Emergency destruction of LUKS partition

Joe Wulf joe_wulf at yahoo.com
Mon Sep 30 17:16:28 UTC 2013 

If the implementation of this is in fact a deep dark secret that only the implementers on 'that' system know, as well as the users... then this might be a possibility to protect the data at the expense of the person or persons lives on the wrong end of the large wrench.

The kind of implementation you are talking about, more than likely, would already be known to wrench-wielding miscreants.  Therefore, they'd be on the look-out for attempts at giving the wrong key phrase.




>________________________________
> From: Eric H. Christensen <sparks at fedoraproject.org>
>To: security at lists.fedoraproject.org 
>Sent: Monday, September 30, 2013 12:52 PM
>Subject: Emergency destruction of LUKS partition
> 
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>Someone asked me about this recently and I haven't had a chance to fully wrap my head around the solution but thought it was an interesting scenario.
>
>Background:
>Someone knows you have encrypted your computer using LUKS.  They convince you to enter (or otherwise provide) your passphrase via the large wrench method[0].
>
>Realcrypt method:
>There is plausible deniability (if properly implemented) whereas you could provide the person with the alternate passphrase which would give them access to a portion of the encrypted partition but not your real working partition.
>
>LUKS:
>There is no way to provide plausible deniability.
>
>Proposed solution:
>LUKS provides four key slots to use for decrypting a partition.  How about have one key slot that when used immediately implements a deletion of the encrypted partition (or at least the key record).
>
>Thoughts?
>
>[0] http://www.xkcd.org/538/
>
>- -- Eric
>
>- --------------------------------------------------
>Eric "Sparks" Christensen
>Fedora Project
>
>sparks at fedoraproject.org - sparks at redhat.com
>097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
>- --------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.14 (GNU/Linux)
>
>iQGcBAEBCgAGBQJSSaw6AAoJEB/kgVGp2CYvDTAL/jeuWo8r39Apq7QA6hQKmDI9
>Oe+GB5SRk99ecqmBKcapC6nGewfVajoeuNo27AG9CfmQ97ZSk6Oabvt8OibgXXc5
>S64me8zy+Rqx2uu8i271P8DGbf3IFENMMtCdkPCfJWNU5ZAepGwBXCQXRJwC09jn
>MWeQ9kDFmvHZE4a8bO/G6ZPkXI+Vm7BxJYsGq6f5SVcAnqWdKWSUiZPfEcAIGPzx
>AFDmiR8wQpQ2e3PiHEstLYK9DHr6ALIqZxbdwwlLM/vOi7N2Xk3PobIby3KREU4b
>yCh5lkp2oZKkWhGY2AYgFwm1uo7/jWSDFArcJDTtr9amU1mihrpmRPBxAzcplSFK
>oj9LJeYXXnpGFRHNyr68Zp8Dp5ckhDgUVMV1m8MCgVgmyn7cIexIvib4kng/c/aE
>Wo/32VXw8T/++Gszlv4AjLKjMlD4PEVWSO9saJLeQIlwEQFZYulpVkRa/6RKesYZ
>NbuMocam5uk2z0BeXCXjD5A1nvh7YHnhuCjv4HizqQ==
>=Tdc5
>-----END PGP SIGNATURE-----
>--
>security mailing list
>security at lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20130930/9e7c8fd4/attachment.html>

More information about the security mailing list