From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Sat, 27 Jun 2015 01:06:01 +0200 (CEST) Received: from gatewagner.dyndns.org (77-57-54-224.dclient.hispeed.ch [77.57.54.224]) by v6.tansi.org (Postfix) with ESMTPA id DAD1C20DC211 for ; Sat, 27 Jun 2015 01:06:00 +0200 (CEST) Date: Sat, 27 Jun 2015 01:06:00 +0200 From: Arno Wagner Message-ID: <20150626230600.GA18785@tansi.org> References: <558C16DD.60809@gmx.fr> <20150626123047.GB12997@tansi.org> <20150626125918.GA1672@fritha.org> <20150626131945.GB13458@tansi.org> <1638e76a6b55aec08157088393e451c0.squirrel@ssl.verfeiert.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1638e76a6b55aec08157088393e451c0.squirrel@ssl.verfeiert.org> Subject: Re: [dm-crypt] Using a removable-device-recorded passphrase to decrypt a system List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Jun 26, 2015 at 15:53:01 CEST, Sven Eschenberg wrote: > On Fri, June 26, 2015 15:19, Arno Wagner wrote: [...] > > - I have no idea whether locked memory can end up in a > > core-dump, but usually these are disabled anyways. > > There certainly is a debug option to get coredumps including locked pages, > I presume. I would expect so as well. But debugging is not a concern IMO, unless it is too easy to leace on accidentally. > > - In-kernel keys are protected against leaking to disk. > > Again, I presume, since I did not check the kernel's source, that the > relevant kernel pages are marked as unswappable. I guess when you dump the > kernel for debugging you'll get the locked pages aswell - Doesn't make to > much sense if all locked pages are missing from the dump. > > > > > The thing is, system encryption is not easy to do and conceptually > > does not help a lot. If it was necessary to prevent having > > passphrases/keys to disk, that would be a major security flaw > > in the handling of said passphrases/keys and it would affect > > other things as well, like GnuPG, OpenSSL, etc. and so I hope > > somebody would have complained by now if that was a real issue. > > It is quite difficult to i.e. encrypt /etc (which might include > passphrases for services or something) by it's own, so doing a system > encryption is quite tempting. Otherwhise you'll have to relocate specific > files from /etc to other places and maintain a pile of config changes, > which can be quite an effort aswell. Well, yes. It is a trade-off that depends on the specific situation and distribution. Personally, I avoid putting credentials into /etc, but I do have some in my home, mostly ssh-keys allowing passwordless logins. I do realize this will not always be possible. Gr"usse, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier