pam_panic is an authentication module made for people who think they might get into a distressing situation where they are forced to type in or even tell the password to bad people.
The idea is to use a password or a media device at a login screen which issues a destruction of the LUKS keyslots.
There will be a little crash course on what LUKS is to be more clear how and why it works.
## pam_panic ##
[on github](https://github.com/pampanic/pam_panic)
### Purposes ###
- Make a LUKS encrypted filesystem inaccessible when in distress
### What is the idea? ###
- Have an encrypted system done by LUKS
- Have two passwords or two media devices (One of the passwords/media devices is used for regular authentication, the other one is used for issuing a destruction of the LUKS key material slots and have a reboot/shutdown)
- Ask for a password/media device before your regular user password
### Crash course: LUKS ###
- What do we need to know to get this to work?
- How does the LUKS header look like?
### Making my data inaccessible ###
- Using `cryptsetup luksErase`
### Scenarios ###
Scenarios where it can help:
- Being forced to type/tell your password
- Raids
Scenarios where it doesn't help:
- Letting them make a clone of your hard drive, then having your password/media device forced from you
## Demonstration of pam_panic ##
1. Setup
2. Show authentication password and media device
3. Show panic password/media device and show the result of inaccessibility
## Q+A ##
..if there's enough time.