From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VgNnQ54q1Ovo for ; Thu, 14 Jul 2011 16:13:02 +0200 (CEST) Received: from fmmailgate03.web.de (fmmailgate03.web.de [217.72.192.234]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 14 Jul 2011 16:13:01 +0200 (CEST) Received: from smtp04.web.de ( [172.20.0.225]) by fmmailgate03.web.de (Postfix) with ESMTP id 200911955D50D for ; Thu, 14 Jul 2011 16:12:29 +0200 (CEST) Received: from [141.3.215.122] (helo=[141.3.215.122]) by smtp04.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.110 #2) id 1QhMeT-0005XA-00 for dm-crypt@saout.de; Thu, 14 Jul 2011 16:12:29 +0200 Message-ID: <4E1EF95D.40406@web.de> Date: Thu, 14 Jul 2011 16:12:45 +0200 From: Heiko Rosemann MIME-Version: 1.0 References: <20110711231732.596b8622.ldarby@tuffmail.com> <20110712124717.GC31326@tansi.org> <20110714110425.GB13900@tansi.org> <20110714133533.GA19714@tansi.org> In-Reply-To: <20110714133533.GA19714@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: heiko.rosemann@web.de Subject: Re: [dm-crypt] Passphrase protected key file? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2011 03:35 PM, Arno Wagner wrote: > On Thu, Jul 14, 2011 at 01:55:50PM +0200, Ma Begaj wrote: >>> Also note that an attacker that has access to the storage could=20 >>> patch your GnuPG binary or other system components. >>=20 >> well that is an another story because an attacker could in that >> case patch cryptsetup too. if s/he can do that it is not important >> whether you use encrypted key file on usb stick or directly >> cryptsetup. >=20 > Indeed. But are there any realistic scenarios where >=20 > a) a passphrase is signifiacntly less secure than an encrypted=20 > passphrase stored on USB with a second pasphrase to decrypt that >=20 > and >=20 > b) the attacker does not have the possibility to patch=20 > GnuPG/cryptup/other things that make the second passphrase just as > weak as the first one? >=20 > My claim is that a realistic risk analysis will show there are no > such scenarios that are typical and hence having an encrypted > passphrase on an USB stick does not offer improved security. Improved security over which other setup? a) Unencrypted passphrase stored on a USB key. Here the second encryption step will probably give additional security in case the user looses the USB key. b) Directly entering passphrase without the need of a USB key. Here we have a typical risk of users using the same passphrase for different things or even of writing it down (on a post-it note on the screen or keyboard...). If we depend upon a USB stick with the real passphrase (encrypted by the one on the post-it note) being present at boot the attacker won't be able to utilize that passphrase. If we move kernel+initrd+cryptsetup to the USB stick and boot the machine from USB, we can even encrypt the entire harddisk, thus even someone with physical access to the machine cannot patch cryptsetup/gnupg= =2E Now it only boils down to whether a user writing down his passphrase will remember to remove the USB key ;) Regards, Heiko P.S: Thinking of law enforcement as the attacker (guess that is not that a great risk for most of us), it is possible to destroy all access to your data by destroying all the USB keys with the encrypted passphrase on them - and then you can even tell them your passphrase... - --=20 eMails verschl=FCsseln mit PGP - privacy is your right! Mein PGP-Key zur Verifizierung: http://pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e+V0ACgkQ/Vb5NagElAW5aQCfVU4p9/H64K+AQjgl33qSJjQJ 4BEAnRQ9tRptBRHM8JDdFOigyHjPH58N =3DutnI -----END PGP SIGNATURE-----