Emergency destruction of LUKS partition

Mon Sep 30 16:59:23 UTC 2013

On 30/09/13 17:52, Eric H. Christensen wrote:
> Someone asked me about this recently and I haven't had a chance to 
> fully wrap my head around the solution but thought it was an 
> interesting scenario.
> 
> Background: Someone knows you have encrypted your computer using 
> LUKS.  They convince you to enter (or otherwise provide) your 
> passphrase via the large wrench method[0].
> 
> Realcrypt method: There is plausible deniability (if properly 
> implemented) whereas you could provide the person with the 
> alternate passphrase which would give them access to a portion of 
> the encrypted partition but not your real working partition.
> 
> LUKS: There is no way to provide plausible deniability.
> 
> Proposed solution: LUKS provides four key slots to use for 
> decrypting a partition.  How about have one key slot that when
> used immediately implements a deletion of the encrypted partition
> (or at least the key record).
> 
> Thoughts?
> 
> [0] http://www.xkcd.org/538/
> 
> -- Eric
> 
> -------------------------------------------------- Eric "Sparks" 
> Christensen Fedora Project
> 
> sparks at fedoraproject.org - sparks at redhat.com 097C 82C3 52DF C64A 
> 50C2  E3A3 8076 ABDE 024B B3D1 
> -------------------------------------------------- -- security 
> mailing list security at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/security
> 
There is a DM-Steg module. But somebody would probably have to work a
little more on it and put it into upstream, so it is maintained.

Regards,

Tristan
-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at fedoraproject.org