From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Using a removable-device-recorded passphrase to decrypt a system
Date: Sat, 27 Jun 2015 01:06:00 +0200 [thread overview]
Message-ID: <20150626230600.GA18785@tansi.org> (raw)
In-Reply-To: <1638e76a6b55aec08157088393e451c0.squirrel@ssl.verfeiert.org>
On Fri, Jun 26, 2015 at 15:53:01 CEST, Sven Eschenberg wrote:
> On Fri, June 26, 2015 15:19, Arno Wagner wrote:
[...]
> > - I have no idea whether locked memory can end up in a
> > core-dump, but usually these are disabled anyways.
>
> There certainly is a debug option to get coredumps including locked pages,
> I presume.
I would expect so as well. But debugging is not a concern IMO,
unless it is too easy to leace on accidentally.
> > - In-kernel keys are protected against leaking to disk.
>
> Again, I presume, since I did not check the kernel's source, that the
> relevant kernel pages are marked as unswappable. I guess when you dump the
> kernel for debugging you'll get the locked pages aswell - Doesn't make to
> much sense if all locked pages are missing from the dump.
>
> >
> > The thing is, system encryption is not easy to do and conceptually
> > does not help a lot. If it was necessary to prevent having
> > passphrases/keys to disk, that would be a major security flaw
> > in the handling of said passphrases/keys and it would affect
> > other things as well, like GnuPG, OpenSSL, etc. and so I hope
> > somebody would have complained by now if that was a real issue.
>
> It is quite difficult to i.e. encrypt /etc (which might include
> passphrases for services or something) by it's own, so doing a system
> encryption is quite tempting. Otherwhise you'll have to relocate specific
> files from /etc to other places and maintain a pile of config changes,
> which can be quite an effort aswell.
Well, yes. It is a trade-off that depends on the specific situation
and distribution. Personally, I avoid putting credentials into /etc,
but I do have some in my home, mostly ssh-keys allowing passwordless
logins.
I do realize this will not always be possible.
Gr"usse,
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2015-06-26 23:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-25 14:57 [dm-crypt] Using a removable-device-recorded passphrase to decrypt a system Arbiel (gmx)
2015-06-26 12:30 ` Arno Wagner
2015-06-26 12:59 ` Heinz Diehl
2015-06-26 13:19 ` Arno Wagner
2015-06-26 13:53 ` Sven Eschenberg
2015-06-26 23:06 ` Arno Wagner [this message]
2015-06-26 14:00 ` Sven Eschenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150626230600.GA18785@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox