[dm-crypt] Passphrase protected key file?

Heiko Rosemann heiko.rosemann at web.de
Thu Jul 14 23:21:28 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2011 09:27 PM, Arno Wagner wrote:
> On Thu, Jul 14, 2011 at 04:12:45PM +0200, Heiko Rosemann wrote:
>> On 07/14/2011 03:35 PM, Arno Wagner wrote:
>>> Indeed. But are there any realistic scenarios where
>>> 
>>> a) a passphrase is signifiacntly less secure than an encrypted 
>>> passphrase stored on USB with a second pasphrase to decrypt that
>>> 
>>> and
>>> 
>>> b) the attacker does not have the possibility to patch 
>>> GnuPG/cryptup/other things that make the second passphrase just
>>> as weak as the first one?
>>> 
>>> My claim is that a realistic risk analysis will show there are
>>> no such scenarios that are typical and hence having an encrypted 
>>> passphrase on an USB stick does not offer improved security.
>> 
>> Improved security over which other setup?
>> 
>> a) Unencrypted passphrase stored on a USB key. Here the second 
>> encryption step will probably give additional security in case the
>> user looses the USB key.
> 
> And the default situation does not have an USB key. So a net security
> loss.
> 
>> b) Directly entering passphrase without the need of a USB key. Here
>> we have a typical risk of users using the same passphrase for
>> different things or even of writing it down (on a post-it note on
>> the screen or keyboard...). If we depend upon a USB stick with the
>> real passphrase (encrypted by the one on the post-it note) being
>> present at boot the attacker won't be able to utilize that
>> passphrase.
> 
> If we have stupid users, they will just tape the USB key to the 
> monitor besides the post-it. Or put it on a pice of string. Then
> passphrase reuse will have the original risks, no improvement by USB
> key usage.
> 
> If they are not stupid, they will have different passphrases and not
> post-it to the screen.

True up to that point where remembering a great number of different good
passphrases becomes impossible.

>> If we move kernel+initrd+cryptsetup to the USB stick and boot the 
>> machine from USB, we can even encrypt the entire harddisk, thus
>> even someone with physical access to the machine cannot patch
>> cryptsetup/gnupg.
> 
> Leaveing the scenario there. In this scenario we can use the 
> conventional passphrase input mechnism without any loss of security.
> no need for an encrypted passphrase on the USB key.

If the LUKS-drive gets lost or stolen together with (knowledge about)
the conventional passphrase (i.e. a laptop with a passphrase-post-it)
the thief will still need to steal the USB key as well, if there is an
encrypted passphrase on it. I'm not sure about others, but I tend to
carry my USB keys in my pocket or on my keychain, not in my laptop case.

>> P.S: Thinking of law enforcement as the attacker (guess that is not
>> that a great risk for most of us), it is possible to destroy all
>> access to your data by destroying all the USB keys with the
>> encrypted passphrase on them - and then you can even tell them your
>> passphrase...
> 
> You an do that with LUKS, just overwrite the slots you are using with
> random passphrases. The question is what is easier. My guess would be
> that fast destruction of USB keys is not that easy.

It depends :)

The main advantage I see about the USB key option is that the USB key
does not have to be in the same room as the encrypted device. I.e. the
FBI could come to your home while you are away and take away your
computer and when you arrive you notice something is wrong and have the
time to destroy the USB key (I'm thinking of some physical way here like
burning it on a barbeque, cooking it in solder, cutting the chips apart
with a micro-drill...) and can then openly tell a court that you don't
have any access to your data anymore.

Or you notice your harddrive has been stolen and then you can delete the
key without any remaining worries about possible social engineering to
get your passphrase. Or the police knock on your door at night and you
flush the USB key down the toilet (matter of seconds) instead of booting
up your PC and overwriting all key slots (matter of minutes, police
kicking in your door in the meantime)

Might be I've been watching too many bad hacker movies to do good risk
evaluation ;)

> Not wanting to be obstinate here (but I have a lot experience with
> risk evaluation), the main risk I see is that the USB-key scheme is
> more complex and exposes you to a higher risk of data loss as a
> consequence. I still do not see any advantage to having a separetely
> encrypted passphrase in a disk file.
> 
> I do see advantages to the kernel+initrd+cryptsetup on USB option.
> That would indeed help against some attacks.

It can also - to a very casual attacker - hide the encrypted area by
booting a different OS from the harddrive when there is no USB key
attached. Or if you are very, very, very sure never to forget to plug in
the correct USB key, you could automatically wipe the LUKS key slots
when the machine is booted without the USB key.

Regards, Heiko
- -- 
eMails verschlüsseln mit PGP - privacy is your right!
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4fXdgACgkQ/Vb5NagElAVaAQCfSd6bn4VbuOzL8FZywdEExTUj
gEgAnRf1IMz932/i0MjdbzEDPYJdK/UP
=W+uF
-----END PGP SIGNATURE-----



More information about the dm-crypt mailing list