[mdlug] Password of DEATH
Michael Mol
mikemol at gmail.com
Tue Jun 5 12:11:09 EDT 2012
On Tue, Jun 5, 2012 at 11:56 AM, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> On Tue, 2012-06-05 at 01:21 -0400, Garry Stahl wrote:
>> OK, the gob'ment has sezied yoir laptop and is holding you hostage for
>> the password. Now you don't have anthung on there really. (I don't)
>> Nothing critical or irreplacalbe, but dammit, it's none of their business.
>> Suggestion, a second password that if entered goes nuclear on the hard
>> drive deleting the thing wholesale without further action. Better yet
>> it boots to a croot jail screen while deleting eveything in the Home
>> partition (You do have a separate home partition, right)
>> Is this doable with ah average Linux distro?
>
> Yes, trivially.
>
> And it would probably be prosecuted as obstruction of justice; the
> concept of spoilation almost certainly applies.
>
> In short - THIS WOULD BE A VERY *VERY* **STUPID** THING TO DO.
Commanded, almost assuredly. As a passive, automated process? I'm not
sure; it'd probably have to be tested in court.
I wonder if you could apply some kind of 'dead man switch' encryption
system for data which must remain particularly secure. I.e. have a
bluetooth or wifi device that must be visible to the laptop without
lapse (or without lapses exceeding a certain number of seconds). If
the laptop times out while waiting to hear from the dead man switch,
it starts erasing data, or issues a command to the hard drive to do a
low-level format or fast scramble.
That kind of thing would have particular value in scenarios demanding
high data security where you'd rather the courier's copy of the data
were destroyed; authorized copies are cheap. A DoS attack (such as a
2.4GHz ISM band scrambler) would result in destroyed data, but that's
preferable to copied data.
As a way to speed up the process, you could reserve 1-2MB of the hard
disk to store a huge key which is used for encrypting the rest of the
data, and you need only worry about erasing that 1-2MB of data to make
the rest indistinguishable from noise.
--
:wq
More information about the mdlug
mailing list