[dm-crypt] Disadvantages of many temporary keys?

All of lore.kernel.org
 help / color / mirror / Atom feed

* [dm-crypt] Disadvantages of many temporary keys?
@ 2017-10-28  1:09 L. Rose
  2017-10-28  1:32 ` Robert Nichols
  0 siblings, 1 reply; 4+ messages in thread
From: L. Rose @ 2017-10-28  1:09 UTC (permalink / raw)
  To: dm-crypt

Hi everyone,

My setup runs off a dmcrypt/luks encrypted drive. I want to do daily
unattended reboots, so I don't want to have to enter the password upon
reboot. I thought of generating a random temporary key, inserting that
into a secondary slot on my container using luksAddKey and preparing a
custom initramfs containing that temporary key, so that the system can
unlock the container once after the reboot. When the system is up and
running again, I'll remove that random temporary key from both the
container and the initramfs.

My question is: Do dmcrypt/luks containers suffer from frequent key
adding/removal? Will the container degrade because of this usage, or
maybe get errors? If so, is there a better way for unattended reboots?

Thanks a lot for any thoughts on that!

Regards,

L. Rose

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dm-crypt] Disadvantages of many temporary keys?
  2017-10-28  1:09 [dm-crypt] Disadvantages of many temporary keys? L. Rose
@ 2017-10-28  1:32 ` Robert Nichols
  2017-10-28  4:39   ` Arno Wagner
  0 siblings, 1 reply; 4+ messages in thread
From: Robert Nichols @ 2017-10-28  1:32 UTC (permalink / raw)
  To: dm-crypt

On 10/27/2017 08:09 PM, L. Rose wrote:
> Hi everyone,
> 
> My setup runs off a dmcrypt/luks encrypted drive. I want to do daily
> unattended reboots, so I don't want to have to enter the password upon
> reboot. I thought of generating a random temporary key, inserting that
> into a secondary slot on my container using luksAddKey and preparing a
> custom initramfs containing that temporary key, so that the system can
> unlock the container once after the reboot. When the system is up and
> running again, I'll remove that random temporary key from both the
> container and the initramfs.
> 
> My question is: Do dmcrypt/luks containers suffer from frequent key
> adding/removal? Will the container degrade because of this usage, or
> maybe get errors? If so, is there a better way for unattended reboots?

It won't suffer. All that happens when you add or remove a key is that the portion of the LUKS header for that keyslot gets rewritten.

But, removal of that temporary key is not as secure as you might think. Anyone (or any bot) that had an opportunity to make a copy of the LUKS header while that key was installed can always use that header, together with that "temporary" key, to unlock the container. "LUKS with detached header" would be the most straightforward way, but the master key could also be constructed from that header + key and used directly with cryptsetup to access the container's contents.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dm-crypt] Disadvantages of many temporary keys?
  2017-10-28  1:32 ` Robert Nichols
@ 2017-10-28  4:39   ` Arno Wagner
  2017-10-28 10:14     ` Claudio Moretti
  0 siblings, 1 reply; 4+ messages in thread
From: Arno Wagner @ 2017-10-28  4:39 UTC (permalink / raw)
  To: dm-crypt

On Sat, Oct 28, 2017 at 03:32:50 CEST, Robert Nichols wrote:
[...]
> But, removal of that temporary key is not as secure as you might think. 
> Anyone (or any bot) that had an opportunity to make a copy of the LUKS
> header while that key was installed can always use that header, together
> with that "temporary" key, to unlock the container.  "LUKS with detached
> header" would be the most straightforward way, but the master key could
> also be constructed from that header + key and used directly with
> cryptsetup to access the container's contents.

As always, the fact of thematter is that an attacker that has 
access to the decrypted container can get everything, including 
all data in there. But said attacker could also replace the
cryptsetup binary, the kernel, etc. so it is somthing to be 
aware of, not something to fix. 

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dm-crypt] Disadvantages of many temporary keys?
  2017-10-28  4:39   ` Arno Wagner
@ 2017-10-28 10:14     ` Claudio Moretti
  0 siblings, 0 replies; 4+ messages in thread
From: Claudio Moretti @ 2017-10-28 10:14 UTC (permalink / raw)
  To: dm-crypt@saout.de

[-- Attachment #1: Type: text/plain, Size: 2424 bytes --]

On Sat, Oct 28, 2017 at 5:39 AM, Arno Wagner <arno@wagner.name> wrote:

>
> As always, the fact of thematter is that an attacker that has
> access to the decrypted container can get everything, including
> all data in there. But said attacker could also replace the
> cryptsetup binary, the kernel, etc. so it is somthing to be
> aware of, not something to fix.
>
>
In this case, that's only true to a point: if an attacker were able to
interrupt the reboot process (e.g. by opening the BIOS) they would have a
valid, unencrypted disk decryption key/passphrase in the initramfs, which
would allow them access to the master key, etc.
There would be no need to replace anything, just to dd the first MB of the
encrypted partition(s) and copy the custom initramfs with the
key/passphrase which is, I think, what Robert meant here:

Anyone (or any bot) that had an opportunity to make a copy of the LUKS
> header while that key was installed can always use that header, together
> with that "temporary" key, to unlock the container.
>

I don't think that a detached header would help: we're talking about
unattended reboots, so the detached header would have to be present when
the user is not.

There's also a question on when is the initramfs generated: AFAIK the "most
secure" time would be when the reboot command is [about to be] issued,
which would minimize the time the LUKS header has two used slots.
Recreating it before (even manually, when the computer is attended) would
expose the passphrase on the unencrypted boot partition for all the time
between generation and reboot.

That being said, the question was around any disadvantage on repeated
changes, which shouldn't be a problem (per Robert).
If the probability of the key getting stolen is low enough (i.e. you're not
worried about your header getting cloned/stolen) then you should be ok.

One small modification I would make, it to use n+2 slots: n are 'yours'
(with the passphrase/passphrases you would use to decrypt normally), then
one slot with your temporary key and one with a random passphrase that you
can use for luksAddKey during the creation of the custom initramfs; I'm
guessing you want to script the process to run at some point, possibly when
you're not there, so having this extra slot allows you to not write your
personal passphrase anywhere on disk and maybe (with some scripting) even
rotate this passphrase every now and again.

Claudio

[-- Attachment #2: Type: text/html, Size: 3175 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-10-28 10:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-28  1:09 [dm-crypt] Disadvantages of many temporary keys? L. Rose
2017-10-28  1:32 ` Robert Nichols
2017-10-28  4:39   ` Arno Wagner
2017-10-28 10:14     ` Claudio Moretti

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.