On 10/29/23 20:16, Jonathan Billings wrote:
On Oct 29, 2023, at 11:00, Roberto Ragusa <mail@xxxxxxxxxxxxxxxx> wrote:
On 10/29/23 04:13, Robert Nichols wrote:
On 10/28/23 21:20, Robert Nichols wrote:
Yes, as long as the device is currently unlocked
Oops. I just realized that recovering the master key from the kernel works only for LUKS1. Your device is using LUKS2, and and accessing the key from userspace is not possible with LUKS2. Sorry.
Really? I was not aware of that.
So keeping my systems far away from LUKS2 has been a good idea.
This is actually a good thing. Being able to extract a key was a security hole.
As far as I can see in this thread, it consists in hostility against
the owner of the machine, which is risking something similar to
a ransomware event.Data availability is one of the aspects of security, so this feature
is indeed a security issue.
Regards.
--
Roberto Ragusa mail at robertoragusa.it
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue