[pkg-cryptsetup-devel] Bug#707591: cryptsetup: speed up initramfs by reading the passphrase early

Alasdair G Kergon agk at redhat.com
Thu May 9 23:32:14 UTC 2013


On Thu, May 09, 2013 at 11:57:18PM +0200, Helmut Grohne wrote:
> On Thu, May 09, 2013 at 06:04:51PM +0100, Alasdair G Kergon wrote:
> > How are you ensuring the passphrase is securely handled and no remnants 
> > of it remain in memory or on disk?
> 
> I hope that it is ok to quote your question in a public way and carries
> no personal detail even though you sent it privately.
 
(I had intended to cc the bug but didn't notice my mailer hadn't
picked it up.)

> Q: How to ensure that the pass phrase does not remain in memory?
> A1: You don't. You need the key in memory to decrypt the data anyway.
> A2: My current approach does not handle the case of the pass phrase not
>     being used, but that could be solved by adding another script to
>     init-bottom to clean up. This actually appears like a sensible
>     improvement. Thanks!
 
The rest of the tools try to be careful to track any memory into which the
passphrase or key is written and to wipe that memory before freeing it.
Your proposal could document cases where this isn't done so users
are aware.

(There was testing by running cryptsetup inside VMs then scanning them
from outside for stray copies of the keys that didn't need to be there
and tracking down where they came from and fixing the code.)

Alasdair



More information about the pkg-cryptsetup-devel mailing list