data on your drive could get someone else killed or start a war or something extreme like that

                Comment


                • #9
                  Originally posted by birdie View Post
                  The attacker enters this password and all your data is gone. Poof.

                  What a "nice" idea.

                  I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
                  What makes you think it wouldn't be configurable..? Like its so blatantly common sense that just saying that it might not be makes you come off.... lacking of common sense o.O

                  Comment


                  • #10
                    Originally posted by wargames View Post
                    This is an excellent idea to prevent the CIA/NSA/FBI triad from seeing your data at airports.
                    Seriously? I feel that's the most stupid use you could find for it. Destroying all of your data just so it they don't see it, except if you really have something important to hide (like Ericg's example, I mean), is not what I'd call a solution.

                    Originally posted by Ericg View Post
                    Or have the nuke password be something one letter off from the real password (like a strange letter, z instead of s maybe) then when they enter it and blame you just say they heard you incorrectly.
                    And that's how you accidentally blow all of your data.

                    Comment


                    • #11
                      This reminds me of all the noise about rm -rf.
                      Great job Kali, very welcome feature.

                      Comment


                      • #12
                        what they need to do is a password which switches in a dummy near-empty file system which contains a bit of soft pr0n so as to give plausible deniability.

                        some people may mock, but there are countries in the world where using disk encryption can result in an instant prison sentence if you don't immediately comply with the authorities, so having some dummy data is a good idea. Hence why trucrypt can have multiple hidden volumes.

                        Comment


                        • #13
                          What's it to be used for? If someone is telling you to put your password in so they can get at your files, or maybe several nuke passwords for someone to accidentally find when trying to decrypt a drive.
                          Once people figure out this feature exists, the new standard operating procedure for this kind of thing will be "mirror the drive first."

                          Comment


                          • #14
                            Originally posted by A Laggy Grunt View Post
                            What's it to be used for?
                            To nuke own data fast.

                            Originally posted by A Laggy Grunt View Post
                            If someone is telling you to put your password in so they can get at your files, or maybe several nuke passwords for someone to accidentally find when trying to decrypt a drive.
                            You don't give access passwords all around. If you do, its your responsibility and your fault.

                            Originally posted by A Laggy Grunt View Post
                            Once people figure out this feature exists, the new standard operating procedure for this kind of thing will be "mirror the drive first."
                            This was forensics 101 since forever, what are you questioning here?

                            Comment


                            • #15
                              I implemented a similar feature to this in my local branch of Geli (the FreeBSD disk encryption framework). Granted, it's next to useless if you are under a very major investigation (wherein your disk is cloned first) but for other situations, e.g. 'spot checks', it's very useful to have. Nice to see it being implemented more widely.

                              Comment

                              Working...
                              X