[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

Christoph Anton Mitterer calestyo at scientia.net
Fri Jun 3 01:47:49 CEST 2016


Hey.

I just wondered the following:
- Are there any security concerns (e.g. simplified statistical attacks
  or whatever), when one places a RAID (e.g. btrfs RAID or MD RAID) on
  top of dmcrypt devices?
- Are there any security concerns when different dm-crypt devices (with
  different master-keys), e.g. ones that form a RAID as above, are
  created with the same keyslot passphrase/key?
  (Of course apart the obvious one, that one can decrypt all with the
  single key)?

If so, does it depend on the cipher/mode/etc? I'd use aes-xts-plain64.

I wouldn't think so, but just for confirmation...



Perhaps in addition:
As you can imagine the setup I'd like to do is e.g. something like n
physical devices, each holding a LUKS container (with different master
key, but all with the same keyslot key), on top of them some btrfs
RAID5/6 (should that ever get stable before I die ;-) )...
Probably I'll do LVM between dmcrypt and btrfs, because I'd actually
want to create two independent btrfs filesystems on top of dmcrypt.

Any performance or stability issues with such setup?


Thanks,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5930 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160603/2be5675e/attachment.bin>


More information about the dm-crypt mailing list