| 1 |
Am 03.09.2012 23:23, schrieb "Roland Häder": |
| 2 |
> |
| 3 |
>> No comment on dracut as I have no experience with it. |
| 4 |
> Okay, so I have to try it out myself. When I found something out, I |
| 5 |
> expand the wiki with it. |
| 6 |
> |
| 7 |
>> |
| 8 |
>> However, as I see it, you need no key file if you just use a pass |
| 9 |
>> phrase. In my opinion, a key file is only necessary for two |
| 10 |
>> improvements: |
| 11 |
> Entering just a pass phrase means that this pass phrase will be used |
| 12 |
> to decrypt the device, if you decrypt a key before and then with that |
| 13 |
> key decrypt all your volumes you have a much better security because |
| 14 |
> that key will then be used as 'pass phrase' which is *way* much |
| 15 |
> stronger (4096+ chars + ~10-20 chars you can remember). |
| 16 |
> |
| 17 |
|
| 18 |
That's not exactly how it works. |
| 19 |
|
| 20 |
1. An attacker could still simply break the pass phrase used to encrypt |
| 21 |
the key file. |
| 22 |
|
| 23 |
2. You don't actually weaken the encryption of your disk if you use a |
| 24 |
small key (besides the obviously easier guessing of the key). The actual |
| 25 |
encryption key is generated from the pass phrase (or key file) by a hash |
| 26 |
function (default: SHA-1). This always expands or compresses your key to |
| 27 |
the key size defined when issuing `cryptsetup luksFormat`. |
| 28 |
|
| 29 |
>> |
| 30 |
>> 1. Two-factor authentication (read: encrypted key file) |
| 31 |
>> |
| 32 |
|
| 33 |
This is what makes a key file better and more secure. The attacker not |
| 34 |
only needs a pass phrase /or/ a memory stick; he needs both. |
| 35 |
|
| 36 |
>> 2. Avoiding re-typing the pass phrase for multiple dmcrypt |
| 37 |
>> partitions |
| 38 |
> See above. :) |
| 39 |
> |
| 40 |
>> You can easily achieve the second point by putting an unencrypted |
| 41 |
>> key file on the first partition which you encrypt with a pass |
| 42 |
>> phrase. You don't even need dracut for this, /etc/conf.d/dmcrypt |
| 43 |
>> lets you configure it easily (as long as it doesn't affect /usr). |
| 44 |
> Okay, I look into this. |
| 45 |
> |
| 46 |
>> |
| 47 |
>> However, I personally find it easier to put LVM on a single |
| 48 |
>> dmcrypt volume and be done this. All you need for this to work are |
| 49 |
>> two lines in /etc/rc.conf: rc_dmcrypt_before="lvm" |
| 50 |
>> rc_dmcrypt_after="udev" |
| 51 |
> I'm new to LVM, does it setup key-based encryption (best is to put |
| 52 |
> that key on an USB stick, so the attacker needs my stick). |
| 53 |
> |
| 54 |
> Regards, Roland |
| 55 |
> |
| 56 |
|
| 57 |
|
| 58 |
I guess I didn't make myself clear. Mostly because I didn't want to |
| 59 |
write a whole article on it before someone actually showed interest in |
| 60 |
this. Anyway: |
| 61 |
|
| 62 |
LVM has nothing to do with the encryption. It is just a way to partition |
| 63 |
a single dmcrypt partition into more devices. Maybe it gets clearer if I |
| 64 |
show my partitioning scheme (shortened a bit and with some artistic |
| 65 |
liberties): |
| 66 |
|
| 67 |
/dev/sda1 # /boot |
| 68 |
/dev/sda2 # root + /usr + /etc |
| 69 |
/dev/sda3 -> /dev/mapper/crypt # dmcrypt partition |
| 70 |
/dev/mapper/crypt -> vg_notebook # LVM volume group on dmcrypt |
| 71 |
vg_noteboot -> /dev/mapper/vg_notebook-var # /var |
| 72 |
vg_noteboot -> /dev/mapper/vg_notebook-home # /home |
| 73 |
vg_noteboot -> /dev/mapper/vg_notebook-swap # swap |
| 74 |
vg_noteboot -> /dev/mapper/vg_notebook-opt # /opt |
| 75 |
vg_noteboot -> /dev/mapper/vg_notebook-usr-local # /usr/local |
| 76 |
|
| 77 |
|
| 78 |
You see, it is just an alternative to different approaches on getting |
| 79 |
several parts of your file system encrypted without having to enter pass |
| 80 |
phrases for several dmcrypt partitions. Alternatives are |
| 81 |
|
| 82 |
1. Put an unencrypted key file on the first encrypted partition. |
| 83 |
2. Use a single file system on a single dmcrypt partition and then |
| 84 |
`mount --bind` or `ln -s` parts of it in different places. |
| 85 |
|
| 86 |
For me personally, it is a nice compromise as it allows me to work |
| 87 |
without an initrd while still keeping most of my file systems encrypted. |
| 88 |
I just have to make sure to leave nothing private on root, /usr or /etc. |
| 89 |
|
| 90 |
Regards, |
| 91 |
Florian Philipp |
Archives