flux: > I really think this feature would fit in Qubes. > > https://www.kali.org/tutorials/emergency-self-destruction-luks-kali/ > > TL;DR this patch uses one LUKS keyslot to add a password which wipes the LUKS > header, effectively making all data in the LUKS container inaccessible until > the header is restored. > > Perfect for when you're being asked for a password, especially because you > can pretend it was the examiners fault that the drive is "dead." > > You can then (hopefully) go home and redtore the LUKS header from a separate > location and go about your merry day. > > Thoughts? If no one strongly disagrees I can put it in an issue. >
I just don't really see the point. If you envision the 'examiner' being a LEO, this is likely a terrible strategy. This would almost certainly qualify as obstruction of justice and destruction of evidence. Also, it's useless in cases where the adversary already has a disk image. I can't think of a scenario where: 1) You are being coerced for your password and have no legal defense 2) The LEO is dumb enough not to make a disk image (impossible these days, except perhaps for 'routine' border searches?) 3) The consequences for destroying the evidence are less severe than the consequences for simply refusing to comply (taking into account local laws like RIPA, and confidence in your passphrase strength and secrecy) On the other hand, if you're being subjected to rubber-hose cryptanalysis by infosec amateurs, it might work to deny the adversary information access, but you're still gonna have an awfully bad time (i.e., die). It seems in this case something like TrueCrypt's hidden volumes are better: you at least stand a chance of convincing the adversary you don't have anything interesting. I actually am really curious how you envision this feature saving the day! :) Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b71fd86-23df-6912-4794-12c9a195f109%40riseup.net. For more options, visit https://groups.google.com/d/optout.
