Hello dm-cryptics, I was shocked to learn that the encryption keys for dm-crypt volumes are visible to root: # dmsetup table swap 0 1975932 crypt aes-cbc-plain 3132333435363738313233343536373831323334353637383132333435363738 0 3:6 0 The 3132... reveals what I put in the keyfile that I setup for this test. Showing this kind of information is a Bad Idea. It means, for example, that an encrypted swap can be read after system down by anyone who happened to record this bit of information. It also means that encrypted file systems, which have to rely on symmetric encryption with long-lived keys, are a lot more open to attacks than strictly necessary. It has always been good design practice to hide keys like these from users, even root, because the forward-direction of supplying the same key at later sessions is always possible. The convenience of listing the table in a copy/paste mode is far too convenient for attackers. Best regards, Rick van Rein, OpenFortress Digital signatures http://openfortress.nl --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
