Emergency destruction of LUKS partition
Bruno Wolff III
bruno at wolff.to
Mon Sep 30 18:40:37 UTC 2013
On Mon, Sep 30, 2013 at 12:52:13 -0400,
"Eric H. Christensen" <sparks at fedoraproject.org> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>Someone asked me about this recently and I haven't had a chance to fully wrap my head around the solution but thought it was an interesting scenario.
>
>Background:
>Someone knows you have encrypted your computer using LUKS. They convince you to enter (or otherwise provide) your passphrase via the large wrench method[0].
>
>Realcrypt method:
>There is plausible deniability (if properly implemented) whereas you could provide the person with the alternate passphrase which would give them access to a portion of the encrypted partition but not your real working partition.
>
>LUKS:
>There is no way to provide plausible deniability.
>
>Proposed solution:
>LUKS provides four key slots to use for decrypting a partition. How about have one key slot that when used immediately implements a deletion of the encrypted partition (or at least the key record).
>
>Thoughts?
They'll just keep using the wrench until you tell them all of the passwords.
Even plausible deniability might not work so well, if someone who knows
what their doing looks at you disk.
More information about the security
mailing list