| 1 |
On Sat, Jun 6, 2020 at 10:07 AM Victor Ivanov <vic.m.ivanov@×××××.com> wrote: |
| 2 |
> |
| 3 |
> The problem here is that a leaked header immediately means a compromised |
| 4 |
> volume. An adversary who gets hold of the header can now spend as much |
| 5 |
> time as they would like to brute force a password (depending on password |
| 6 |
> strength) and derive the encryption key. Or if they have an (older) copy |
| 7 |
> of the header with a leaked password before it was changed they can get |
| 8 |
> hold of the encryption key with virtually no effort at all by using said |
| 9 |
> password. The only solution to a compromised header is full |
| 10 |
> re-encryption. Even having a rolling password won't change that. |
| 11 |
|
| 12 |
If you're talking about the drive header that is actually written to |
| 13 |
disk, it is as secure as the entire drive is, since the drive contains |
| 14 |
the header. The whole point of full-disk encryption is to keep the |
| 15 |
contents of the disk secure even if you lose physical possession of |
| 16 |
the disk. |
| 17 |
|
| 18 |
If the password can be brute-forced then the encryption is worthless. |
| 19 |
|
| 20 |
Sure, if the attacker has a copy of the header they can spend as much |
| 21 |
time as they wish brute-forcing it. However, the same is true if they |
| 22 |
have the entire disk, and that is precisely the scenario we're trying |
| 23 |
to guard against. |
| 24 |
|
| 25 |
If you're using LUKS the security of the system is only as secure as |
| 26 |
your password(s). LUKS uses a random key to encrypt the drive, and it |
| 27 |
applies many rounds of encryption to your password to protect the |
| 28 |
session key. That will greatly slow down a brute force attack. |
| 29 |
However, if your encryption key is "12345" then a brute force attack |
| 30 |
is likely to succeed. |
| 31 |
|
| 32 |
-- |
| 33 |
Rich |
Archives