[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

[dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

[Christoph Anton Mitterer]

[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]

Hey.

I just wondered the following:
- Are there any security concerns (e.g. simplified statistical attacks
  or whatever), when one places a RAID (e.g. btrfs RAID or MD RAID) on
  top of dmcrypt devices?
- Are there any security concerns when different dm-crypt devices (with
  different master-keys), e.g. ones that form a RAID as above, are
  created with the same keyslot passphrase/key?
  (Of course apart the obvious one, that one can decrypt all with the
  single key)?

If so, does it depend on the cipher/mode/etc? I'd use aes-xts-plain64.

I wouldn't think so, but just for confirmation...



Perhaps in addition:
As you can imagine the setup I'd like to do is e.g. something like n
physical devices, each holding a LUKS container (with different master
key, but all with the same keyslot key), on top of them some btrfs
RAID5/6 (should that ever get stable before I die ;-) )...
Probably I'll do LVM between dmcrypt and btrfs, because I'd actually
want to create two independent btrfs filesystems on top of dmcrypt.

Any performance or stability issues with such setup?


Thanks,
Chris.

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5930 bytes --]

Re: [dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

[David Christensen]

On 06/02/2016 04:47 PM, Christoph Anton Mitterer wrote:
> ... RAID (e.g. btrfs RAID or MD RAID) on top of dmcrypt devices?
> Any performance or stability issues with such setup?

If you put encryption on top of a RAID of N devices, your CPU will have 
to process one layer of encryption.  If you put a RAID on top of N 
encrypted devices, your CPU will have to process N layers of encryption. 
  But if you have enough cores and/or AES-NI, the latter might perform 
better.  Benchmark to find out.


For stability, the kernel, device drivers, dm-crypt, LVM, btrfs, etc., 
need to function correctly under concurrent workloads.  Choose your 
software accordingly.


David

Re: [dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

[Christoph Anton Mitterer]

[-- Attachment #1: Type: text/plain, Size: 892 bytes --]

On Thu, 2016-06-02 at 19:41 -0700, David Christensen wrote:
> If you put encryption on top of a RAID of N devices, your CPU will
> have 
> to process one layer of encryption.  If you put a RAID on top of N 
> encrypted devices, your CPU will have to process N layers of
> encryption. 
Well that's of course clear (I should have mentioned this),... but I
cannot do the former with btrfs RAID, which in turn has the nice
feature of being able to (try to) recover from silent block corruption
(via the checksums), which MD RAID cannot.


> For stability, the kernel, device drivers, dm-crypt, LVM, btrfs,
> etc., 
> need to function correctly under concurrent workloads.  Choose your 
> software accordingly.
Well...are there any current known issues in here? I used to remember
that btrfs once had problems on top of dm-crypt, but that's long ago.


Thanks,
Chris.

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5930 bytes --]

Re: [dm-crypt] security concerns with RAID on top of dmcrpyt and with mulitple devices with the same key slot key?

[David Christensen]

On 06/02/2016 08:14 PM, Christoph Anton Mitterer wrote:
> On Thu, 2016-06-02 at 19:41 -0700, David Christensen wrote:
>> If you put encryption on top of a RAID of N devices, your CPU will
>> have
>> to process one layer of encryption.  If you put a RAID on top of N
>> encrypted devices, your CPU will have to process N layers of
>> encryption.
> Well that's of course clear (I should have mentioned this),... but I
> cannot do the former with btrfs RAID, which in turn has the nice
> feature of being able to (try to) recover from silent block corruption
> (via the checksums), which MD RAID cannot.

Similarly, OpenZFS on encrypted volumes.


>> For stability, the kernel, device drivers, dm-crypt, LVM, btrfs,
>> etc.,
>> need to function correctly under concurrent workloads.  Choose your
>> software accordingly.
> Well...are there any current known issues in here? I used to remember
> that btrfs once had problems on top of dm-crypt, but that's long ago.

My laptop has Debian 7 (Wheezy) with btrfs root on LUKS on one SSD 
partition.  Both my kernel and btrfs versions are fairly old.  So, my 
btrfs is lacking features.  When I install btrfs-tools, it issues 
warnings about btrfs being under heavy development.  But, the laptop 
seems to work reliably.


You might want to dig through the bug reports for the various pieces on 
whatever Linux distribution and release you are considering.


David