From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75B6nprlHD6X for ; Thu, 14 Jul 2011 23:44:04 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 14 Jul 2011 23:44:04 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-166-21.dclient.hispeed.ch [84.74.166.21]) by v4.tansi.org (Postfix) with ESMTPA id E8001205F0D for ; Thu, 14 Jul 2011 23:44:03 +0200 (CEST) Date: Thu, 14 Jul 2011 23:44:03 +0200 From: Arno Wagner Message-ID: <20110714214403.GA6980@tansi.org> References: <20110711231732.596b8622.ldarby@tuffmail.com> <20110712124717.GC31326@tansi.org> <20110714110425.GB13900@tansi.org> <20110714133533.GA19714@tansi.org> <4E1EF95D.40406@web.de> <20110714192752.GA2191@tansi.org> <4E1F5DD8.5070506@web.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <4E1F5DD8.5070506@web.de> Subject: Re: [dm-crypt] Passphrase protected key file? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Thu, Jul 14, 2011 at 11:21:28PM +0200, Heiko Rosemann wrote: > On 07/14/2011 09:27 PM, Arno Wagner wrote: > > On Thu, Jul 14, 2011 at 04:12:45PM +0200, Heiko Rosemann wrote: > >> On 07/14/2011 03:35 PM, Arno Wagner wrote: > >>> Indeed. But are there any realistic scenarios where > >>>=20 > >>> a) a passphrase is signifiacntly less secure than an encrypted=20 > >>> passphrase stored on USB with a second pasphrase to decrypt that > >>>=20 > >>> and > >>>=20 > >>> b) the attacker does not have the possibility to patch=20 > >>> GnuPG/cryptup/other things that make the second passphrase just > >>> as weak as the first one? > >>>=20 > >>> My claim is that a realistic risk analysis will show there are > >>> no such scenarios that are typical and hence having an encrypted=20 > >>> passphrase on an USB stick does not offer improved security. > >>=20 > >> Improved security over which other setup? > >>=20 > >> a) Unencrypted passphrase stored on a USB key. Here the second=20 > >> encryption step will probably give additional security in case the > >> user looses the USB key. > >=20 > > And the default situation does not have an USB key. So a net security > > loss. > >=20 > >> b) Directly entering passphrase without the need of a USB key. Here > >> we have a typical risk of users using the same passphrase for > >> different things or even of writing it down (on a post-it note on > >> the screen or keyboard...). If we depend upon a USB stick with the > >> real passphrase (encrypted by the one on the post-it note) being > >> present at boot the attacker won't be able to utilize that > >> passphrase. > >=20 > > If we have stupid users, they will just tape the USB key to the=20 > > monitor besides the post-it. Or put it on a pice of string. Then > > passphrase reuse will have the original risks, no improvement by USB > > key usage. > >=20 > > If they are not stupid, they will have different passphrases and not > > post-it to the screen. >=20 > True up to that point where remembering a great number of different good > passphrases becomes impossible. That is a problem, yes. But let's face it, how many do you have?=20 I have one for disk encryption (reuse there is not a big risk, all are under my control) and one for GnuPG and that is it. =20 > >> If we move kernel+initrd+cryptsetup to the USB stick and boot the=20 > >> machine from USB, we can even encrypt the entire harddisk, thus > >> even someone with physical access to the machine cannot patch > >> cryptsetup/gnupg. > >=20 > > Leaveing the scenario there. In this scenario we can use the=20 > > conventional passphrase input mechnism without any loss of security. > > no need for an encrypted passphrase on the USB key. >=20 > If the LUKS-drive gets lost or stolen together with (knowledge about) > the conventional passphrase (i.e. a laptop with a passphrase-post-it) > the thief will still need to steal the USB key as well, if there is an > encrypted passphrase on it. I'm not sure about others, but I tend to > carry my USB keys in my pocket or on my keychain, not in my laptop case. But I bet you do not have a post-it with the passphrase on the laptop either ;-) =20 > >> P.S: Thinking of law enforcement as the attacker (guess that is not > >> that a great risk for most of us), it is possible to destroy all > >> access to your data by destroying all the USB keys with the > >> encrypted passphrase on them - and then you can even tell them your > >> passphrase... > >=20 > > You an do that with LUKS, just overwrite the slots you are using with > > random passphrases. The question is what is easier. My guess would be > > that fast destruction of USB keys is not that easy. >=20 > It depends :) >=20 > The main advantage I see about the USB key option is that the USB key > does not have to be in the same room as the encrypted device. I.e. the > FBI could come to your home while you are away and take away your > computer and when you arrive you notice something is wrong and have the > time to destroy the USB key (I'm thinking of some physical way here like > burning it on a barbeque, cooking it in solder, cutting the chips apart > with a micro-drill...) and can then openly tell a court that you don't > have any access to your data anymore. Well, that was the old approach, until they found out they could not break modern disk or file encryption. Now they will=20 either break in silently and install a hardware keylogger and a camera to find out what you are using, or they will break=20 down your door while the machine is running and decrypted.=20 You can buy forensic kits that let you separate a running PC=20 =66rom the power lines and transport it without shutting it off.=20 This is in fact not difficult to do. Material is basically an UPS, some mains-capable clamps, isolation-gloves and a standard AC voltmeter. I have simulated doing this myself (with 500V rated gloves, welding-goggles and an ground fault proector in the line) and it is quite doable. > Or you notice your harddrive has been stolen and then you can delete the > key without any remaining worries about possible social engineering to > get your passphrase. Or the police knock on your door at night and you > flush the USB key down the toilet (matter of seconds) instead of booting > up your PC and overwriting all key slots (matter of minutes, police > kicking in your door in the meantime) Well, I think these are borderline scenarios. Also remember than unless you are in certain states like the UK or the US, the police cannot=20 force you to give them your passphrase. But in certain situations,=20 these might be valid approaches. I see your point. > Might be I've been watching too many bad hacker movies to do good risk > evaluation ;) Possibly. The trick is to keep the whole risk-landscape in view and palance your efforts. > > Not wanting to be obstinate here (but I have a lot experience with > > risk evaluation), the main risk I see is that the USB-key scheme is > > more complex and exposes you to a higher risk of data loss as a > > consequence. I still do not see any advantage to having a separetely > > encrypted passphrase in a disk file. > >=20 > > I do see advantages to the kernel+initrd+cryptsetup on USB option. > > That would indeed help against some attacks. >=20 > It can also - to a very casual attacker - hide the encrypted area by > booting a different OS from the harddrive when there is no USB key > attached. Or if you are very, very, very sure never to forget to plug in > the correct USB key, you could automatically wipe the LUKS key slots > when the machine is booted without the USB key. Oooooh, a solution for _real_ men! I like it ;-) Arno --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam= e=20 GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier=20