Re: [arch-general] LUKS emergency self-destruct

2014-01-13 Thread Taylor Hornby 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/13/2014 03:57 AM, Paladin wrote:
> Hi, does anyone know if there is plan to implement this: 
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ in
> Arch?
> 
> Patch https://github.com/offensive-security/cryptsetup-nuke-keys is
> not too big and IMHO it would be great to have this option..
> 
> Patch is for 1.6.1 but it cannot be that difficult to port it to 
> 1.6.3 which we have.
> 

If you use this, be careful that you're using it for the right thing.
Unfortunately the way it's implemented makes it seem like it's purpose
is something that it's not.

The intent is for it to be an easy and fast way to destroy the key
information (and optionally recover it if you have a backup), when you
are in a SAFE environment. A convenient alternative to manually doing
it with dd and a live CD.

It's not intended to be an "If I'm tortured I can enter the duress
password and it will destroy the keys" feature. Obviously, your
torturers (or law enforcement (they can be the same thing)), will
clone the disk and make you enter your password into the cloned system.

Just a warning.

- -- 
Taylor Hornby
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS1FEXAAoJEP5tMebkC3Ru7oEP+gPNCGgmyi0ovRLLZhwb+BV8
jU0+6MYKFYoZiTCe3VGSWsOBdAp1J14+f7q0NkG24fFvmlN6g8WYfHGsENGjn1ZO
JrsPSMwD3rl7C9pEKS2zCzGlVhQcTgUTwkz7KaWqhoaZ2XoGTdSL3N9Hdkpl1hxo
VreJC4hpBF42ON+3Up6ZUCPsgY67U2kGe5Mz4CZxm7uDKa15CtqFsbcUQIN+Ep0m
e2VzztRZECz7NVYbcAPFA+XXWG5gU8lGNL29j8I49sdjZfOQGSsmM0VUDpXMfaN6
OLeOP1i/oBCQ/5AUMZJu/EK5xsbO+vTauAPSHCvxy1Go9lugYcxTYU2LdwrPFnDH
2rWCwRijyARoKvF+hsrfuXTPOSzH5jhnw827DQfL/PsimkWv1C0ZkbYqDEpy9cT9
/13TGonoOfm0uMgOvG2y9A7ZA8Z7OsqPXSKvZG/iife5q4513Lry9o8EwKOzIyNp
yuiVD5o1ZW+fcBi11mlUu2D2wrKDp9YGBOUbRb2yHzgapjJ92Dh6L/kCVlC179AX
ZnJqjXOltuGYLFCpZPmBXSYaMkt5rLkVvoD7X1NETNHRDUOucdRo3sxWT9ZAWOve
o01J0y7QKH/eJQgJCObHlGQjdsCM9iFMPuEBodXwDH+FpZrodgvSJ3+BhoA0IUVX
Rub5n0E/8OsuzGEU3mp6
=hll7
-END PGP SIGNATURE-

Re: [arch-general] LUKS emergency self-destruct

2014-01-13 Thread Bigby James 
On Mon, Jan 13, 2014 at 11:57:28AM +0100, Paladin wrote:
> Hi,
> does anyone know if there is plan to implement this:
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
> in Arch?
> 
> Patch https://github.com/offensive-security/cryptsetup-nuke-keys
> is not too big and IMHO it would be great to have this option..
> 
> Patch is for 1.6.1 but it cannot be that difficult to port it to
> 1.6.3 which we have.
> 
> Paladin
> 
> -- 
> ()  ascii ribbon campaign - against html e-mail 
> /\  www.asciiribbon.org   - against proprietary attachments

It's already in the AUR---was submitted the day that blog post came out, in
fact: https://aur.archlinux.org/packages/cryptsetup-nuke-keys/

Re: [arch-general] LUKS emergency self-destruct

2014-01-13 Thread Thomas Bächler 
Am 13.01.2014 11:57, schrieb Paladin:
> Patch is for 1.6.1 but it cannot be that difficult to port it to
> 1.6.3 which we have.

This feature has already been rejected by the cryptsetup authors as far
as I can see. So no, we will not keep maintaining our own cryptsetup
modification.




signature.asc
Description: OpenPGP digital signature

[arch-general] LUKS emergency self-destruct

2014-01-13 Thread Quintus Public 
Hi Paladin,

On Monday, January 13, 2014, Paladin wrote:
> Patch https://github.com/offensive-security/cryptsetup-nuke-keys
 > is not too
big and IMHO it would be great to have this option..
> Patch is for 1.6.1 but it cannot be that difficult to port it to
> 1.6.3 which we have.

This would be a suitable AUR project. You could provide a PKGBUILD which
implements this additional functionality, but *you* alone are responsible
for additional functionality which isn't maintained upstream.
If there is, in fact, demand for this feature, it would be well received on
the AUR.

It could be useful to model the vmware-patch[1] PKGBUILD, which provides a
post-installation patch to vmware. (I found this with a search and have not
tested it.)

Also, in the future, please consider not using "emergency" in the subject
line of this mailing list unless it is warranted.

Cheers,
Quint

[1]: https://aur.archlinux.org/packages/vmware-patch/

Re: [arch-general] LUKS emergency self-destruct

2014-01-13 Thread Florian Pritz 
On 13.01.2014 11:57, Paladin wrote:
> does anyone know if there is plan to implement this:
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
> in Arch?

Things like this belong to the bug tracker, not the mailing list.

Is the patch merged upstream? If no, it is highly unlikely that we will
implement it. (read as no we won't)




signature.asc
Description: OpenPGP digital signature

Re: [arch-general] LUKS emergency self-destruct

2014-01-13 Thread Allan McRae 
On 13/01/14 20:57, Paladin wrote:
> Hi,
> does anyone know if there is plan to implement this:
> http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
> in Arch?
> 
> Patch https://github.com/offensive-security/cryptsetup-nuke-keys
> is not too big and IMHO it would be great to have this option..
> 
> Patch is for 1.6.1 but it cannot be that difficult to port it to
> 1.6.3 which we have.
> 

Arch provides vanilla packages.  So no.

[arch-general] LUKS emergency self-destruct

2014-01-13 Thread Paladin 
Hi,
does anyone know if there is plan to implement this:
http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
in Arch?

Patch https://github.com/offensive-security/cryptsetup-nuke-keys
is not too big and IMHO it would be great to have this option..

Patch is for 1.6.1 but it cannot be that difficult to port it to
1.6.3 which we have.

Paladin

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments


pgpwZ6AbMybnZ.pgp
Description: PGP signature