[dm-crypt] Security of cloned disks (with changed passphrases)
mmosesoh at redhat.com
Thu Dec 16 19:09:38 CET 2010
I am wondering if I perform this setup (cryptsetup version 1.1.2), how much risk do I expose my systems to?
Step 1: Create a base install that is encrypted with a fixed passphrase
Step 2: Create a disk image of this installed system
Step 3: Deploy image on N number of other systems
Step 4: Change the passphrase on all deployed systems
What happens if the passphrase becomes compromised on one of these systems? Can that person gain the original LUKS AES key to the disk and therefore obtain a way to break into all of the other systems?
If yes, is there anything to do on each cloned system to improve security?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dm-crypt