[dm-crypt] How to increase key size of existing volume

Arno Wagner arno at wagner.name
Tue Dec 11 17:34:07 CET 2012

On Tue, Dec 11, 2012 at 04:34:40PM +0100, Erik Logtenberg wrote:
> Hi Arno,
> Thanks for your explanation. 

You are welcome.

> It is good to know that the 128 bit
> symmetric encryption key is still considered okay to some extent.

Until AES gets (real-world) broken, it will be secure. So not
only "to some extent" ;-)
> I did try the keylength site, and if I want my volume to be secure until
> roughly a decade after my projected demise, say 2100, then the adviced
> symmetric key size is already 135, 147 or 256 depending on the used
> method. So it'd still be somewhat better to increase the current 128 a bit.

There are no reliable forecasts for 2100. Even 30 years is highly
speculative. Brute-forcing 128 bits may not be possible even
in 2100, but AES may get broken. And, as I said, your passphrase
needs to be 128 bit as well (well, accounting for iteration, only
something like 110 bit, but that is still 22 random characters and 
> > (you do have backup, right?).
> Actually I am talking about my backup volume. And as such, it is quite a
> bit of data, that I don't have a (second) backup of. Neither do I have
> enough storage available to make an additional backup, nor the required
> amount of time, since a full copy/restore of such a volume would take weeks.

I see. My advice would be to get that second backup and just 
copy the primary backup over to it. 
> In fact, there seems to be a second use case for re-encrypting an
> existing volume. I read some articles explaining the possibility to use
> the luksDump command in conjunction with the --dump-master-key option on
> a mounted luks volume, to reset the password even if the current
> password is no longer known.
> Additionally, also the luksHeaderBackup command is available to extract
> the master key.

That does not help you to change the master key, and that is what 
you need to do if you want a longer one. A better passphrase 
can just be added (luksAddKey) and then the old one removed
(luksRemoveKey). But with this the master key and disk
encryption cipher stay the same.
> So there are at least two methods of extracting a master key. Now if I
> would suspect that a machine, that has a luks volume mounted, was
> compromised to the extent that someone had temporaryly gained root
> access, I would not only have to reset (all) passwords after fixing the
> security hole, but also I would have to create a new master key to be sure.

Yes. And new data, as the attacker had access to all of it.
Of course, that is usually not possible... 

> Is the cryptsetup-reencrypt tool also meant for that purpose?

In fact that would be its primary use. And the case does arise. 
Milan is a very careful developer/maintainer and would not have 
created a potentially unsafe tool like this otherwise.

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

More information about the dm-crypt mailing list