Kali Linux introduces an “emergency” password leading to full disk encryption
Kali Linux introduces an “emergency” password leading to full disk encryption
During the last update, The Offensive Security Developer Team announced in Kali Linux [1] new feature "Emergency self-destruction of LUKS [2] "Designed to encrypt the entire disk using the
If you use an encrypted partition with LVM or LUKS in Kali Linux, then you need to enter a password every time the OS boots - this will decrypt your disk. Those. if your laptop is stolen - you can not worry about the safety of data.
Now you can use a password-destroyer, the input of which will lead to the destruction, and not decryption of data from your disk during system boot.
In an emergency, entering the destroyer password will result in the removal of all encryption keys, which will lead to complete loss of access to the data.
No doubt, I, like almost 3,000 more people, voted for the introduction of such a feature, because I consider it very popular among hackers and computer security specialists using Kali Linux.
Law enforcement agencies are silent about their work. The same NSA or FBI may at any time ask you for a password. Of course, you can refuse, but the employee may get you later, detain you, refuse to enter the country, or annoy you in some other way.
In today's reality, disk encryption or, at least, blocking a hard disk with a password seems just necessary. Given the fact that there are quite a few utilities for disk encryption, including free ones - BitLocker, PGPDisk, FileVault, TrueCrypt, and dm-crypt (LUKS).
1. ↑ Kali Linux is a Debian-based open source operating system designed for pentesting and hacking; includes the corresponding specialized set of utilities.
2. ↑ LUKS (The Linux Unified Key Setup) is a disk encryption specification that defines a platform-independent standard for use in various tools. The Linux implementation of LUKS is based on the advanced version of cryptsetup, using dm-crypt as a computer for disk encryption.
A little background
Today, full data encryption is the most “secure” storage method. Just think about what information is stored on your computer. Seal photos, passwords, your email. In the end - working papers containing financial and commercial secrets.
')
What to say about those people who work in the field of security - their computers are crammed with confidential information relating to their work, source codes, research results.
Now think about it - what if your laptop is stolen or selected by the security service of any airport? I will describe one situation.
Some time ago in the news feeds you might have noticed the name of Glenn Greenwald - an employee of the Guardian, the author of a series of articles published in July 2013, exposing the NSA thanks to documents provided by Edward Snowden.
In August 2013, one of Glenn’s colleagues was returning from a trip to Berlin when he was stopped by airport security officers. Appealing to the Terrorism Act 2000, he was kept for 9 hours, and at the same time they selected all electronic devices, including a mobile phone, laptop, camera, memory cards, DVDs, and even a gaming console!
In such a situation, the person concerned can either steal your data or install spyware without your knowledge. And just here full disk encryption can help you keep your data confidential.
')
What to say about those people who work in the field of security - their computers are crammed with confidential information relating to their work, source codes, research results.
Now think about it - what if your laptop is stolen or selected by the security service of any airport? I will describe one situation.
Some time ago in the news feeds you might have noticed the name of Glenn Greenwald - an employee of the Guardian, the author of a series of articles published in July 2013, exposing the NSA thanks to documents provided by Edward Snowden.
In August 2013, one of Glenn’s colleagues was returning from a trip to Berlin when he was stopped by airport security officers. Appealing to the Terrorism Act 2000, he was kept for 9 hours, and at the same time they selected all electronic devices, including a mobile phone, laptop, camera, memory cards, DVDs, and even a gaming console!
In such a situation, the person concerned can either steal your data or install spyware without your knowledge. And just here full disk encryption can help you keep your data confidential.
During the last update, The Offensive Security Developer Team announced in Kali Linux [1] new feature "Emergency self-destruction of LUKS [2] "Designed to encrypt the entire disk using the
cryptsetup utility.If you use an encrypted partition with LVM or LUKS in Kali Linux, then you need to enter a password every time the OS boots - this will decrypt your disk. Those. if your laptop is stolen - you can not worry about the safety of data.
Now you can use a password-destroyer, the input of which will lead to the destruction, and not decryption of data from your disk during system boot.
In an emergency, entering the destroyer password will result in the removal of all encryption keys, which will lead to complete loss of access to the data.
No doubt, I, like almost 3,000 more people, voted for the introduction of such a feature, because I consider it very popular among hackers and computer security specialists using Kali Linux.
Law enforcement agencies are silent about their work. The same NSA or FBI may at any time ask you for a password. Of course, you can refuse, but the employee may get you later, detain you, refuse to enter the country, or annoy you in some other way.
In today's reality, disk encryption or, at least, blocking a hard disk with a password seems just necessary. Given the fact that there are quite a few utilities for disk encryption, including free ones - BitLocker, PGPDisk, FileVault, TrueCrypt, and dm-crypt (LUKS).
1. ↑ Kali Linux is a Debian-based open source operating system designed for pentesting and hacking; includes the corresponding specialized set of utilities.
2. ↑ LUKS (The Linux Unified Key Setup) is a disk encryption specification that defines a platform-independent standard for use in various tools. The Linux implementation of LUKS is based on the advanced version of cryptsetup, using dm-crypt as a computer for disk encryption.
Source: https://habr.com/ru/post/208468/
All Articles