On Tue, Dec 11, 2012 at 04:34:40PM +0100, Erik Logtenberg wrote: > Hi Arno, > > Thanks for your explanation. You are welcome. > It is good to know that the 128 bit > symmetric encryption key is still considered okay to some extent. Until AES gets (real-world) broken, it will be secure. So not only "to some extent" ;-) > I did try the keylength site, and if I want my volume to be secure until > roughly a decade after my projected demise, say 2100, then the adviced > symmetric key size is already 135, 147 or 256 depending on the used > method. So it'd still be somewhat better to increase the current 128 a bit. There are no reliable forecasts for 2100. Even 30 years is highly speculative. Brute-forcing 128 bits may not be possible even in 2100, but AES may get broken. And, as I said, your passphrase needs to be 128 bit as well (well, accounting for iteration, only something like 110 bit, but that is still 22 random characters and letters). > > (you do have backup, right?). > > Actually I am talking about my backup volume. And as such, it is quite a > bit of data, that I don't have a (second) backup of. Neither do I have > enough storage available to make an additional backup, nor the required > amount of time, since a full copy/restore of such a volume would take weeks. I see. My advice would be to get that second backup and just copy the primary backup over to it. > In fact, there seems to be a second use case for re-encrypting an > existing volume. I read some articles explaining the possibility to use > the luksDump command in conjunction with the --dump-master-key option on > a mounted luks volume, to reset the password even if the current > password is no longer known. > Additionally, also the luksHeaderBackup command is available to extract > the master key. That does not help you to change the master key, and that is what you need to do if you want a longer one. A better passphrase can just be added (luksAddKey) and then the old one removed (luksRemoveKey). But with this the master key and disk encryption cipher stay the same. > So there are at least two methods of extracting a master key. Now if I > would suspect that a machine, that has a luks volume mounted, was > compromised to the extent that someone had temporaryly gained root > access, I would not only have to reset (all) passwords after fixing the > security hole, but also I would have to create a new master key to be sure. Yes. And new data, as the attacker had access to all of it. Of course, that is usually not possible... > Is the cryptsetup-reencrypt tool also meant for that purpose? In fact that would be its primary use. And the case does arise. Milan is a very careful developer/maintainer and would not have created a potentially unsafe tool like this otherwise. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
