[dm-crypt] Disadvantages of many temporary keys?
arno at wagner.name
Sat Oct 28 06:39:35 CEST 2017
On Sat, Oct 28, 2017 at 03:32:50 CEST, Robert Nichols wrote:
> But, removal of that temporary key is not as secure as you might think.
> Anyone (or any bot) that had an opportunity to make a copy of the LUKS
> header while that key was installed can always use that header, together
> with that "temporary" key, to unlock the container. "LUKS with detached
> header" would be the most straightforward way, but the master key could
> also be constructed from that header + key and used directly with
> cryptsetup to access the container's contents.
As always, the fact of thematter is that an attacker that has
access to the decrypted container can get everything, including
all data in there. But said attacker could also replace the
cryptsetup binary, the kernel, etc. so it is somthing to be
aware of, not something to fix.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt