Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: A Self-Destruct Option For Linux Disk Encryption

  1. #1
    Join Date
    Jan 2007
    Posts
    15,138

    Default A Self-Destruct Option For Linux Disk Encryption

    Phoronix: A Self-Destruct Option For Linux Disk Encryption

    The security-minded Kali Linux distribution has proposed a feature of adding "emergency self-destruction of LUKS" to their cryptsetup package when doing full-disk encrypted Linux installations...

    http://www.phoronix.com/vr.php?view=MTU2MjQ

  2. #2

    Default

    The attacker enters this password and all your data is gone. Poof.

    What a "nice" idea.

    I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.

  3. #3
    Join Date
    Sep 2009
    Location
    Edinburgh, UK
    Posts
    53

    Default

    Quote Originally Posted by birdie View Post
    The attacker enters this password and all your data is gone. Poof.

    What a "nice" idea.

    I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
    Why would I tell an attacker my nuke password. Just as I wouldn't tell him my main password. If you are giving away your main password, he can also delete your data...

  4. #4
    Join Date
    Aug 2010
    Posts
    52

    Default

    Quote Originally Posted by birdie View Post
    The attacker enters this password and all your data is gone. Poof.

    What a "nice" idea.

    I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
    What makes you think this password is not configurable?

  5. #5
    Join Date
    Jan 2013
    Posts
    209

    Default

    Quote Originally Posted by stikonas View Post
    Why would I tell an attacker my nuke password. Just as I wouldn't tell him my main password. If you are giving away your main password, he can also delete your data...
    http://xkcd.com/538/

    Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

    I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.

  6. #6
    Join Date
    Jan 2014
    Posts
    29

    Default

    Quote Originally Posted by IanS View Post
    http://xkcd.com/538/

    Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

    I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.
    This exactly.
    This is also the reason why truecrypts dev always refused to give the option of a "nuke" password.
    The only case there this helps is if the attacker does not have access to the hardware yet.
    So you have an already encrypted drive which will protect you if your hardware is taken and add a option to protect you if your hardware
    is not yet taken. Seems redundant to me.
    Maybe if this option would provably delete your access to the data but even then, they will just beat you thinking you might have a backup somewhere.

  7. #7
    Join Date
    Sep 2012
    Posts
    289

    Default

    This is an excellent idea to prevent the CIA/NSA/FBI triad from seeing your data at airports.

  8. #8
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,911

    Default

    Quote Originally Posted by IanS View Post
    http://xkcd.com/538/

    Though even in that situation it is likely they would have backups made, so nuking one copy doesn't help any.

    I am guessing the main use would be if you were tipped off that you were about to get raided and you wanted a quick way to destroy data before that could happen. Can't really see any other use for something like this, because if you don't have advanced notice you wouldn't likely have the time to reboot and pop in that password anyhow. If anyone can take you and your computer before you do that they have already gained the advantage.
    Depends on the situation, there was one story on /. about a guy being forced to give up the encryption key to his laptop. Give up the nuke password then say that they must've damaged the hard drive in transit, or that the drive must be suffering from corruption. Or have the nuke password be something one letter off from the real password (like a strange letter, z instead of s maybe) then when they enter it and blame you just say they heard you incorrectly.

    Really depends on if maybe you're a reporter and the data on your drive could get someone else killed or start a war or something extreme like that

  9. #9
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,911

    Default

    Quote Originally Posted by birdie View Post
    The attacker enters this password and all your data is gone. Poof.

    What a "nice" idea.

    I'm not against it, but this termination password should be configurable otherwise it's a recipe for disaster.
    What makes you think it wouldn't be configurable..? Like its so blatantly common sense that just saying that it might not be makes you come off.... lacking of common sense o.O

  10. #10
    Join Date
    Jan 2011
    Posts
    1,287

    Default

    Quote Originally Posted by wargames View Post
    This is an excellent idea to prevent the CIA/NSA/FBI triad from seeing your data at airports.
    Seriously? I feel that's the most stupid use you could find for it. Destroying all of your data just so it they don't see it, except if you really have something important to hide (like Ericg's example, I mean), is not what I'd call a solution.

    Quote Originally Posted by Ericg View Post
    Or have the nuke password be something one letter off from the real password (like a strange letter, z instead of s maybe) then when they enter it and blame you just say they heard you incorrectly.
    And that's how you accidentally blow all of your data.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •