[dm-crypt] Passphrase protected key file?
arno at wagner.name
Tue Jul 12 14:47:17 CEST 2011
On Mon, Jul 11, 2011 at 11:17:32PM +0100, Laurence Darby wrote:
> My next question, what's the best way to have a passphrase
> protected key file?
Whyever woyld you want one? If you already have a passphrase,
use that directly. The passphrase-in-file option is
for slaved devices and keys stored in hardware with some
additional protection by the hardware, e.g. keys on a chipcard.
Key storage on the device itself is actually a pretty much
unsolved problem. The onluy way to do it with a reasonable
level of security today is with costly HSMs (hardware
security modules) that have things like their own power,
extensive sensors, armoured consruction ans the like.
Expect to pay >= 50'000 EUR/USD for one that offers
> Should I encrypt it with GPG, and then do eg:
> gpg -d ~/pass_key | cryptsetup luksOpen --key-file - /dev/loop1 loop1
> That has the advantage of using the same passphrase I use for
> everything else, but is there any security risk I'm not seeing?
Yes, you should not reuse passphrases. If you do, of it is exposed
in one place, everything else is exposed. That said, I do
realize having a good passphrase and using it _carefully_ in
several places is better than having several bad passphrases.
Just make sure you always think about who could evasdrop before
you enter it. For example, never use your passphrase on a
computer not under your control. If you need to do that
(e.e. external storage device), use a dedicated one that
you use nowhere else.
> I read
> that encrypting something twice or with multiple ciphers is effectively
> a new unknown cipher, potentially trivially breakable - I don't think
> that applies here, but is there anything like that I need to watch out for?
If you have _independent_ keys, it usually is as strong as the
stronger cipher/key combination. With dependent or the same keys,
this warning is correct. Example: Using a stream cipher twice with
the same key gives you the plaintext as encryption result.
> Alternatively, I could just do this:
> ( cat ~/pass_key ; cat ) | cryptsetup luksOpen --key-file - /dev/loop1 loop1
> so I still have to provide both the key and passphrase, terminated with
> Ctrl-D. Any thoughts?
Yes, why do you not use the passphrase entry function of cryptsetup
directly? Without a specific and credible risk, there is no
reason to do anything of what you describe here...
I would suggest you read up a bit more on cryptography.
"Cryptography Engineering" by Schneier et al. is a good book for
example, to get a good understanding of cryto technology
You are at the moment in this dangerous "half-knowledge" state,
were you see some risks and overamplify them, while you completely
miss others. It is normal to go through this stage, but make sure
you leave it behind.
Cryptography is risk management support technology. It is not
something that needs to be done perfectly, only appropriately
for the risks identified. The risks are sometimes pretty
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt