[dm-crypt] Old Passphrases - are they a security threat?
arno at wagner.name
Thu Jun 26 06:15:12 CEST 2014
On Wed, Jun 25, 2014 at 15:21:01 CEST, Daniel Breznau wrote:
> After reading the FAQ, I’m still unclear on something - if someone knows
> an old passphrase to my LUKS encrypted partition, then could it somehow be
> used with the master key to decrypt the drive?
> My scenario is this: I’m trying to set up a remote server with an
> encrypted drive by having tech support run my bash script that will set it
> all up and the script will have an initial passphrase in it. After that,
> I’ll SSH in and change the passphrase but wonder if the old one (which
> they potentially have laying around in the bash file) could be used to
> compromise the root partition.
> Granted, I know there are other vulnerabilities of this - like it being
> accessed while running but an encrypted drive is enough to keep out the
> curious and slightly more determined.
What you need to access a volume is an active keyslot and the
matching LUKS header _or_ a copy of the master key. The "old"
one in your scenario can be in backups (header backup or binary
partition backup), transferred data and with that one you can
open the container, even if the passphrase in the container has
been changed. This is one reason why to never ship LUKS containers
to several people, as they then all can unlock each others
containers as they have the same master key. This is the
reason behind FAQ Item 6.15.
In your scenario, anybody having the initial passphrase and a copy
of the LUKS header and keyslots when it was active can extract the
master key and access all data. While the ocntainer is mapped
(open), also everybody with root access can extract the master key,
see FAQ item 6.10. Of if these people run your script as root (which
they basically have to do) and map the container, they have access
to the master key and there is nothing you can do about it. You
also cannot detect they copied anything. Changing the master-key
requires re-creartion of the LUKS container. (Not really, but it
amounts to the same thing.)
If, however, your luks header/keyslot is the only copy, nobody copied
the mastyer key and you change the passphrase in that keyslot, then
there is no way to recover anything with the old one. The design would
be quite broken otherwise, so this is not explained further in the FAQ.
Of course, simply adding a passphrase does not wipe the old one out,
as the new one goes into a new slot. You have to use luksChangeKey to
actually change a passphrase (i.e. 1. wipe old one 2. put new one into
the same keyslot).
What this boils down to is that you have to trust people that can
become root on your machine and disk encryption does not change
that one bit. One reason to never store confidential data on
vserver or in "the cloud", unless it cannot be decrypted there.
As soon as it can be decrypted there (as in a mapped LUKS container),
it is not secure at all against the people that control the hardware.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt