Kill Switch for encrypted data? Safety first.
 

Say I have a hard drive with encrypted data and someone is forcing me to give them my enc-key, is it possible to have the comp wipe the data if it receives a particular key or wrong key?

I'm just thinking in terms of complete data safety. The strength of my security comes down to my ability to resist interrogation or scientists ability to build a usable quantum computer.

I basically need to know if there is a way to build in a 'kill switch' that will securely wipe the data given a certain key.

If in doubt, wipe it out! :D

Just thinking about it, there is obviously no way you can have two encryption keys for the same encrypted data. But perhaps there is a way to get it to self destruct after a wrong key is used? I imagine that this would require a binary program such as dd to lie outside of the encrypted data which would then do the job for you. Has anyone done this?

Well, I don't see why not. My LUKS partition is unlocked with a password given by the initrd. Assuming no one looks closely at the initrd and is eager to unlock the partition, the "LUKS prompt" could actually be a prompt that either uses LUKS to unlock the partition or uses dd to wipe the partition. Seems like a dangerous thing to test, have to make a VM...

You could make it harder to detect by having an engineered cryptsetup shell modified to run the real cryptsetup (renamed something else harmless looking, or dd. Best yet would be to modify the source...

An alternative would to use "plausible deniability" with Truecrypt or steganography.

Thanks for the lead on 'plausible deniability' - it looks pretty good.

The only problem I see (and it is a huge problem) with having a decrypted program like a disguised dd command destroy the data is that anyone with brains would be using a cloned copy of the encrypted data anyway - thereby nullifying my ability to destroy the data in that manner.

Basically, unless I can somehow set up the encryption to accept a 'self-destruct' key, my method will never be worth it. I know there are some USB keys that you can buy that 'self-destruct' when you enter in a wrong key, but I think there is a physical mechanism in the hardware that does that.

I don't think it would ever come to that. But truecrypt is the most plausible option.

I was thinking to make a program to do it or a special login account, but they wouldn't be so stupid as to not analyze the archive before even starting the interrogation, or confiscate the HDD and use forensics on it right away to grab everything thus bypassing programs or special logins.

Truecrypt is the way to go.

Like you said-- the problem with a 'self-destruct' mechanism for the encrypted data is the same no matter what unless there is a physical component-- no competent security person is going to be working on a live copy of the data. Even if there is a physical component whats to stop the from removing the storage medium from the device and duplicating the data? They're going to be working on a copy even in the case of physical methods... so they enter the 'destruct' key into the copy and it destructs, now they come back and using your example of resisting torture, start breaking your fingers one joint at a time. How long till you give them the real key?

In the end, security is only as good as the weakest link. You are the weakest link in that example.

rweaver, good points.

I guess the 'best' method is to be able to physically burn my HDDs before anyone gets to them.

The best method is to use a powerful electromagnet on the drive.

http://4crito.com/msgbrd/pics/30secwipe.jpg
And it's a lot faster than dd'ing a terabyte too. You should be able to finish wiping everything before the Gestapo even gets through the front door. Rotweillers and Pit Bulls help also. :p

You could hide a huge electromagnet in your door frame, and thus if anybody tried to removed your drive, they would fry it. Maybe put a hidden switch somewhere...

Lol, thanks guys. Good points....

Perhaps even putting your HDD in a microwave would work?

I've done some more research and it appears that trying to run a big electromagnet over it will not do the job well enough.

Even the commercial products are all limited in their ability to fully wipe a hard drive (read an NSA brief on it).

It would take an incredibly massive magnet with properly randomised fielding to securely kill a HDD.

On the other hand, it seems that a neat method is to put a brick of thermite over your HDD and have a little mechanism to set it off. Apparently a thin layer of nitro with a ribbon of magnesium is an effective way to light the thermite.

Here is a good thread on the topic: http://www.roguesci.org/theforum/showthread.php?t=4355

Your research is bad and the NSA lies.

Unless, of course, the little electromagnetic drive head doesn't actually do anything. But who ya gonna believe? Your eyes? Your brain? The guys who make hard drives? Or the government? LOL

And fire won't destroy a hard drive. It's a good idea for optical media, however.