[dm-crypt] Passphrase protected key file?

Arno Wagner arno at wagner.name
Tue Jul 12 14:47:17 CEST 2011

On Mon, Jul 11, 2011 at 11:17:32PM +0100, Laurence Darby wrote:
> Hello,
> My next question, what's the best way to have a passphrase 
> protected key file?

Whyever woyld you want one? If you already have a passphrase,
use that directly. The passphrase-in-file option is 
for slaved devices and keys stored in hardware with some
additional protection by the hardware, e.g. keys on a chipcard.
Key storage on the device itself is actually a pretty much
unsolved problem. The onluy way to do it with a reasonable
level of security today is with costly HSMs (hardware
security modules) that have things like their own power,
extensive sensors, armoured consruction ans the like.
Expect to pay >= 50'000 EUR/USD for one that offers 
reasonable security.

> Should I encrypt it with GPG, and then do eg:
>  gpg -d ~/pass_key  | cryptsetup luksOpen --key-file - /dev/loop1 loop1
> That has the advantage of using the same passphrase I use for
> everything else, but is there any security risk I'm not seeing?  

Yes, you should not reuse passphrases. If you do, of it is exposed
in one place, everything else is exposed. That said, I do 
realize having a good passphrase and using it _carefully_ in
several places is better than having several bad passphrases.
Just make sure you always think about who could evasdrop before
you enter it. For example, never use your passphrase on a
computer not under your control. If you need to do that
(e.e. external storage device), use a dedicated one that
you use nowhere else.

> I read
> that encrypting something twice or with multiple ciphers is effectively
> a new unknown cipher, potentially trivially breakable - I don't think
> that applies here, but is there anything like that I need to watch out for?

If you have _independent_ keys, it usually is as strong as the 
stronger cipher/key combination. With dependent or the same keys, 
this warning is correct. Example: Using a stream cipher twice with
the same key gives you the plaintext as encryption result.
> Alternatively, I could just do this:
> ( cat ~/pass_key ; cat ) | cryptsetup luksOpen --key-file - /dev/loop1 loop1
> so I still have to provide both the key and passphrase, terminated with
> Ctrl-D.  Any thoughts?

Yes, why do you not use the passphrase entry function of cryptsetup
directly? Without a specific and credible risk, there is no
reason to do anything of what you describe here...

I would suggest you read up a bit more on cryptography. 
"Cryptography Engineering" by Schneier et al. is a good book for
example, to get a good understanding of cryto technology
and risks.

You are at the moment in this dangerous "half-knowledge" state, 
were you see some risks and overamplify them, while you completely 
miss others. It is normal to go through this stage, but make sure 
you leave it behind. 

Cryptography is risk management support technology. It is not 
something that needs to be done perfectly, only appropriately 
for the risks identified. The risks are sometimes pretty 
surprising though.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list