Cryptsetup Nuke Keys Patch #921
Labels
C: other
cryptography
This issue pertains to cryptography.
help wanted
This issue will probably not get done in a timely fashion without help from community contributors.
P: major
Priority: major. Between "default" and "critical" in severity.
security
This issue pertains to the security of Qubes OS.
Comments
marmarek
added
enhancement
C: other
P: major
|
Modified by marmarek on 11 Nov 2014 02:44 UTC |
|
Comment by John on 2 Dec 2014 05:53 UTC https://github.com/mbroz/cryptsetup/blob/master/FAQ In short: it fails to increase security to any significant degree. |
andrewdavidwong
added
the
help wanted
|
Recent discussion about the usefulness of this feature: |
|
Older thread on the same topic: |
|
To be effective, this needs to either:
Otherwise it must be assemed that the key can be recovered (at significant expense) by someone with specialized tools and prolonged physical access. |
andrewdavidwong
added
cryptography
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported by anonymous on 9 Nov 2014 21:03 UTC
Feature Request: Cryptsetup Nuke Keys Patch
Upstream Provider: Kali Linux
Kali Linux webpage: kali.org
Nuke Keys Git Repo: https://github.com/offensive-security/cryptsetup-nuke-keys
Arch Linux AUR package: https://aur.archlinux.org/packages/cryptsetup-nuke-keys/
Where: dom0
Purpose: Allows user to erase keyslots using an alternate "nuke" password.
Easier than other erasure methods.
Does not require input of decryption password.
Resistant to user error via overwriting non-keyslot data using alternate erasure methods.
How: User chooses a 'nuke' passphrase.
Upon using nuke passphrase, all keyslots are wiped, rendering drive unusable.
Keyslots can be restored later using keyslot backups.
Note: May require modification from original files to work.
Migrated-From: https://wiki.qubes-os.org/ticket/921
The text was updated successfully, but these errors were encountered: