* Are there known security issues during creation of LUKS containers?
[not found] <d936a762-b75b-46b6-9fe7-1652c10afb6d@tu-dresden.de>
@ 2025-05-16 12:29 ` Alexander Grund
2025-05-17 10:30 ` Arno Wagner
0 siblings, 1 reply; 2+ messages in thread
From: Alexander Grund @ 2025-05-16 12:29 UTC (permalink / raw)
To: cryptsetup
[-- Attachment #1: Type: text/plain, Size: 605 bytes --]
Hi all,
we are planning to use LUKS containers on machines with limited local
storage but access to a large, but shared file system.
So far I've only found security considerations for existing LUKS containers.
Are there any information on issues possible during **creation** of a
LUKS container?
I.e. if it is possible for someone with access to files on the file
system, where the container is being created by `cryptsetup luksFormat`,
is able to infer any information on the key during the process?
Can anyone point me to relevant information/research?
Thanks,
Alexander Grund
[-- Attachment #2: Kryptografische S/MIME-Signatur --]
[-- Type: application/pkcs7-signature, Size: 5782 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Are there known security issues during creation of LUKS containers?
2025-05-16 12:29 ` Are there known security issues during creation of LUKS containers? Alexander Grund
@ 2025-05-17 10:30 ` Arno Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2025-05-17 10:30 UTC (permalink / raw)
To: Alexander Grund; +Cc: cryptsetup
Hi Alexander,
there should not be any issues. AFAIK, everything critical is done in
locked memory and the only things going to disk are the ones that stay
there.
Obviously, if you have, say, a keylogger active when entering a
passphrase, that is an issue. But that is not different from
what happens with an exiting container.
As to documentation, that would be the LUKS specification.
Regards,
Arno
On Fri, May 16, 2025 at 14:29:00 CEST, Alexander Grund wrote:
> Hi all,
>
> we are planning to use LUKS containers on machines with limited local
> storage but access to a large, but shared file system.
> So far I've only found security considerations for existing LUKS containers.
>
> Are there any information on issues possible during **creation** of a LUKS
> container?
> I.e. if it is possible for someone with access to files on the file system,
> where the container is being created by `cryptsetup luksFormat`, is able to
> infer any information on the key during the process?
>
> Can anyone point me to relevant information/research?
>
> Thanks,
> Alexander Grund
>
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-17 10:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <d936a762-b75b-46b6-9fe7-1652c10afb6d@tu-dresden.de>
2025-05-16 12:29 ` Are there known security issues during creation of LUKS containers? Alexander Grund
2025-05-17 10:30 ` Arno Wagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox