[dm-crypt] SSD disks and cryptsetup-reencrypt

octane indice octane at alinto.com
Wed Jun 12 16:44:16 CEST 2013


Hello

I read the FAQ, the point 5.19, especially:
(...)
However, for LUKS, the worst case is that key-slots and LUKS header may end up in these 
internal pools. This means that password management functionality is compromised (the old 
passwords may still be around, potentially for a very long time) and that fast erase by 
overwriting the header and key-slot area is insecure. 
(...)

Now, we have a cryptsetup-reencrypt tool that could change the master-key.
So, we could use it after changing a password for a slot.

But, dm-crypt use 512bytes for block operations, so the problem remains the same?
An attacker with the knowledge of the master-key could read old sectors un-erased and 
decipher data?

Thanks 

Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com





More information about the dm-crypt mailing list