1 |
On Sat, Jun 6, 2020 at 10:07 AM Victor Ivanov <vic.m.ivanov@×××××.com> wrote: |
2 |
> |
3 |
> The problem here is that a leaked header immediately means a compromised |
4 |
> volume. An adversary who gets hold of the header can now spend as much |
5 |
> time as they would like to brute force a password (depending on password |
6 |
> strength) and derive the encryption key. Or if they have an (older) copy |
7 |
> of the header with a leaked password before it was changed they can get |
8 |
> hold of the encryption key with virtually no effort at all by using said |
9 |
> password. The only solution to a compromised header is full |
10 |
> re-encryption. Even having a rolling password won't change that. |
11 |
|
12 |
If you're talking about the drive header that is actually written to |
13 |
disk, it is as secure as the entire drive is, since the drive contains |
14 |
the header. The whole point of full-disk encryption is to keep the |
15 |
contents of the disk secure even if you lose physical possession of |
16 |
the disk. |
17 |
|
18 |
If the password can be brute-forced then the encryption is worthless. |
19 |
|
20 |
Sure, if the attacker has a copy of the header they can spend as much |
21 |
time as they wish brute-forcing it. However, the same is true if they |
22 |
have the entire disk, and that is precisely the scenario we're trying |
23 |
to guard against. |
24 |
|
25 |
If you're using LUKS the security of the system is only as secure as |
26 |
your password(s). LUKS uses a random key to encrypt the drive, and it |
27 |
applies many rounds of encryption to your password to protect the |
28 |
session key. That will greatly slow down a brute force attack. |
29 |
However, if your encryption key is "12345" then a brute force attack |
30 |
is likely to succeed. |
31 |
|
32 |
-- |
33 |
Rich |