* Re: Are there known security issues during creation of LUKS containers?
2025-05-16 12:29 ` Are there known security issues during creation of LUKS containers? Alexander Grund
@ 2025-05-17 10:30 ` Arno Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2025-05-17 10:30 UTC (permalink / raw)
To: Alexander Grund; +Cc: cryptsetup
Hi Alexander,
there should not be any issues. AFAIK, everything critical is done in
locked memory and the only things going to disk are the ones that stay
there.
Obviously, if you have, say, a keylogger active when entering a
passphrase, that is an issue. But that is not different from
what happens with an exiting container.
As to documentation, that would be the LUKS specification.
Regards,
Arno
On Fri, May 16, 2025 at 14:29:00 CEST, Alexander Grund wrote:
> Hi all,
>
> we are planning to use LUKS containers on machines with limited local
> storage but access to a large, but shared file system.
> So far I've only found security considerations for existing LUKS containers.
>
> Are there any information on issues possible during **creation** of a LUKS
> container?
> I.e. if it is possible for someone with access to files on the file system,
> where the container is being created by `cryptsetup luksFormat`, is able to
> infer any information on the key during the process?
>
> Can anyone point me to relevant information/research?
>
> Thanks,
> Alexander Grund
>
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 2+ messages in thread