[dm-crypt] cryptsetup with native PKCS#11 support

.. ink .. mhogomchungu at gmail.com
Mon May 20 11:08:51 CEST 2013


> Imagine you have servers with 24 bays and few root administrators. What is
> a chance of disk leakage e.g. where drive is being replace for new one
> under warranty
> condition? With MooseFS (btw an excellent tool), LUKS, passprase on crypto
> card/token and cryptsetup supporting pkcs11 you can format disk using token
> as storage and two-factor
> authentication device. Am I thinking correctly? For backup you can add
> second key (the same way or classic, just for backup) and sys admins never
> see key(s). Using now available
> methods (gnupgp or pkcs11-data) you can easlly modify scripts to dump
> passphrase or keyfile. I want to minimize it.
>
>
I do not think its possible to hide anything from a user who has logged in
with root's credentials.If they can modify scripts,they can replace your
binary solution.As users with root privileges,they are effectively GODS and
there is nothing technically you can do to stop them,the best you can do is
have some policies and making sure and hope they adhere to them.

You can use libraries if you worry about leakage from loose boundaries btw
different binaries and scripts.

cryptsetup ships with a library you can interface with[1],the two binaries
you have mentioned also have libraries you can interface with, most tokens
ships with libraries that talks to the hardware too or generic ones
exists.Why not use cryptsetup library and the  library provided by the
hardware and add some logic btw them in your binary or library.


The library interface should be enough,have you looked at it and determined
its not adequate? how is it not adequate if you have?

[1]http://wiki.cryptsetup.googlecode.com/git/API/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130520/654518d5/attachment.html>


More information about the dm-crypt mailing list