[dm-crypt] Using a removable-device-recorded passphrase to decrypt a system
arno at wagner.name
Fri Jun 26 15:19:45 CEST 2015
I doubt it. It is a valid question, bit also one any halfway
competent implementor of crypto on Linux has to ask themselves.
Without verifying what is actually done (Milan is the expert for
that), I assume:
- Passphrases get stored only in locked memory and that does
not get swapped. (Root permissions are needed anyways for
setting up any mapping. E.g. GnuPG has a harder job here
as it does not necessarily run as root. AFAIK it uses a
suid second stage exactly for the purpose of having locked
- Passphrases are wiped from memory as soon as possible.
- I have no idea whether locked memory can end up in a
core-dump, but usually these are disabled anyways.
- In-kernel keys are protected against leaking to disk.
The thing is, system encryption is not easy to do and conceptually
does not help a lot. If it was necessary to prevent having
passphrases/keys to disk, that would be a major security flaw
in the handling of said passphrases/keys and it would affect
other things as well, like GnuPG, OpenSSL, etc. and so I hope
somebody would have complained by now if that was a real issue.
On Fri, Jun 26, 2015 at 14:59:18 CEST, Heinz Diehl wrote:
> On 26.06.2015, Arno Wagner wrote:
> > My advice is to not encrypt the system partition itself, just
> > all user and data partitions.
> I wonder if the passphrase could leak to the unencrypted system partition in such
> a scenario. E.g. memory contents dumped to disk while crashing or
> similar. In fact, I don't know what is possible or not, I'm just
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt