[dm-crypt] Passphrase protected key file?

Ma Begaj derliebegott at gmail.com
Thu Jul 14 11:10:09 CEST 2011


2011/7/12 Arno Wagner <arno at wagner.name>:
> On Mon, Jul 11, 2011 at 11:17:32PM +0100, Laurence Darby wrote:
>> Hello,
>>
>> My next question, what's the best way to have a passphrase
>> protected key file?
>
> Whyever woyld you want one? If you already have a passphrase,
> use that directly. The passphrase-in-file option is
> for slaved devices and keys stored in hardware with some
> additional protection by the hardware, e.g. keys on a chipcard.
> Key storage on the device itself is actually a pretty much
> unsolved problem. The onluy way to do it with a reasonable
> level of security today is with costly HSMs (hardware
> security modules) that have things like their own power,
> extensive sensors, armoured consruction ans the like.
> Expect to pay >= 50'000 EUR/USD for one that offers
> reasonable security.
>
>> Should I encrypt it with GPG, and then do eg:
>>
>>  gpg -d ~/pass_key  | cryptsetup luksOpen --key-file - /dev/loop1 loop1
>>
>> That has the advantage of using the same passphrase I use for
>> everything else, but is there any security risk I'm not seeing?
>
> Yes, you should not reuse passphrases. If you do, of it is exposed
> in one place, everything else is exposed. That said, I do
> realize having a good passphrase and using it _carefully_ in
> several places is better than having several bad passphrases.
> Just make sure you always think about who could evasdrop before
> you enter it. For example, never use your passphrase on a
> computer not under your control. If you need to do that
> (e.e. external storage device), use a dedicated one that
> you use nowhere else.
>
>> I read
>> that encrypting something twice or with multiple ciphers is effectively
>> a new unknown cipher, potentially trivially breakable - I don't think
>> that applies here, but is there anything like that I need to watch out for?
>
> If you have _independent_ keys, it usually is as strong as the
> stronger cipher/key combination. With dependent or the same keys,
> this warning is correct. Example: Using a stream cipher twice with
> the same key gives you the plaintext as encryption result.
>
>> Alternatively, I could just do this:
>>
>> ( cat ~/pass_key ; cat ) | cryptsetup luksOpen --key-file - /dev/loop1 loop1
>>
>> so I still have to provide both the key and passphrase, terminated with
>> Ctrl-D.  Any thoughts?
>
> Yes, why do you not use the passphrase entry function of cryptsetup
> directly? Without a specific and credible risk, there is no
> reason to do anything of what you describe here...


everything you say is absolutely logical but having a key in an encrypted
file creates under some conditions a more secure environment. you could
keep a file on an usb stick:

a person will need usb stick AND password for decrypting a luks device

and

loosing usb stick is not security problem


More information about the dm-crypt mailing list