[dm-crypt] How to increase key size of existing volume
gmazyland at gmail.com
Tue Dec 11 16:48:00 CET 2012
On 12/11/2012 04:34 PM, Erik Logtenberg wrote:
> So there are at least two methods of extracting a master key. Now if I
> would suspect that a machine, that has a luks volume mounted, was
> compromised to the extent that someone had temporaryly gained root
> access, I would not only have to reset (all) passwords after fixing the
> security hole, but also I would have to create a new master key to be sure.
So attacker had already access to your mounted backup in plaintext
and could change anything there.
> Is the cryptsetup-reencrypt tool also meant for that purpose?
yes, in fact changing volume (master) key was primary use for it.
(But always be sure you have backup. Backup of backup in your case :)
More information about the dm-crypt