[dm-crypt] Using a removable-device-recorded passphrase to decrypt a system

Sven Eschenberg sven at whgl.uni-frankfurt.de
Fri Jun 26 15:53:01 CEST 2015


On Fri, June 26, 2015 15:19, Arno Wagner wrote:
> Hi Heinz,
>
> I doubt it. It is a valid question, bit also one any halfway
> competent implementor of crypto on Linux has to ask themselves.
>
> Without verifying what is actually done (Milan is the expert for
> that), I assume:
>
> - Passphrases get stored only in locked memory and that does
>   not get swapped. (Root permissions are needed anyways for
>   setting up any mapping. E.g. GnuPG has a harder job here
>   as it does not necessarily run as root. AFAIK it uses a
>   suid second stage exactly for the purpose of having locked
>   memory.)

cryptsetup indeed mlocks() the whole process' memory as soon as possible
including all future pages. That should even include all pages from all
forked proceses IIRC.

> - Passphrases are wiped from memory as soon as possible.
> - I have no idea whether locked memory can end up in a
>   core-dump, but usually these are disabled anyways.

There certainly is a debug option to get coredumps including locked pages,
I presume.

> - In-kernel keys are protected against leaking to disk.

Again, I presume, since I did not check the kernel's source, that the
relevant kernel pages are marked as unswappable. I guess when you dump the
kernel for debugging you'll get the locked pages aswell - Doesn't make to
much sense if all locked pages are missing from the dump.

>
> The thing is, system encryption is not easy to do and conceptually
> does not help a lot. If it was necessary to prevent having
> passphrases/keys to disk, that would be a major security flaw
> in the handling of said passphrases/keys and it would affect
> other things as well, like GnuPG, OpenSSL, etc. and so I hope
> somebody would have complained by now if that was a real issue.

It is quite difficult to i.e. encrypt /etc (which might include
passphrases for services or something) by it's own, so doing a system
encryption is quite tempting. Otherwhise you'll have to relocate specific
files from /etc to other places and maintain a pile of config changes,
which can be quite an effort aswell.

>
> Gr"usse,
> Arno
>
>

Regards

-Sven

> On Fri, Jun 26, 2015 at 14:59:18 CEST, Heinz Diehl wrote:
>> On 26.06.2015, Arno Wagner wrote:
>>
>> > My advice is to not encrypt the system partition itself, just
>> > all user and data partitions.
>>
>> I wonder if the passphrase could leak to the unencrypted system
>> partition in such
>> a scenario. E.g. memory contents dumped to disk while crashing or
>> similar. In fact, I don't know what is possible or not, I'm just
>> curious..
>>
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D
> 9718
> ----
> A good decision is based on knowledge and not on numbers. -- Plato
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list