Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: encrypted swap with
variable key fails
Jonas Meurer
jonas at freesources.org
Tue Jun 20 21:28:57 UTC 2006
On 20/06/2006 Andrew Pimlott wrote:
> On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote:
> > On 20/06/2006 Andrew Pimlott wrote:
> > > I mean _if I explicitly promise so_, we should expect that. So give me
> > > some configuration directive like LuksOnly that I can set.
> >
> > looks like overkill for me. users who use only luks don't need to
> > specify that. 'cryptsetup isLuks' is run against every source device
> > anyway, before invoking 'cryptsetup luksOpen'. so there should be no
> > need for a LuksOnly option.
>
> But as I understand, a randomly keyed partition can't be done with Luks
> (or can it?). So even for a user who uses Luks for all his permanent
> partitions, there will still be the swap partition (or mabye a /tmp
> partition) that cannot be identified. If we had LuksOnly, we could be
> confident that those partitions are disposible.
first, LUKS devices with random key are possible, you just need to store
the random key after luksFormat, to reuse it for luksOpen. afterwards
you can shred/wipe the key.
> However it may still be overkill. I would be happy enough if there were
> a check for randomly keyed swap partitions that verifies that the source
> device is 1) not a formatted, unencrypted volume and 2) not Luks.
> That's still a good measure of safety.
yes, that's exactly what i suggested as well. in my opinion, up to now all
other proposed checks are compromises which have disadvantages as well.
and everybody is free to add his/her own (pre)checks to encrypted partitions.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list