Re: [dm-crypt] Remote unlock security

[Arno Wagner <arno@wagner.name>]

Hi David,
On Mon, Dec 20, 2010 at 08:05:25PM +0100, David Jacquet wrote:
> Hi,
> 
> I am trying to configure my server to be able to be unlocked via ssh and
> dropbear. From the README.gz
> I understand that I can issue the command:
> 
> ssh -o "UserKnownHostsFile=~/.ssh/known_hosts.initramfs" \
> -i "~/id_rsa.initramfs" root@initramfshost.example.com \
> "echo -ne \"secret\" >/lib/cryptsetup/passfifo"
> 
> What exactly will happen with the "secret" string? Will it be written to an
> unprotected part of a hard drive. 

I do not understand what "passfifo" is suppoded to do, you 
should probably do something like this instead:

ssh "cat <file-with-secret> | cryptsetyp --key-file - <other options>"

> If so
> it may be retrieved by a careful investigation of that drive. From my non
> expert and humble opinion, a key (as
> the "secret") should only be stored on RAM (and erased even from the RAM as
> soon as possible).

Indeed. However "as soon as possible" is on device removal from
LUKS/dm-crypt control.
 
> Even if only stored in the RAM, I guess that the "secret" string will be
> stored in the .bash_history file on the
> computer from which the ssh-command was issued. 

Therefore never show it to bash.

> I guess it is more
> recommended to log into the remote
> computer and then issue ( cat > /lib/cryptsetup/passfifo --> "secret" -->
> CTRL+D, will that work?)

Still don't get what "passfifo" is for. Is this some contruction
like this?

  mkfifo passfifo
  cryptsetup --key-file passfifo

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier