Hello, > I was shocked to learn that the encryption keys for dm-crypt volumes are > visible to root: You are right :- I am equally shocked that the kernel-stored keys are available to root. It is not impossible to make a crack with root privileges, because there are so many things that need to be done at root level, and far from all users know precisely when and why. If I had it my way (and I probably won't) then that part of the kernel memory dumps would also be overwritten with zeroes. In the same line of though, I would suggest making the key unreadable in the dump. I agree visible keys are great aids to all sorts of useful purposes, but they make it _very_ easy for unknowledgeable crackers to have their way on a system; getting them out of a kernel dump requires more skill and more interaction with the file. Calling this security through obscurity is just as fair as calling root-only access to keys an obscure form of security. (This is intentionally an equation, in the hope to bypass a debate about when something is obscure security.) What is the use of setting up an encrypted filesystem? It is to avoid that a disk is accessible when the trusted system isn't running and others can gain root access. But in this situation, it is also easy to install a bit of code that taps the key from the friendly listing from "dmtable swap", and learn the encryption key for swap or file system. The only disk encryption scheme that works somewhat is when the key is kept outside the encrypting fs and inserted only (through a smart card, a keyboard or whatever) when the right system is running. It only works reliably if this key is passed straight from the point of entrance to the place it is needed, without sending it elsewhere, and without tapping points. This is only possible if the Linux kernel dump hides the key, as well as the dmcrypt interface. Having said that, disk encryption generally seems to end up in a loop, where it has to rely on unreliable things, so that the encryption is rarely as strong as cryptographers want it to be. Best wishes, Rick van Rein. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
