Re: [dm-crypt] Pass+keyfile

[Arno Wagner <arno@wagner.name>]

On Mon, Dec 01, 2014 at 18:37:16 CET, 0x14@unseen.is wrote:
> >And now do a scenario where an attacke has the passphrase, but
> >not root access and not the keyfile. There are not many
> >possibilities for that to happen and most are unrealistic.
> 
> 1. I know about attacker and destroyed keyfile before attacker gets
> copy of it. That is the most important thing I can think of when
> using encrypted keyfile.

Simpler solution: Use a very long passphrase, learn one part by 
heart and the other part not and have that on paper. The part
on paper could, for example, be 50 random letters and digits.
At least I could not remember that. In case of emergency, destroy 
the paper. (Make it edible for better convenience.) Use 
severall/all keyslots to make the paper-part harder to remember.

> 2. I have keyfile in a safe in far location (in bunker in another
> country, maybe), while me and my mixed (encrypted and unencrypted)
> data is always with me. Or vice-versa.

If you have a safe location, put all data there. You do not even 
need to encrypt in this case.

> 3. Attacker can attach a hidden camera behind me while I typing
> password (or do similar approach) and then get a copy of encrypted
> data (it is far easier than get full root access)

Oh? Just have the attacker look with the camera while you type 
in your root password...

> 4. After encrypting, I give single copy of keyfile to another person
> (he is living in bunker in another country, of course). I know
> passphrase, he owns keyfile, we can get to the data only if we meet
> in person, for example.
> ...

Do the same thing, but just one part data one part passphrase.
The keyfile does not add anything.

> 
> >No. The SD card is a lot _harder_ to destroy than the LUKS header.
> >The LUKS header is gone after a single overwrite of 2MiB of data.
> >The SD card needs very careful physical destruction.
> 
> I said microsd card. Scissors will definitely destroy data in a few
> secs, you can destroy it even with your teeth, with a lighter maybe.
> While destroying LUKS header demands working computer and knowing
> what you are doing (you might prepare a script for that though).
> Even if you have a drill or a hammer, destroying hard drive with it
> to unrecoverable state is harder than destroying sd or microsd card
> or even flash drive.
> 
> BTW, why do you say it is hard to destroy SD card? I always thought
> even small physical damage on crystal makes data on this crystal
> practically unrecoverable.

No. It makes it still pretty easy to recover, but it is expensive.
Depending on your attacker model, that may or may not help.
Don't use your teeth though, the chips inside are harder than
your teeth are and your teeth are likely to break accomplishing 
nothing. 

Any reliable deletion for flash-type storage is either heating
them up very high or grinding them into fine dust. A lighter alone
will not do the trick and even if you have a pair of fireproof
thongs with you, it may take too long.

Gr"usse,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier