If the implementation of this is in fact a deep dark secret that only the implementers on 'that' system know, as well as the users... then this might be a possibility to protect the data at the expense of the person or persons lives on the wrong end of the large wrench.

The kind of implementation you are talking about, more than likely, would already be known to wrench-wielding miscreants. Therefore, they'd be on the look-out for attempts at giving the wrong key phrase.

From: Eric H. Christensen <sparks@fedoraproject.org>
To: security@lists.fedoraproject.org
Sent: Monday, September 30, 2013 12:52 PM
Subject: Emergency destruction of LUKS partition

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Someone asked me about this recently and I haven't had a chance to fully wrap my head around the solution but thought it was an interesting scenario.

Background:
Someone knows you have encrypted your computer using LUKS. They convince you to enter (or otherwise provide) your passphrase via the large wrench method[0].

Realcrypt method:
There is plausible deniability (if properly implemented) whereas you could provide the person with the alternate passphrase which would give them access to a portion of the encrypted partition but not your real working partition.

LUKS:
There is no way to provide plausible deniability.

Proposed solution:
LUKS provides four key slots to use for decrypting a partition. How about have one key slot that when used immediately implements a deletion of the encrypted partition (or at least the key record).

Thoughts?

[0] http://www.xkcd.org/538/

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks@fedoraproject.org - sparks@redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQGcBAEBCgAGBQJSSaw6AAoJEB/kgVGp2CYvDTAL/jeuWo8r39Apq7QA6hQKmDI9
Oe+GB5SRk99ecqmBKcapC6nGewfVajoeuNo27AG9CfmQ97ZSk6Oabvt8OibgXXc5
S64me8zy+Rqx2uu8i271P8DGbf3IFENMMtCdkPCfJWNU5ZAepGwBXCQXRJwC09jn
MWeQ9kDFmvHZE4a8bO/G6ZPkXI+Vm7BxJYsGq6f5SVcAnqWdKWSUiZPfEcAIGPzx
AFDmiR8wQpQ2e3PiHEstLYK9DHr6ALIqZxbdwwlLM/vOi7N2Xk3PobIby3KREU4b
yCh5lkp2oZKkWhGY2AYgFwm1uo7/jWSDFArcJDTtr9amU1mihrpmRPBxAzcplSFK
oj9LJeYXXnpGFRHNyr68Zp8Dp5ckhDgUVMV1m8MCgVgmyn7cIexIvib4kng/c/aE
Wo/32VXw8T/++Gszlv4AjLKjMlD4PEVWSO9saJLeQIlwEQFZYulpVkRa/6RKesYZ
NbuMocam5uk2z0BeXCXjD5A1nvh7YHnhuCjv4HizqQ==
=Tdc5
-----END PGP SIGNATURE-----
--
security mailing list
security@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security