From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8asrayaG9o8u for <dm-crypt@saout.de>;
 Fri, 24 Aug 2012 16:01:15 +0200 (CEST)
Received: from mail-ee0-f50.google.com (mail-ee0-f50.google.com [74.125.83.50])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 24 Aug 2012 16:01:14 +0200 (CEST)
Received: by eekc50 with SMTP id c50so720301eek.37
 for <dm-crypt@saout.de>; Fri, 24 Aug 2012 07:01:14 -0700 (PDT)
Message-ID: <50378927.7090508@gmail.com>
Date: Fri, 24 Aug 2012 16:01:11 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <CAK5fS_Gv7HmAOBQfetVCVmSn+ag4VUBL_zarvzfnSs+12H7rAQ@mail.gmail.com>
 <20120823090049.GB14639@Latty> <20120823112728.GA20834@tansi.org>
 <20120823151025.GM14639@Latty> <20120823160728.GA26979@tansi.org>
 <5036729B.1060905@gmail.com> <20120823193415.GA31534@tansi.org>
In-Reply-To: <20120823193415.GA31534@tansi.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 08/23/2012 09:34 PM, Arno Wagner wrote:
>> Well, you can have detached LUKS header on USB flash disk (optionally
>> with the whole boot partition) for example.
> 
> That is not really a good idea. LUKS on Flash/SSD may not work 
> as intended. I just added an entry for that to the FAQ (5.17). 
> For some scenarios, plain dm-cryp is just the way to go.
> Of course, it requires some understanding, e.g. a high-entropy
> passphrase is a must.

(Where do you want to store that high-entropy passphrase?
I guess most of people will use... USB disk?)

Well, I think it is not that simple. You MUST HAVE high-entropy
passphrase in plain dmcrypt because encryption key is directly
computed (hash) from it.

Too easy for people to do this step wrong, which causes worse problems
than flash disk problems.
(Moreover, strandards like FIPS140 explicitly forbids any encryption key
derived directly from passphrases.)

LUKS uses kernel RNG to generate encryption key, always.

There is currently a lot of effort to ensure that /dev/urandom
cannot produce weak data even in extreme situations.

One problem is safe manipulation with keyslot on device, the second is separation
of metadata information (LUKS keyslots in this case) from data device.

(Dictionary attack is not possible for LUKS device if header is not available,
but it is possible for plain dm-crypt with weak passphrase.)

I have several notes to this disk/flash/SSD and will post it as separate mail...

But anyway, it all depends on threat model.

If it is only about securing data when laptop is stolen, no problem to
use SSD or flash disks. This should be mentioned IMHO because it is
most common use case.

Milan