[dm-crypt] Remote authentication?
jonas at freesources.org
Mon Sep 21 16:10:27 CEST 2009
On 21/09/2009 Niall Murphy wrote:
> ----- Jonas Meurer <jonas at freesources.org> wrote:
> > it depends on whether you want to encrypt the whole system, including
> > root filesystem, or if encrypting the data partitions is enough.
> > for the latter case you can ssh-login into the machine after boot,
> > unlock the encrypted data partitions and start services manually.
> > in case that the root partition should be encrypted, you'll need to
> > start a minimal ssh daemon in the initramfs in order to login remotely
> > and unlock the root partition before the root filesystem is mounted.
> > the debian cryptsetup package supports remote unlocking of the root
> > partition with the help of a dropbear ssh server inside the initramfs.
> > see README.remote for more information:
> > http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk/debian/README.remote
> > please note that this information is specific to the debian and ubuntu
> > distributions. it doesn't apply if you use any other linux distribution.
> Thanks Jonas,
> That sounds ideal. However, i came across this so have some reservations.
> It lists two types of attack to this approach:
> (1) ColdBoot Attack by reading the crypto password from the ram blocks
> (not much you can't do against that without special hardware, see
this attack is possible against all kinds of disk encrpyption and in no
way related to remote disk encryption.
> (2) The created initrd can be manipulated so that it logs the crypto
> password somewhere. As /boot is not encrypted an attacker may gain
> this way the password for the LUKS-devices. You could, to prevent
> that, make a bootable cd with the according kernels and initrds and
> implement some kind of hash check... maybe there are other methods...
> feedback is welcomed here.
yes, unencrypted boot partition is a security issue, but then an
attacker as well can modify the kernel. attackers don't even have
to modify software, they could install additional hardware like
keyloggers as well.
in general you can only trust your system if you've physical
control over it.
this again is not related/limited to remote disk encryption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: Digital signature
More information about the dm-crypt