[dm-crypt] yet another "lost my partition" message

Arno Wagner arno at wagner.name
Fri Apr 15 18:27:13 CEST 2011


On Fri, Apr 15, 2011 at 04:21:29PM +0200, Cristian KLEIN wrote:
> On 15/04/2011 16:15, Roscoe wrote:
> > On Fri, Apr 15, 2011 at 11:52 PM, Cristian KLEIN <cristiklein at gmail.com> wrote:
> > ...
> >> A posteriori, I cannot help wonder why such pretious information isn't
> >> kept redundantly. Surely LUKS could have stored the header in 10 random
> >> sectors with an easy-to-grep "HERE I AM" banner. Wouldn't this allow
> >> users to recover the master-key (and part of the file-system) without
> >> compromising security?
> > ...
> > 
> > It's supposed to be fragile and easily destroyed, this is by design.
> 
> I think users expect it to be *secure*, i.e., if a laptop gets stolen in
> an airport, the user has no worries. I'm not sure users appreciate
> "fragile". Personally, this is not what I expect from full-disk encryption.

It is not fragile. It is designed to be fast to destroy.

It also is not "full-disk encrypton", it is partition encryption. 
The anti-forensic features require some way to destroy 
data fast and reliable. And a luksFormat will allways wipe the 
headers, no mater how you safeguard them, unless you want to store 
a backlog of old headers and anti-forensic stripes (10-20MB per 
instance) on the filesystem? With all the very serious negative 
security implicatins that has?

Cryptsetup also has adequate safeguards against accidentally
luksFormat-ing your headers and the documentation rather
strongly advises header and data backup.

The mess-up here is by Ubuntu, not cryptsetup. You are
welcome to post here of course and you are welcome to 
argue design mistakes in cryptsetup, we may have 
overlooked something after all. Currently I do not see
that.

> > Accidently running cryptsetup luksFormat is unfortunate, as is running
> > mkfs or dd on the wrong device. Good thing for backups.
> 
> Still, mkfs and dd give you a second chance (see testdisk and friends).
> Why not luksFormat?

Because it cannot without making the design a lot worse. It does
adequately warn you however. The Ubuntu people chose to hide
that warning for whatever reasons. I think I am starting to 
get angry at them....

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list