[dm-crypt] Quick dm-crypt questions

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Wed Oct 29 11:33:24 CET 2014


On 29.10.2014 11:24, Cpp wrote:
> The thing is I planned to use a microcontroller to store an encryption
> key in its RAM, and I see the device uses SRAM, so this might be a
> problem?
> http://www.atmel.com/Images/Atmel-8271-8-bit-AVR-Microcontroller-ATmega48A-48PA-88A-88PA-168A-168PA-328-328P_datasheet_Summary.pdf

Yes, comments :-)

First of all: are you going to store the Masterkey or the Passphrase /
Keyfile which is used for key derivation?
If you're going to store the master key, you don't need Luks at all,
this would also be a solution for your detached-header problem.

But....

How do you want to realize the communication between the µC and you
Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be
aware of that....)
Also don't forget to deactivate the JTAG interface. Otherwise the µC
could get debugged... And don't forget to set the correct FUSE bits
(disallow reading / writing from / to flash / EPROM memory, ....)
And did you know, that CPU operations can be reconstructed by small
fluctuations in current[1]? How do you want to solve this issue?

How does the key get to the µC?

Aah, almost forgot to mention: you talked about to use a RNG on your AVR
to move the key around. RNG on AVR? From where do you get your entropy?
I don't know much about this project, but maybe this helps you [2].

There are *so* many traps... Do you really think this is a good idea?

[1] http://en.wikipedia.org/wiki/Power_analysis
[2] http://www.das-labor.org/wiki/AVR-Crypto-Lib //
http://www.das-labor.org/wiki/AVR-Crypto-Lib#PRNGs

Regards
  Ralf


More information about the dm-crypt mailing list