Re: [dm-crypt] Security of cloned disks (with changed passphrases)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Security of cloned disks (with changed passphrases)
Date: Thu, 16 Dec 2010 20:11:24 +0100	[thread overview]
Message-ID: <4D0A645C.7070908@redhat.com> (raw)
In-Reply-To: <1161837945.960861292524024535.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>

On 12/16/2010 07:27 PM, Matthew Mosesohn wrote:
> I am wondering if I perform this setup (cryptsetup version 1.1.2),
> how much risk do I expose my systems to?
> 
> Step 1: Create a base install that is encrypted with a fixed
> passphrase Step 2: Create a disk image of this installed system Step
> 3: Deploy image on N number of other systems Step 4: Change the
> passphrase on all deployed systems
> 
> What happens if the passphrase becomes compromised on one of these
> systems?  Can that person gain the original LUKS AES key to the disk
> and therefore obtain a way to break into all of the other systems?

Yes, cloning the whole device including LUKS header and changing just
the passphrase keeps the same volume key exposes all system to risk.

Everyone with any passphrase to any system can decrypt volume key
and get access to all cloned systems.

Moreover, everyone can check which sectors changed even without
any passphrase knowledge as a bonus (just check which sectors changed).

The proper way is create new LUKS header (with new passphrase
and volume key) and clone _content_ (plaintext device) of encrypted disk.

Still if you know origin disc content you are in better position
that when you know nothing about the disc but this problem can be
probably ignored in most use cases (secure stolen laptop etc)

Milan

next prev parent reply	other threads:[~2010-12-16 19:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <175017369.959011292522941452.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-12-16 18:09 ` [dm-crypt] Security of cloned disks (with changed passphrases) Matthew Mosesohn
2010-12-16 18:27   ` Matthew Mosesohn
2010-12-16 19:11     ` Milan Broz [this message]
2010-12-17  4:54     ` Nargis Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D0A645C.7070908@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.