A recent video from CCC, at ChaosWest, talk 35C3 called “pam_panic – A Linux authentication module for people in distress” sparked my interest enough to pop this into a quick blog post,
If you’re being raided, in distress or under duress and you’ve pre-configured your system with a LUKs encrypted drive, then this is a fantastic solution which will allow you to either have 2 separate passwords, or 2 different USB keys – one that will unlock the machine, and one that will securely wipe the LUKS header, thus rendering the data on the drive drive practically useless and unreadable.
You can watch the full talk below, or grab the source from GitHub here (pam_panic github),
The talk isn’t very clear, but he shows a good usage example and explains the basic configuration, install doc
As always, other security options should always be deployed even if you’re machine doesn’t have anything deemed ‘important’ on it, stay secure.