Allow for a faux password that triggers luksErase
In most cases where an internal storage device is being encrypted, it is auto-mounted on startup, and one of the first things that one sees is the password prompt.
It would be a useful feature, if one could set an "emergency erasure password", which, if entered, triggers luksErase
.
EDIT: Actually, it should directly trigger: crypt_keyslot_destroy()
, since it is an emergency.
EDIT2: I see that it is already mentioned in the FAQ: 5.21 Why is there no "Nuke-Option"?, and also discussed in the mailing-list: https://marc.info/?l=dm-crypt&m=138904273622981&w=2
The general objection seems to be that there may be situations where using this feature may prove more detrimental than useful. But the user has to be the judge of that, not the software.
I do feel that this will be useful is situations where the user perceives no risk to themselves from the act of 'nuking' the header, but does gain from having a means to do so quickly (without having to completely boot it up or boot from an external USB).