On 21 Sep 2016 12:09 +0000, from eruiz03@xxxxxxxxxx (Ruiz, Edwin): > 1. When LUKS is applied to a partition of a drive, is > decrypted data only stored in memory and never written back to the > drive (unencrypted). LUKS does not re-write decrypted data to the disk; doing so would defeat its purpose, and would also require things like keeping track of which data is encrypted and which is decrypted on disk (which there is no room for). As a consequence, a LUKS container is always fully encrypted with a single encryption key (even if it is not, it is treated as such), and that encryption key is protected by the various key slot passphrases. That said, _other_ system components or software may write out data in decrypted form (because that's how it appears to them), but that is beyond the scope of LUKS. You can mitigate this by ensuring that all writable locations within the file system are backed either by RAM (thus having the same data remanence properties as LUKS itself) or by encrypted containers on persistent storage. Make sure your swap, if any, is also encrypted, preferably with a random key regenerated on each boot. That gives swap similar data remanence properties to the RAM that holds the key while the system is running. > 3. What are the implications of a system that is shut down > (powerloss, critical failure, etc.) without the command "lucksClose" > issued to an encrypted device? Should be none in particular. The purpose of luksClose is basically to clear the key material from RAM and tear down the device mapper bindings. If the system is shutting down anyway, doing that or not doesn't really change much in the grand scheme of things; luksClose is largely a housekeeping operation. By not having done a luksClose or luksSuspend before the shutdown, it is _possible_ that key material might remain in RAM after power-off, and it is _possible_ that this might allow for a cold boot attack. That, however, is something that LUKS by itself cannot really protect against. A lockable case with a decent locking mechanism will mitigate against this threat; by the time an adversary can get the case open sufficiently to gain access to the RAM modules, in or above room temperature, RAM data remanence _should not_ be a major concern. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
