From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Fri, 15 Apr 2011 18:27:13 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-52.dclient.hispeed.ch [84.74.164.52]) by v4.tansi.org (Postfix) with ESMTPA id C04D42055C5 for ; Fri, 15 Apr 2011 18:27:13 +0200 (CEST) Date: Fri, 15 Apr 2011 18:27:13 +0200 From: Arno Wagner Message-ID: <20110415162713.GC5092@tansi.org> References: <4DA84DA2.3020302@gmail.com> <4DA85469.3080503@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4DA85469.3080503@gmail.com> Subject: Re: [dm-crypt] yet another "lost my partition" message List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Apr 15, 2011 at 04:21:29PM +0200, Cristian KLEIN wrote: > On 15/04/2011 16:15, Roscoe wrote: > > On Fri, Apr 15, 2011 at 11:52 PM, Cristian KLEIN wrote: > > ... > >> A posteriori, I cannot help wonder why such pretious information isn't > >> kept redundantly. Surely LUKS could have stored the header in 10 random > >> sectors with an easy-to-grep "HERE I AM" banner. Wouldn't this allow > >> users to recover the master-key (and part of the file-system) without > >> compromising security? > > ... > > > > It's supposed to be fragile and easily destroyed, this is by design. > > I think users expect it to be *secure*, i.e., if a laptop gets stolen in > an airport, the user has no worries. I'm not sure users appreciate > "fragile". Personally, this is not what I expect from full-disk encryption. It is not fragile. It is designed to be fast to destroy. It also is not "full-disk encrypton", it is partition encryption. The anti-forensic features require some way to destroy data fast and reliable. And a luksFormat will allways wipe the headers, no mater how you safeguard them, unless you want to store a backlog of old headers and anti-forensic stripes (10-20MB per instance) on the filesystem? With all the very serious negative security implicatins that has? Cryptsetup also has adequate safeguards against accidentally luksFormat-ing your headers and the documentation rather strongly advises header and data backup. The mess-up here is by Ubuntu, not cryptsetup. You are welcome to post here of course and you are welcome to argue design mistakes in cryptsetup, we may have overlooked something after all. Currently I do not see that. > > Accidently running cryptsetup luksFormat is unfortunate, as is running > > mkfs or dd on the wrong device. Good thing for backups. > > Still, mkfs and dd give you a second chance (see testdisk and friends). > Why not luksFormat? Because it cannot without making the design a lot worse. It does adequately warn you however. The Ubuntu people chose to hide that warning for whatever reasons. I think I am starting to get angry at them.... Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier