[dm-crypt] Old Passphrases - are they a security threat?

Arno Wagner arno at wagner.name
Thu Jun 26 06:15:12 CEST 2014

On Wed, Jun 25, 2014 at 15:21:01 CEST, Daniel Breznau wrote:
> Hi,
> After reading the FAQ, I’m still unclear on something - if someone knows
> an old passphrase to my LUKS encrypted partition, then could it somehow be
> used with the master key to decrypt the drive?
> My scenario is this: I’m trying to set up a remote server with an
> encrypted drive by having tech support run my bash script that will set it
> all up and the script will have an initial passphrase in it.  After that,
> I’ll SSH in and change the passphrase but wonder if the old one (which
> they potentially have laying around in the bash file) could be used to
> compromise the root partition.
> Granted, I know there are other vulnerabilities of this - like it being
> accessed while running but an encrypted drive is enough to keep out the
> curious and slightly more determined.

What you need to access a volume is an active keyslot and the 
matching LUKS header _or_ a copy of the master key. The "old" 
one in your scenario can be in backups (header backup or binary 
partition backup), transferred data and with that one you can 
open the container, even if the passphrase in the container has 
been changed. This is one reason why to never ship LUKS containers 
to several people, as they then all can unlock each others 
containers as they have the same master key. This is the 
reason behind FAQ Item 6.15. 

In your scenario, anybody having the initial passphrase and a copy
of the LUKS header and keyslots when it was active can extract the 
master key and access all data. While the ocntainer is mapped
(open), also everybody with root access can extract the master key, 
see FAQ item 6.10. Of if these people run your script as root (which
they basically have to do) and map the container, they have access
to the master key and there is nothing you can do about it. You
also cannot detect they copied anything. Changing the master-key 
requires re-creartion of the LUKS container. (Not really, but it 
amounts to the same thing.)

If, however, your luks header/keyslot is the only copy, nobody copied 
the mastyer key and you change the passphrase in that keyslot, then 
there is no way to recover anything with the old one. The design would 
be quite broken otherwise, so this is not explained further in the FAQ. 
Of course, simply adding a passphrase does not wipe the old one out, 
as the new one goes into a new slot. You have to use luksChangeKey to 
actually change a passphrase (i.e. 1. wipe old one 2. put new one into 
the same keyslot).

What this boils down to is that you have to trust people that can
become root on your machine and disk encryption does not change
that one bit. One reason to never store confidential data on
vserver or in "the cloud", unless it cannot be decrypted there.
As soon as it can be decrypted there (as in a mapped LUKS container),
it is not secure at all against the people that control the hardware.


Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -  Plato

More information about the dm-crypt mailing list