On Wed, Aug 03, 2011 at 12:35:55PM +0100, Laurence Darby wrote: > > Hello again, > > Arno Wagner wrote: > > > > Alternatively, I could just do this: > > > > > > ( cat ~/pass_key ; cat ) | cryptsetup luksOpen --key-file > > > - /dev/loop1 loop1 > > > > > > so I still have to provide both the key and passphrase, terminated > > > with Ctrl-D. Any thoughts? > > > > Yes, why do you not use the passphrase entry function of cryptsetup > > directly? Without a specific and credible risk, there is no > > reason to do anything of what you describe here... > > > Ok, but I may have a reason I need to do this anyway, that probably no > one else has - these disks are external usb connected disks and they are > noisy, so I keep them powered off unless backing up to them. Their power > management is really broken, or maybe linux is, so I connected them to > a relay on the parallel port to properly power them off. That setup has > been working for years, and to keep it automated with encryption, the > key has to be stored somewhere, doesn't it? Yes. > I'm not sure I understand the point of having a key file, if that key > file isn't protected somehow - an attacker would have access to the > machine that stores the key as well. (I'm not going to spend ?50000 on > a HSM for this, that would be overamplifing risks by a very long way) > > An attacker would have to break into the system after I've entered the > passphrase, without powering it off (notwithstanding cold-boot > attacks), but that's the same case as with normal disk encryption, > isn't it? If the disks were kept powered on, I would enter the > passphrase once at boot up, and keep the disk mounted. Isn't that what > everyone else does? To get the same but with the disks powering off, I > would decrypt the passphrase to a ramfs (not /dev/shm, as that can get > written to swap), and make cryptsetup read it from there. Why don't you just use decrypt_derived or have an encrypted partition that is not powered down? You can put the keys there without additional protection (well, root read rights, but not more)? > > I would suggest you read up a bit more on cryptography. > > "Cryptography Engineering" by Schneier et al. is a good book for > > example, to get a good understanding of cryto technology > > and risks. > > > > You are at the moment in this dangerous "half-knowledge" state, > > were you see some risks and overamplify them, while you completely > > miss others. It is normal to go through this stage, but make sure > > you leave it behind. > > Yes, well, I know that, and really if I didn't overamplify some > risks, then I would probably just not bother with disk encryption at > all, but that doesn't achieve or teach me anything. Anyway, I live in > the UK which has the RIPA act, so they send people to prison simply for > not handing over the keys. Check the references on > http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000 Pretty bad that, I agree. The UK has given up on being civilized and having a fair legal system in that regard. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
