Re: [dm-crypt] How to increase key size of existing volume

[Arno Wagner <arno@wagner.name>]

On Tue, Dec 11, 2012 at 04:34:40PM +0100, Erik Logtenberg wrote:
> Hi Arno,
> 
> Thanks for your explanation. 

You are welcome.

> It is good to know that the 128 bit
> symmetric encryption key is still considered okay to some extent.

Until AES gets (real-world) broken, it will be secure. So not
only "to some extent" ;-)
 
> I did try the keylength site, and if I want my volume to be secure until
> roughly a decade after my projected demise, say 2100, then the adviced
> symmetric key size is already 135, 147 or 256 depending on the used
> method. So it'd still be somewhat better to increase the current 128 a bit.

There are no reliable forecasts for 2100. Even 30 years is highly
speculative. Brute-forcing 128 bits may not be possible even
in 2100, but AES may get broken. And, as I said, your passphrase
needs to be 128 bit as well (well, accounting for iteration, only
something like 110 bit, but that is still 22 random characters and 
letters). 
 
> > (you do have backup, right?).
> 
> Actually I am talking about my backup volume. And as such, it is quite a
> bit of data, that I don't have a (second) backup of. Neither do I have
> enough storage available to make an additional backup, nor the required
> amount of time, since a full copy/restore of such a volume would take weeks.

I see. My advice would be to get that second backup and just 
copy the primary backup over to it. 
 
> In fact, there seems to be a second use case for re-encrypting an
> existing volume. I read some articles explaining the possibility to use
> the luksDump command in conjunction with the --dump-master-key option on
> a mounted luks volume, to reset the password even if the current
> password is no longer known.
> Additionally, also the luksHeaderBackup command is available to extract
> the master key.

That does not help you to change the master key, and that is what 
you need to do if you want a longer one. A better passphrase 
can just be added (luksAddKey) and then the old one removed
(luksRemoveKey). But with this the master key and disk
encryption cipher stay the same.
 
> So there are at least two methods of extracting a master key. Now if I
> would suspect that a machine, that has a luks volume mounted, was
> compromised to the extent that someone had temporaryly gained root
> access, I would not only have to reset (all) passwords after fixing the
> security hole, but also I would have to create a new master key to be sure.

Yes. And new data, as the attacker had access to all of it.
Of course, that is usually not possible... 

> Is the cryptsetup-reencrypt tool also meant for that purpose?

In fact that would be its primary use. And the case does arise. 
Milan is a very careful developer/maintainer and would not have 
created a potentially unsafe tool like this otherwise.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell