pam_panic - A Linux authentication module for people in distress

Bandie

Playlists: '35C3-chaoswest' videos starting here / audio / related events

pam_panic is an authentication module made for people who think they might get into a distressing situation where they are forced to type in or even tell the password to bad people.
The idea is to use a password or a media device at a login screen which issues a destruction of the LUKS keyslots.
There will be a little crash course on what LUKS is to be more clear how and why it works.

## pam_panic ##
[on github](https://github.com/pampanic/pam_panic)

### Purposes ###
- Make a LUKS encrypted filesystem inaccessible when in distress

### What is the idea? ###
- Have an encrypted system done by LUKS
- Have two passwords or two media devices (One of the passwords/media devices is used for regular authentication, the other one is used for issuing a destruction of the LUKS key material slots and have a reboot/shutdown)
- Ask for a password/media device before your regular user password

### Crash course: LUKS ###
- What do we need to know to get this to work?
- How does the LUKS header look like?

### Making my data inaccessible ###
- Using `cryptsetup luksErase`

### Scenarios ###
Scenarios where it can help:

- Being forced to type/tell your password
- Raids

Scenarios where it doesn't help:

- Letting them make a clone of your hard drive, then having your password/media device forced from you

## Demonstration of pam_panic ##
1. Setup
2. Show authentication password and media device
3. Show panic password/media device and show the result of inaccessibility

## Q+A ##
..if there's enough time.

Download

Related

Embed

Share:

Tags