Difference between revisions of "Security packages"

From YobiWiki
Jump to navigation Jump to search
(Created page with "Here is a list of security-related packages available in Debian-alike distros. <br>My setup is made of a basis of LMDE with Debian and [[K...")
 
m
Line 1: Line 1:
 
Here is a list of security-related packages available in Debian-alike distros.
 
Here is a list of security-related packages available in Debian-alike distros.
 
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories.
 
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories.
  +
==LUKS Nuke==
  +
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
  +
* http://www.kali.org/how-to/nuke-kali-linux-luks/
  +
* http://lxer.com/module/newswire/view/103692/index.html :
  +
''The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0). ''
  +
cryptsetup luksAddNuke <device>
  +
''It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.''
  +
<br>''The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.''
  +
  +
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
  +
If initrd was not rebuilt in the process:
  +
dpkg-reconfigure cryptsetup
  +
  +
cryptsetup luksAddNuke /dev/sda1
  +
Better to pin it:
  +
<br>Add to /etc/apt/preferences.d/kali-package-repositories.pref
  +
Package: /cryptsetup/
  +
Pin: release n=kali
  +
Pin-Priority: 990

Revision as of 21:04, 3 April 2014

Here is a list of security-related packages available in Debian-alike distros.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.

LUKS Nuke

The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).

 cryptsetup luksAddNuke <device>

It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.

apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali

If initrd was not rebuilt in the process:

dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1

Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref

Package: /cryptsetup/
Pin: release n=kali
Pin-Priority: 990