On 24 Apr 2017 18:00 +0100, from dominic@xxxxxxxxxxxxxxx (Dominic Raferd): > Is there any possibility that a malicious third party (disgruntled > ex-sysadmin perhaps) gained root access to the machine during its last > session and changed the passphrase? Does that not require knowledge of a current passphrase? I believe it does. Which of course said third party _could_ have. > As an aside, of no help to OP I'm afraid: is a prior backup of the > LUKS header a protection against this scenario (i.e. against a > subsequently deleted, or changed and now unknown, passphrase)? Yes. A copy of the LUKS header and a passphrase that was valid at the time the header copy was made will allow access, as long as the master key is unchanged (no cryptsetup-reencrypt in the interim). The only way to mitigate this threat AFAIK is to change the master key of the container. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
