[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

Christoph Anton Mitterer calestyo at scientia.net
Fri Jun 3 01:47:49 CEST 2016


I just wondered the following:
- Are there any security concerns (e.g. simplified statistical attacks
  or whatever), when one places a RAID (e.g. btrfs RAID or MD RAID) on
  top of dmcrypt devices?
- Are there any security concerns when different dm-crypt devices (with
  different master-keys), e.g. ones that form a RAID as above, are
  created with the same keyslot passphrase/key?
  (Of course apart the obvious one, that one can decrypt all with the
  single key)?

If so, does it depend on the cipher/mode/etc? I'd use aes-xts-plain64.

I wouldn't think so, but just for confirmation...

Perhaps in addition:
As you can imagine the setup I'd like to do is e.g. something like n
physical devices, each holding a LUKS container (with different master
key, but all with the same keyslot key), on top of them some btrfs
RAID5/6 (should that ever get stable before I die ;-) )...
Probably I'll do LVM between dmcrypt and btrfs, because I'd actually
want to create two independent btrfs filesystems on top of dmcrypt.

Any performance or stability issues with such setup?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5930 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160603/2be5675e/attachment.bin>

More information about the dm-crypt mailing list