[dm-crypt] Encrypt all partitions with dm-crypt

Milan Broz gmazyland at gmail.com
Fri Aug 24 16:01:11 CEST 2012


On 08/23/2012 09:34 PM, Arno Wagner wrote:
>> Well, you can have detached LUKS header on USB flash disk (optionally
>> with the whole boot partition) for example.
> 
> That is not really a good idea. LUKS on Flash/SSD may not work 
> as intended. I just added an entry for that to the FAQ (5.17). 
> For some scenarios, plain dm-cryp is just the way to go.
> Of course, it requires some understanding, e.g. a high-entropy
> passphrase is a must.

(Where do you want to store that high-entropy passphrase?
I guess most of people will use... USB disk?)

Well, I think it is not that simple. You MUST HAVE high-entropy
passphrase in plain dmcrypt because encryption key is directly
computed (hash) from it.

Too easy for people to do this step wrong, which causes worse problems
than flash disk problems.
(Moreover, strandards like FIPS140 explicitly forbids any encryption key
derived directly from passphrases.)

LUKS uses kernel RNG to generate encryption key, always.

There is currently a lot of effort to ensure that /dev/urandom
cannot produce weak data even in extreme situations.

One problem is safe manipulation with keyslot on device, the second is separation
of metadata information (LUKS keyslots in this case) from data device.

(Dictionary attack is not possible for LUKS device if header is not available,
but it is possible for plain dm-crypt with weak passphrase.)

I have several notes to this disk/flash/SSD and will post it as separate mail...

But anyway, it all depends on threat model.

If it is only about securing data when laptop is stolen, no problem to
use SSD or flash disks. This should be mentioned IMHO because it is
most common use case.

Milan


More information about the dm-crypt mailing list