[dm-crypt] SSD disks and cryptsetup-reencrypt
octane at alinto.com
Wed Jun 12 16:44:16 CEST 2013
I read the FAQ, the point 5.19, especially:
However, for LUKS, the worst case is that key-slots and LUKS header may end up in these
internal pools. This means that password management functionality is compromised (the old
passwords may still be around, potentially for a very long time) and that fast erase by
overwriting the header and key-slot area is insecure.
Now, we have a cryptsetup-reencrypt tool that could change the master-key.
So, we could use it after changing a password for a slot.
But, dm-crypt use 512bytes for block operations, so the problem remains the same?
An attacker with the knowledge of the master-key could read old sectors un-erased and
Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com
More information about the dm-crypt