[Pkg-cryptsetup-devel] Re: Bug#371135: encrypted swap with variable key fails

Michael Gebetsroither gebi at sbox.tugraz.at
Fri Jun 23 15:55:04 UTC 2006 

Quoting Jonas Meurer <jonas at freesources.org>:

> in my eyes, this is the same as running luksFormat every time. if you
> regenerate the master key, the data encrypted with the old master key
> will be lost. so i don't see the extra protection here, except from
> requireing to give the UUID to /etc/crypttab.

Sorry for the confusion:
i propose to require the use of luks for encrypted swap. And the user
must give the uuid of the luks partition used for swap.

If these requirements are met we could implement a 100% reliable system,
that never destroys any other partitions except the swap partition given
by the user.

To implement such a system the uuid of the luks device has to be stable...
so there are a few options to keep the uuid stable.

   - luksformat the device at every start and and setting the uuid to the
         old value (would require a changeUUID command in cryptsetup)
   - Don't format the device every startup, but only generate a new
         masterkey and userkey (would require a command to initialise a
         luks device with a new masterkey in cryptsetup)

These two options totally destroy the swap through deleting the master  
and userkeys.
There is a third option which doesn't mess arround with such lowlevel  
details. But this option has one imho _big_ drawback...
It does not change the masterkey of the swap... so every data for the  
hole lifetime of the system will be encrypted with the same key.
It's an option but i'm not very comfortable with it.

    - just add a new key with a new random passphrase and delete the old one.

This proposed system does not depend on _any_ unstable information.  
Such as checking for a known filesystem (where it's per definition  
impossible to know all filesystems).

> but it would be extra work for the admin, as setting up encrypted swap
> would differ from setting up normal encrypted data.

Normal encrypted devices don't need to be formated every time.

> how do you regenerate a masterkey and reuse it for the data that is
> encrypted with the old one? it would need to be exactly the same one.

No no, this solution is only for encrypted partitions for which the  
user want random keys.

greets,
Michael Gebetsroither

More information about the Pkg-cryptsetup-devel mailing list