On 12/16/2010 07:27 PM, Matthew Mosesohn wrote: > I am wondering if I perform this setup (cryptsetup version 1.1.2), > how much risk do I expose my systems to? > > Step 1: Create a base install that is encrypted with a fixed > passphrase Step 2: Create a disk image of this installed system Step > 3: Deploy image on N number of other systems Step 4: Change the > passphrase on all deployed systems > > What happens if the passphrase becomes compromised on one of these > systems? Can that person gain the original LUKS AES key to the disk > and therefore obtain a way to break into all of the other systems? Yes, cloning the whole device including LUKS header and changing just the passphrase keeps the same volume key exposes all system to risk. Everyone with any passphrase to any system can decrypt volume key and get access to all cloned systems. Moreover, everyone can check which sectors changed even without any passphrase knowledge as a bonus (just check which sectors changed). The proper way is create new LUKS header (with new passphrase and volume key) and clone _content_ (plaintext device) of encrypted disk. Still if you know origin disc content you are in better position that when you know nothing about the disc but this problem can be probably ignored in most use cases (secure stolen laptop etc) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
