[dm-crypt] Quorum system on decryption passphrase

Michael Kjörling michael at kjorling.se
Wed Mar 30 19:09:52 CEST 2016

On 30 Mar 2016 18:27 +0200, from gmazyland at gmail.com (Milan Broz):
> If you mean something like Shamir's secret sharing (you need N of M
> parts to unlock the key),
> LUKS doesn't provide this directly, but Clevis/Tang project is going
> this way (in development).

Shamir's was my first thought too. While LUKS doesn't provide this
natively (any one passphrase is sufficient to unlock the container),
what you want can probably be cobbled together using a passphrase file
which is split using Shamir's secret sharing.

For example, you could generate a random passphrase of sufficient
entropy to be secure, and for storage split that into three parts two
of which are required (using regular Shamir's secret sharing). This
should be as secure as 2 out of 3 Shamir's secret sharing can be.

To unlock the container, two of the three individuals get together,
somehow present their respective pieces, and some software combines
them to form the passphrase that is used to unlock the container.

To make it more difficult to access the passphrase while unlocking the
container, you might run it all on a ramfs from within an initrd or

It should work. Whether it will be secure enough depends on your
threat model. Obviously.

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the dm-crypt mailing list