Hacker News new | past | comments | ask | show | jobs | submit login

It turns out that this has already been made before.

https://github.com/defuse/swatd




Using dm-crypt/LUKS, there's a very fast and total wipe to execute when sensors fail.

Let's assume that /dev/sdb1 is the LUKS volume. First backup the LUKS header: "cryptsetup -v luksHeaderBackup --header-backup-file=/tmp/LUKS-header /dev/sdb1". Then encrypt (gpg -c) the LUKS-header, and anonymously stash a few copies online. This is the weak point. You must remember where at least one of them is, and also remember the passphrase.

When sensors fail, swatd runs "head -c 1052672 /dev/urandom > /dev/sdb1; sync; shutdown -P now".

To recover, you would just boot into initramfs, restore the LUKS header, and reboot.


'shutdown -P now' is slow, maybe 'echo b > /proc/sysrq-trigger' is more effective. Trick is knowing when that sync is "really" done.


How about "head -c 1052672 /dev/urandom > /dev/sdb1; xinput set-int-prop 2 "Device Enabled" 8 0; xset dpms force off; xscreensaver-command --lock; sync; echo o > /proc/sysrq-trigger"? That way, the keyboard and display would be gone while sync was completing. Also, does rebooting protect better against reading RAM than shutting down?


This works well, and is very fast:

head -c 1052672 /dev/urandom > /dev/sdb1; xinput --disable 9; xinput --disable 10; xset dpms force off; sync; echo o > /proc/sysrq-trigger




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: