Arch Linux

Rone

Member

Registered: 2015-04-27

Posts: 35

[SOLVED] Dm-crypt/LUKS encryption and a basic security question

Hello everybody,

I'm taking time to read the wiki about dm-crypt. I have one question concerning dm-crypt/LUKS encryption relative to security.

Here is the section that i wish to understand correctely :

https://wiki.archlinux.org/index.php/Dm … s_and_keys

An important distinction of LUKS to note at this point is that the key is used to unlock the master-key of a LUKS-encrypted device and can be changed with root access. Other encryption modes do not support changing the key after setup, because they do not employ a master-key for the encryption.

Does that means that if an attacker don't know the key (the passphrase or the keyfile) that serve to unlock the master-key of a dm-crypt/LUKS encrypted device, he just have to become root to unlock it and circumvent the encryption ?

Rone

Last edited by Rone (2015-05-04 17:20:23)

bleach

Member

Registered: 2013-07-26

Posts: 264

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

yes I believe so like any key system you point to the key file and there you go access it is a key file system. I would assume under that system you keep the key some where safe like one you away from the computer when you are not there. even under the unlocking master key system people do keep a file on usb for extra security even if some one got access to the computer and had the password(asuming they added pass and key file) if they do not have the key file no access.

so yep if they store it on the computer.

teateawhy

Member

From: GER

Registered: 2012-03-05

Posts: 1,138

Website

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

Does that means that if an attacker don't know the key (the passphrase or the keyfile) that serve to unlock the master-key of a dm-crypt/LUKS encrypted device, he just have to become root to unlock it and circumvent the encryption ?

Typically your LUKS container is unlocked at boot. An attacker who is root doesn't need to unlock the the container anymore, he can just read the contents after you have unlocked it yourself. This means encryption does not protect against any type of vulnerability that helps the attacker become root, after you have unlocked the container.
If it is not unlocked already, and you need to enter a password to do so, an attacker with root can not unlock the container without also knowing the password or keyfile. However, it seems likely that an attacker with enough pacience and root will just log the keyboard and wait for you to enter it some day.
If you have only a keyfile and no password, and the keyfile is on a filesystem attached to the computer, an attacker with root could possibly find that and use it to unlock the container.
For best results, use a password and a keyfile.

Rone

Member

Registered: 2015-04-27

Posts: 35

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

@bleach sorry, but i didn't succeed to follow your explanation.

@teateawhy thank you for reminding some usual cases, that helps to better understand the context.

Typically your LUKS container is unlocked at boot. An attacker who is root doesn't need to unlock the the container anymore, he can just read the contents after you have unlocked it yourself. This means encryption does not protect agains
t any type of vulnerability that helps the attacker become root, after you have unlocked the container.

You're absolutely right, a basic case to have in mind.
I was thinking about the case of having an external disk drive, not plugged to any computer, but carrying sensitive data to protect, with someone (the "attacker") that could plug the disk to any Linux host, having root access privileges.

If it is not unlocked already, and you need to enter a password to do so, an attacker with root can not unlock the container without also knowing the password or keyfile.

So, if i understand, setting (a strong) passphrase on the key or the keyfile, prevent anyone who could steal the encrypted disk, find an easy way to decrypt the data on it.
Thus, a passphrase is necessary to protect data on a dm-crypt/LUKS encrypted drive, which could be internal or external drive (plugged or not) be it internal or external.

Even with root access privileges, it would be impossible to unlock the container. That's great so !

However, it seems likely that an attacker with enough pacience and root will just log the keyboard and wait for you to enter it some day.

keylogger i think you mean. But that it is for a true attacker also, or intelligence agencies

If you have only a keyfile and no password, and the keyfile is on a filesystem attached to the computer, an attacker with root could possibly find that and use it to unlock the container.
For best results, use a password and a keyfile.

Thanks, i will remember !
So if the keyfile is not protected with any passphrase, and the keyfile is recorded on the filesystem metadata, it would be the same, your container could be unlocked by anyone, right ?

Rone

Last edited by Rone (2015-04-29 10:59:37)

bleach

Member

Registered: 2013-07-26

Posts: 264

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

sorry that was not very clear

to protect against keyloging would be to have a keyfile like on a thumb drive that you keep on you. it is also stored in ram for a minute or two or longer if you keep them cool and the info can be extracted via a dump. a good combo would be a password and keyfile requiring both to open. this is pretty extreme though for most people.ww

Last edited by bleach (2015-04-29 10:39:55)

Rone

Member

Registered: 2015-04-27

Posts: 35

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

@bleach thanks for your contribution, you're right, keeping the key with you, would be an additional security measure. I will keep in mind too.

Rone

Member

Registered: 2015-04-27

Posts: 35

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

Returning to my first quote taken from the wiki, i am note sure the discussion we had above was exactly relative to it ... I am a bit confused.

Last edited by Rone (2015-04-29 12:01:26)

jjacky

Member

Registered: 2011-11-09

Posts: 347

Website

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

https://wiki.archlinux.org/index.php/Dm … s_and_keys

An important distinction of LUKS to note at this point is that the key is used to unlock the master-key of a LUKS-encrypted device and can be changed with root access. Other encryption modes do not support changing the key after setup, because they do not employ a master-key for the encryption.

Does that means that if an attacker don't know the key (the passphrase or the keyfile) that serve to unlock the master-key of a dm-crypt/LUKS encrypted device, he just have to become root to unlock it and circumvent the encryption ?

No, of course not.

I believe the note is pointing out a difference between how LUKS works vs how e.g. plain mode works: basically, the later uses whatever passphrase/keyfile you provide as key to perform the encryption. So if you used "foobar" to encrypt your data, only "foobar" can be used to decrypt them, and you can't change that.

However, with LUKS a master-key is actually used to encrypt your data, and your passphrase/keyfile is used to "unlock" said master-key. What this means is that you can have more than one passphrase/keyfile to access your data, and you can also add/remove some over time. This is because with LUKS you have keyslots, and each of them can contain a key to unlock the master-key. So if you've used "foobar" as passphrase, you could add a new passphare, say "barfoo", to another keyslot. Now either "foobar" or "barfoo" can be used to access your data. You can use this to e.g. have a passphrase that you can enter manually, and also a keyfile to be used automatically.  Again, each key can be used independently, you only need one to access your data.
You could then even remove "foobar" and effectively only "barfoo" could then be used, since there would be no more key corresponding to "foobar".

(It should also be noted that this also means your data can be accessed with an "old" key even one that no longer exists in any slot if one has an old header. For example, say you used "foobar" as key, then added "barfoo" and eventually removed "foobar". So now the only way to access your data is using "barfoo" as that's they only key there is (in the LUKS header/keyslots). However, with a backup of the original LUKS header, you could restore it and then use "foobar" again to access your data, while "barfoo" would not work anymore since there wouldn't be no corresponding key anymore in the any slot.)

---

blog - github

Rone

Member

Registered: 2015-04-27

Posts: 35

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

@jjacky I'm happy to read your explanations, because there are some details i wanted to understand before making choice between the different encryption methods.

Your comment allowed me to see my misinterpretation about how actually dm-crypt works, and was for me an incentive to read the man of cryptsetup command, that helped me better understand the mechanism.

So ok, key/passphrase/keyfile points to the same thing, a password and nothing else,  except that keyfile allows much more longer password than passphrase. Each keyslot, if i understood, can store an hashed key.
And someone (e.g  an "attacker")e.g who steal a LUKS "volume" (disk or partition), won't be able to read the encrypted volume, if he doesn't know one of these keys.
To change a key (a key stored in a keyslot) he has to know it, because it will be prompted to give it before it can be changed, and of course, i suppose that it must be root to do it.

In the man, i also found this paragraph interesting, that can complete what you explained about LUKS header, speaking here about the master-key (see the bold sentence below).
So changing the header information, means changing one or more keyslots, but not the master-key, that if you accidentally altered or lost, would let you with inaccessible encrypted data :

luksDump <device>

              Dump the header information of a LUKS device.

              If the --dump-master-key option is used, the LUKS device master key is dumped instead of the keyslot info. Beware that the master key cannot be changed and can be used to decrypt the data stored in the LUKS container
              without a passphrase and even without the LUKS header. This means that if the master key is compromised, the whole device has to be erased to prevent further access. Use this option carefully.

              In order to dump the master key, a passphrase has to be supplied, either interactively or via --key-file.

              <options> can be [--dump-master-key, --key-file, --keyfile-offset, --keyfile-size].

              WARNING: If --dump-master-key is used with --key-file and the argument to --key-file is '-', no validation question will be asked and no warning given.

Last edited by Rone (2015-04-29 16:47:44)

Rone

Member

Registered: 2015-04-27

Posts: 35

Re: [SOLVED] Dm-crypt/LUKS encryption and a basic security question

I consider this thread as "solved" because i received replies that showed me dm-crypt is a secure mecanism to protect data on a disk/partition : only the person(s) who knows one of the keys/keyfiles/passwords (stored by keyslots) would be able to access the encrypted data on the disk/partition. Even if you owned root privileges, you could not access the encrypted data of a dm-crypt disk/partition without knowing at least one of those keys.

As i didn't have any true practical experience yet with dm-crypt, don't hesitate to correct any mistakes or approximation you can find where we tried to explain dm-crypt mechanism.

Last edited by Rone (2015-05-04 17:45:00)