[dm-crypt] Using a removable-device-recorded passphrase to decrypt a system
sven at whgl.uni-frankfurt.de
Fri Jun 26 15:53:01 CEST 2015
On Fri, June 26, 2015 15:19, Arno Wagner wrote:
> Hi Heinz,
> I doubt it. It is a valid question, bit also one any halfway
> competent implementor of crypto on Linux has to ask themselves.
> Without verifying what is actually done (Milan is the expert for
> that), I assume:
> - Passphrases get stored only in locked memory and that does
> not get swapped. (Root permissions are needed anyways for
> setting up any mapping. E.g. GnuPG has a harder job here
> as it does not necessarily run as root. AFAIK it uses a
> suid second stage exactly for the purpose of having locked
cryptsetup indeed mlocks() the whole process' memory as soon as possible
including all future pages. That should even include all pages from all
forked proceses IIRC.
> - Passphrases are wiped from memory as soon as possible.
> - I have no idea whether locked memory can end up in a
> core-dump, but usually these are disabled anyways.
There certainly is a debug option to get coredumps including locked pages,
> - In-kernel keys are protected against leaking to disk.
Again, I presume, since I did not check the kernel's source, that the
relevant kernel pages are marked as unswappable. I guess when you dump the
kernel for debugging you'll get the locked pages aswell - Doesn't make to
much sense if all locked pages are missing from the dump.
> The thing is, system encryption is not easy to do and conceptually
> does not help a lot. If it was necessary to prevent having
> passphrases/keys to disk, that would be a major security flaw
> in the handling of said passphrases/keys and it would affect
> other things as well, like GnuPG, OpenSSL, etc. and so I hope
> somebody would have complained by now if that was a real issue.
It is quite difficult to i.e. encrypt /etc (which might include
passphrases for services or something) by it's own, so doing a system
encryption is quite tempting. Otherwhise you'll have to relocate specific
files from /etc to other places and maintain a pile of config changes,
which can be quite an effort aswell.
> On Fri, Jun 26, 2015 at 14:59:18 CEST, Heinz Diehl wrote:
>> On 26.06.2015, Arno Wagner wrote:
>> > My advice is to not encrypt the system partition itself, just
>> > all user and data partitions.
>> I wonder if the passphrase could leak to the unencrypted system
>> partition in such
>> a scenario. E.g. memory contents dumped to disk while crashing or
>> similar. In fact, I don't know what is possible or not, I'm just
>> dm-crypt mailing list
>> dm-crypt at saout.de
> Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
> GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D
> A good decision is based on knowledge and not on numbers. -- Plato
> If it's in the news, don't worry about it. The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt