Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: encrypted swap with
variable key fails
Andrew Pimlott
andrew at pimlott.net
Thu Jun 22 05:25:35 UTC 2006
On Tue, Jun 20, 2006 at 11:28:57PM +0200, Jonas Meurer wrote:
> On 20/06/2006 Andrew Pimlott wrote:
> > On Tue, Jun 20, 2006 at 10:10:24PM +0200, Jonas Meurer wrote:
> > But as I understand, a randomly keyed partition can't be done with Luks
> > (or can it?).
>
> first, LUKS devices with random key are possible, you just need to store
> the random key after luksFormat, to reuse it for luksOpen. afterwards
> you can shred/wipe the key.
True, but this can't be configured in crypttab, which makes it
effectively unavailable. Moreover, it wouldn't provide much additional
safety. Presumably, a hypothetical "luksrandom" keyword in crypttab
would mean: check that it's a luks partition, than re-luksFormat and
luksOpen with the same random key. The problem is, this would happily
trash any normal (non-randomly-keyed) luks partition. So you really
want an explicit marker that says "I am disposable".
> > However it may still be overkill. I would be happy enough if there were
> > a check for randomly keyed swap partitions that verifies that the source
> > device is 1) not a formatted, unencrypted volume and 2) not Luks.
> > That's still a good measure of safety.
>
> yes, that's exactly what i suggested as well. in my opinion, up to now all
> other proposed checks are compromises which have disadvantages as well.
Cool. So you would special case a key of /dev/*random, and perform only
those two checks? In other words, would my existing configuration
swap /dev/hda2 /dev/urandom swap
start working again? That sounds like a nice resolution.
Andrew
More information about the Pkg-cryptsetup-devel
mailing list