[Pkg-cryptsetup-devel] Re: Bug#371135: encrypted swap with variable
key fails
Michael Gebetsroither
gebi at sbox.tugraz.at
Fri Jun 23 15:55:04 UTC 2006
Quoting Jonas Meurer <jonas at freesources.org>:
> in my eyes, this is the same as running luksFormat every time. if you
> regenerate the master key, the data encrypted with the old master key
> will be lost. so i don't see the extra protection here, except from
> requireing to give the UUID to /etc/crypttab.
Sorry for the confusion:
i propose to require the use of luks for encrypted swap. And the user
must give the uuid of the luks partition used for swap.
If these requirements are met we could implement a 100% reliable system,
that never destroys any other partitions except the swap partition given
by the user.
To implement such a system the uuid of the luks device has to be stable...
so there are a few options to keep the uuid stable.
- luksformat the device at every start and and setting the uuid to the
old value (would require a changeUUID command in cryptsetup)
- Don't format the device every startup, but only generate a new
masterkey and userkey (would require a command to initialise a
luks device with a new masterkey in cryptsetup)
These two options totally destroy the swap through deleting the master
and userkeys.
There is a third option which doesn't mess arround with such lowlevel
details. But this option has one imho _big_ drawback...
It does not change the masterkey of the swap... so every data for the
hole lifetime of the system will be encrypted with the same key.
It's an option but i'm not very comfortable with it.
- just add a new key with a new random passphrase and delete the old one.
This proposed system does not depend on _any_ unstable information.
Such as checking for a known filesystem (where it's per definition
impossible to know all filesystems).
> but it would be extra work for the admin, as setting up encrypted swap
> would differ from setting up normal encrypted data.
Normal encrypted devices don't need to be formated every time.
> how do you regenerate a masterkey and reuse it for the data that is
> encrypted with the old one? it would need to be exactly the same one.
No no, this solution is only for encrypted partitions for which the
user want random keys.
greets,
Michael Gebetsroither
More information about the Pkg-cryptsetup-devel
mailing list