Developers mull adding data nuke to Kali Linux

Security experts using Kali Linux may soon have a last resort to destroy their encrypted data by typing in a special passphrase that will wipe the keys.
Written by Michael Lee, Contributor

The developers behind penetration testing and security auditing suite Kali Linux are considering creating a "nuke" password that would allow information security professionals to render data unreadable if needed.

Kali Linux is an open-source operating system based on the popular BackTrack Linux suite, but backed and funded by Offensive Security. It can be set up to use full-disk encryption using a combination of Logical Volume Management (LVM) and Linux Unified Key Setup (LUKS).

When creating an encrypted LUKS container, a master key is generated at random. A passphrase is then used to encrypt the master key in turn.

This process means that the passphrase is not directly coupled to the data. That is, if two sets of identical data are encrypted and the same passphrase used, the master keys remain unique to each set and cannot be swapped out.

What this also means, however, is that regardless of the passphrase used, if the master key is lost, recovering data is impossible. This process conveniently lends itself to being used as a nuke by deliberately wiping the keys.

Offensive Security founder and Kali Linux lead developer Mati Aharoni is currently testing a modification to the operating system that will effectively nuke the master keys if a specific passphrase is used. It is based on a patch developed by Juergen Pabel in 2008.

"On any subsequent reboots, you will be asked for the LUKS decryption password each time as usual. If, for whatever reason, you were to enter the nuke password, the saved keys would be purged, rendering the data inaccessible," Aharoni wrote on the blog for the operating system.

Although confirmed as working, the base images for Kali do not yet include the new feature, as the community is still being polled for whether the nuke feature should be added.

While this would provide an easy method of destroying keys in an emergency, such a feature would not defend against an attacker that had the foresight to create a disk image before attempting to enter the password. It could also leave victims in rather precarious circumstances should an attacker decide to use rubber hose cryptanalysis.

Editorial standards