[dm-crypt] Security of cloned disks (with changed passphrases)

Matthew Mosesohn mmosesoh at redhat.com
Thu Dec 16 19:09:38 CET 2010

I am wondering if I perform this setup (cryptsetup version 1.1.2), how much risk do I expose my systems to? 

Step 1: Create a base install that is encrypted with a fixed passphrase 
Step 2: Create a disk image of this installed system 
Step 3: Deploy image on N number of other systems 
Step 4: Change the passphrase on all deployed systems 

What happens if the passphrase becomes compromised on one of these systems? Can that person gain the original LUKS AES key to the disk and therefore obtain a way to break into all of the other systems? 

If yes, is there anything to do on each cloned system to improve security? 

Best Regards, 
Matthew Mosesohn 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20101216/f67669a2/attachment.html>

More information about the dm-crypt mailing list