back

pam_panic - A Linux authentication module for people in distress

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:19:43
Language
English
Abstract
pam_panic is an authentication module made for people who think they might get into a distressing situation where they are forced to type in or even tell the password to bad people.
The idea is to use a password or a media device at a login screen which issues a destruction of the LUKS keyslots.
There will be a little crash course on what LUKS is to be more clear how and why it works.

## pam_panic ##
[on github](https://github.com/pampanic/pam_panic)

### Purposes ###
- Make a LUKS encrypted filesystem inaccessible when in distress


### What is the idea? ###
- Have an encrypted system done by LUKS
- Have two passwords or two media devices (One of the passwords/media devices is used for regular authentication, the other one is used for issuing a destruction of the LUKS key material slots and have a reboot/shutdown)
- Ask for a password/media device before your regular user password


### Crash course: LUKS ###
- What do we need to know to get this to work?
- How does the LUKS header look like?

### Making my data inaccessible ###
- Using `cryptsetup luksErase`

### Scenarios ###
Scenarios where it can help:

- Being forced to type/tell your password
- Raids


Scenarios where it doesn't help:

- Letting them make a clone of your hard drive, then having your password/media device forced from you


## Demonstration of pam_panic ##
1. Setup
2. Show authentication password and media device
3. Show panic password/media device and show the result of inaccessibility

## Q+A ##
..if there's enough time.

Talk ID
35c3CW-26
Event:
35c3-chaoswest
Day
3
Room
Chaos West Bühne
Start
11:30 a.m.
Duration
00:20:00
Track
None
Type of
Einfacher Slot mit optionalen Q+A
Speaker
Bandie
Talk Slug & media link
35c3chaoswest-26-pampanic-a-linux-authentication-module-for-people-in-distress
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 8 months ago