On Sun, Nov 24, 2019 at 07:34:34 CET, Fourhundred Thecat wrote: > On 23/11/2019 09.21, Arno Wagner wrote: > > If you do that, you kill the security model of LUKS. > > Did you read my original post ? Yes. > I explaines, that the LUKS header is never stored on disk. What use are > antiforensic stripes, when LUKS header only exists in memory ? You think memory is somehow immune to forensics and it cannot go to disk? Here is news for you, in a virtualized situation even locked memory may go to disk and there is nothing you can do about it. > > The anti-forensic stripes are not some gadget, they > > are central. > > yes, when header is stored on disk. No. When using LUKS. If you want something else with a different security model, do it yourself. It will not be LUKS though. > > Also, the key-slots are the stripes. There > > are no 4kB you can take out and reconstruct the key > > from them. > > > That said, I think if you have an issue with 10MB extra > > today and are willing to sacrifice security to get rid > > of them, then you are doing it massively wrong. Maybe > > just do without encryption and security, it clearly is > > not your first priority.... > > Actually, I believe my scheme is more secure than the default. No. That would require for LUKS to be insecure. But your model is less reliable, less flexible and more cumbersome and does not have a careful, competent security analysis. > My luks > header is detached and is stored encrypted on SD card, separate from the > disk. In plaintext form, it only exists in memory. So? > It is not that 10MB are unbearable. I just see no use in antiforensic > stripes when stored in memory. So you are willing to bank your security on your own security analysis and request that others change a tool that has stood the test of time so your own model can be implemented more easily? Sorry, please go away and do your own thing by yourself. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
