[dm-crypt] security issues with dm-crypt below/above MD or below btrfs/ZFS RAID

Christoph Anton Mitterer calestyo at scientia.net
Sat Jun 7 02:48:32 CEST 2014


Hey.

Perhaps, the following should go to the FAQ as well...

I'm using dm-crypt with aes-xts-plain64 and wondered whether it has any
security implications on whether it is used
- above MD RAID (i.e. multiple devices, forming a single block device
via MD/mdadm, on which dm-crypt/LUKS is used)...
- below MD RAID or e.g. btrfs/ZFS RAID (i.e. multiple devices, each with
it's own dm-crypt/LUKS, either with the same or different master keys,
and on top of the opened devices a RAID formed by MD/mdadm or btrfs/ZFS.


I wondered that because, RAID (and especially that of MD, where the
layout of blocks is far more deterministic than with btrfs/ZFS RAID)
always has some fixed (and known) structure...  where it e.g. known
where blocks and corresponding parity blocks (in RAID5/6 or similar
levels) ... or at least how adjacent blocks are striped over devices
(RAID 1, 10 and similar).

I mean especially with btrfs/ZFS the only choice it to have dm-crypt
below the RAID... while in a "traditional" MD/dmcrypt/ext4 setup I'd
usually have placed MD at the lowest level, and dm-crypt just above
it... with LVM, ext4/xfs/etc. above.


So are there any known ways to exploit this in crypto analysis,
especially statistical attacks, that are e.g. only possible if dmcrypt
is below the RAID (or vice versa)? Or that become possible, if all the
underlying dm-crypt devices of a RAID would be configured to use the
same master key?

Or is this mitigated by XTS? And what about the other block cipher
modes?


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140607/8d3d1f62/attachment.bin>


More information about the dm-crypt mailing list