{"guid":"b4850756-d05b-5689-818b-b4b3b233244e","title":"pam_panic - A Linux authentication module for people in distress","subtitle":null,"slug":"35c3chaoswest-26-pampanic-a-linux-authentication-module-for-people-in-distress","link":"https://fahrplan.chaos-west.de/35c3chaoswest/talk/NBCWSE","description":"pam_panic is an authentication module made for people who think they might get into a distressing situation where they are forced to type in or even tell the password to bad people.\nThe idea is to use a password or a media device at a login screen which issues a destruction of the LUKS keyslots.\nThere will be a little crash course on what LUKS is to be more clear how and why it works.\n\n## pam_panic ##\n[on github](https://github.com/pampanic/pam_panic)\n\n### Purposes ###\n- Make a LUKS encrypted filesystem inaccessible when in distress\n\n\n### What is the idea? ###\n- Have an encrypted system done by LUKS\n- Have two passwords or two media devices (One of the passwords/media devices is used for regular authentication, the other one is used for issuing a destruction of the LUKS key material slots and have a reboot/shutdown)\n- Ask for a password/media device before your regular user password\n\n\n### Crash course: LUKS ###\n- What do we need to know to get this to work?\n- How does the LUKS header look like?\n\n### Making my data inaccessible ###\n- Using `cryptsetup luksErase` \n\n### Scenarios ###\nScenarios where it can help:\n\n- Being forced to type/tell your password\n- Raids\n\n\nScenarios where it doesn't help:\n\n- Letting them make a clone of your hard drive, then having your password/media device forced from you\n\n\n## Demonstration of pam_panic ##\n1. Setup\n2. Show authentication password and media device\n3. Show panic password/media device and show the result of inaccessibility\n\n## Q+A ##\n..if there's enough time.","original_language":"eng","persons":["Bandie"],"tags":["35c3-chaoswest","26"],"view_count":616,"promoted":false,"date":"2018-12-29T00:00:00.000+01:00","release_date":"2018-12-29T01:00:00.000+01:00","updated_at":"2026-03-11T16:15:08.047+01:00","length":1182,"duration":1182,"thumb_url":"https://static.media.ccc.de/media/congress/35C3-chaoswest/26-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/35C3-chaoswest/26-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/35C3-chaoswest/26-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/35C3-chaoswest/26-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/35c3chaoswest-26-pampanic-a-linux-authentication-module-for-people-in-distress","url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_title":"ChaosWest @ 35c3","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest","related":[{"event_id":6411,"event_guid":"42650545-4394-4455-a5f5-9efad111fedc","weight":7},{"event_id":6439,"event_guid":"ab8ff127-534d-5893-b807-a31188930798","weight":30},{"event_id":6440,"event_guid":"899041a1-b437-59aa-b752-03212d7d3c05","weight":30},{"event_id":6441,"event_guid":"5e68df49-aed6-535b-b7e3-094f66b11c12","weight":31},{"event_id":6447,"event_guid":"1cc2086d-bfd7-53fd-8ae2-25efc204bcdf","weight":35},{"event_id":6453,"event_guid":"bf490104-3595-5d88-a4b1-f39899e768f7","weight":31},{"event_id":6454,"event_guid":"2963ebe9-6499-5d17-9f2f-0c3f31db5738","weight":28},{"event_id":6459,"event_guid":"41e36295-68d2-5c2b-add5-d6b6b58df605","weight":7},{"event_id":6460,"event_guid":"a8605e7e-438f-5fb2-9b16-a054469fba8e","weight":23},{"event_id":6461,"event_guid":"f42631ca-d3ec-5baf-8642-85c0b1cadc89","weight":51},{"event_id":6469,"event_guid":"2cc78749-a8c0-5c48-83ac-ec0c40c1b41d","weight":42},{"event_id":6477,"event_guid":"c85de43e-107e-4247-b550-946f376e2ec4","weight":7},{"event_id":6483,"event_guid":"b873392d-f0e7-50ee-a918-770f104efeae","weight":6},{"event_id":6484,"event_guid":"600ea8de-65d9-540d-abb1-a4f956e6143f","weight":39},{"event_id":6486,"event_guid":"7ebee226-66bc-558f-b76f-435a8ce91543","weight":31},{"event_id":6499,"event_guid":"a750228d-a37d-43c0-8e2f-d46137a991dc","weight":7},{"event_id":6505,"event_guid":"c22707f5-d850-5827-9334-c48446f69fd2","weight":26},{"event_id":6510,"event_guid":"5b7a598e-95a6-58fa-b390-96a66a1cd7b5","weight":40},{"event_id":6539,"event_guid":"0cd6c4d6-5260-53d1-8abe-111907e394a6","weight":36},{"event_id":6540,"event_guid":"0a1a58a4-7700-502b-b8f2-405f3e42c1bc","weight":24},{"event_id":6555,"event_guid":"208a0d4d-bd15-5795-82aa-563e270001d5","weight":26},{"event_id":6556,"event_guid":"09ebfa89-8334-5cd8-86e3-c4b6041aa524","weight":26},{"event_id":6588,"event_guid":"f106b309-ffa8-5800-b9bf-00acb573e48c","weight":31},{"event_id":6600,"event_guid":"68619725-72ae-5645-8b6c-8e645e5d9c47","weight":25},{"event_id":6603,"event_guid":"ea00d1e0-a580-415f-a8cf-f02883d939dc","weight":9}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-26T19:46:35.926+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/DRAFT_35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/51454","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":218,"length":1182,"mime_type":"video/mp4","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T17:49:37.902+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/h264-hd/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_hd.mp4","url":"https://api.media.ccc.de/public/recordings/31824","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":88,"length":1182,"mime_type":"video/webm","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-29T19:39:37.885+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/webm-sd/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/31890","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":276,"length":1182,"mime_type":"video/webm","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T19:40:14.879+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/webm-hd/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/31891","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":17,"length":1164,"mime_type":"audio/mpeg","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T19:40:35.112+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/mp3/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/31892","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":11,"length":1164,"mime_type":"audio/opus","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T19:41:04.706+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/opus/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_opus.opus","url":"https://api.media.ccc.de/public/recordings/31893","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"},{"size":56,"length":1182,"mime_type":"video/mp4","language":"eng","filename":"35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-29T19:41:36.427+01:00","recording_url":"https://cdn.media.ccc.de/congress/35C3-chaoswest/h264-sd/35c3-chaoswest-26-eng-pam_panic_-_A_Linux_authentication_module_for_people_in_distress_sd.mp4","url":"https://api.media.ccc.de/public/recordings/31894","event_url":"https://api.media.ccc.de/public/events/b4850756-d05b-5689-818b-b4b3b233244e","conference_url":"https://api.media.ccc.de/public/conferences/35C3-chaoswest"}]}