[dm-crypt] concurrency

Milan Broz gmazyland at gmail.com
Sun Mar 27 09:51:44 CEST 2016


On 03/27/2016 01:53 AM, Hugh Bragg wrote:
> I don't want to need a dedicated server to deliver a decrypted
> filesystem because I don't want the decrypted data to be exposed to the
> network. I understand I could use secure communications, but this is all
> way too much overhead compared to what I'm trying to achieve.

As Arno said, dm-crypt cannot be used this way - it is not designed
to provide shared block device among servers.

On top what already mentioned, probably some combination with mechanism
to share active/active block device could work (maybe DRBD) but such
solution is quite fragile.

But there is another problem with your solution - you said that you
do not want decrypted data on the wire.

While accessing encrypted device (dmcrypt/LUKS) this simple way
will put encrypted data over your network, this solution is
NOT secure.

Anyone can use reply attack and just replace old ciphertext content
(some old already-seen data) in packets.
(Imagine it is as a snapshot of the encrypted device in time.)

You have to use encrypted network connection on top of this (SSH, VPN, ...)
to provide secure transport layer here.

Just sharing encrypted disk device over network (even if it is just
through point-to-point using iSCSI, NBD whatever) is simply not secure!


More information about the dm-crypt mailing list