[opensuse-security] LUKS and its master key
I found LUKS recently through SUSE Linux 10.3, and the other night a read an article in c't 2006/11. I can't seriously appreciate the technical internals, as I'm not too compentent there. Anyway: Kudos to Clemens Fruhwirth! But I am not really sure, whether I can trust, what I read in that article regarding the master key, spefically that the master key can be read from the LUKS volume by the sys admin without any difficulties. Does that really mean, that as soon as somebody gains control over my computer with a mounted LUKS encrypted (external) disc and he also manages to gain root priviliges, that he can retrieve the necessary information, to mount that disc himself with LUKS-means again?!? I mean without me passing the keys to him. If that is seriously so, I think I will have to find myself another disc encryption toolset, as I cannot tolerate, that intruders can deal with my personal data without my explicit permission and support. Whether those intruders have governmental permissions, I don't f...ing care. I appreciate your serious comments. J. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Am Donnerstag 17 Mai 2007 schrieb Jochen+opensuse-security@hayek.name: Hi Jochen,
manages to gain root priviliges, that he can retrieve the necessary information,
There is no easy way to prevent this for any Linux encryption solution. As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system. Regards, -- martin konold -- e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Sitz: Adolfstraße 23 Stuttgart - Partnerschaftsregister Stuttgart PR 126 http://www.erfrakon.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi Martin, Martin Konold wrote:
As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system.
That is not true for encrypted disks as long as I don't enter the key (and the one who gained root-access has a keylogger installed). The data should be safe at least until then. Otherwise encryption would be senseless - you can get root on every machine with a boot-CD in minutes. Greetings, Ralf --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Ralf Ronneburger wrote:
Martin Konold wrote:
As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system.
That is not true for encrypted disks as long as I don't enter the key (and the one who gained root-access has a keylogger installed). The data should be safe at least until then. Otherwise encryption would be senseless - you can get root on every machine with a boot-CD in minutes.
Encryption *is* senseless for anything but a mobile device like a laptop or a PDA. "If you think that encryption will solve your security problems, then you understand neither encryption nor security." -- attributed to several different people. Encryption is a technique for requiring a key to be able to transform cypher text into plain text. In terms of access control on a computer, what it does is change the access control problem into the *key* access control problem. Every program and user who needs access to the data will need the key. Before encryption, the attacker only had to obtain the privileges of these programs and users. After encryption, the attacker *still* only has to obtain the privileges of these programs and users, and then steal their keys. The one case where storage encryption makes sense is for mobile devices like laptops and PDAs. This is because you can put the key on a memory stick or such device and keep it in your pocket, *separate* from the device. You plug the key into the computer when you want to access the data, and use applications that keep the key in memory and *very* carefully avoid ever letting it page to disk. If you try this on a server, you end up with a Hobson's Choice: * If you store the key on the server, you get zero security value from encryption as the attacker can now steal the key and the data instead of just stealing the data. * If you do *not* keep the key on the server, then some human has to go down town and physically insert the key every time there is a crash or a power outage. You likely significantly degrade your service availability as a result. No, I'm not kidding: encryption is useless for data access control, don't bother with it, except in the personal context where the key and the data can be separated without compromising availability. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Crispin Cowan schrieb:
Encryption *is* senseless for anything but a mobile device like a laptop or a PDA.
"If you think that encryption will solve your security problems, then you understand neither encryption nor security." -- attributed to several different people.
True. What I wanted to say (and I think I did not make this clear enough) is that only unmounted volumes are safe with encryption, mounted ones are never. That's why it makes only sense for desktop and even more notebook-computers. Greetings, Ralf --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Ralf Ronneburger wrote:
Crispin Cowan schrieb:
Encryption *is* senseless for anything but a mobile device like a laptop or a PDA.
"If you think that encryption will solve your security problems, then you understand neither encryption nor security." -- attributed to several different people.
True. What I wanted to say (and I think I did not make this clear enough) is that only unmounted volumes are safe with encryption, mounted ones are never. That's why it makes only sense for desktop and even more notebook-computers.
Yes, that's true. Only unmounted volumes have the property that you can reasonably and effectively separate the key from the ciphertext. So, being unmounted is a necessary, but not a sufficient, condition for encryption of stored data to be useful. The sufficient condition is that the key and the data are stored separately. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-05-18 at 22:46 -0700, Crispin Cowan wrote:
So, being unmounted is a necessary, but not a sufficient, condition for encryption of stored data to be useful. The sufficient condition is that the key and the data are stored separately.
How is that done? AFAIK, encripted partitions as created by Yast do not separate the key. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGTtEbtTMYHG2NR9URAlOPAJ9DFHAiEakJlcw2++U4a1ewzGq8egCdGYVV a1pN3KTV/l9hcFEDm5VwwCU= =CinN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Fri, May 18, 2007 at 12:43:29AM -0700, Crispin Cowan wrote:
Ralf Ronneburger wrote:
Martin Konold wrote:
As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system.
That is not true for encrypted disks as long as I don't enter the key (and the one who gained root-access has a keylogger installed). The data should be safe at least until then. Otherwise encryption would be senseless - you can get root on every machine with a boot-CD in minutes.
Encryption *is* senseless for anything but a mobile device like a laptop or a PDA.
I don't agree with this general statement. The basic paradoxon here is that data should be secure AND usable. Encryption is of course no solution to this but it is still useful. Data that is being accessed can't be secured by encryption, because encryption does not provide a rights management. But encryption can secure data that is not (currently) accessed. For example, encrypted filesystems are almost always useful to prevent data leakage from abandoned hardware (think of all the harddisks sold on ebay). Also any file encrypted by a user improves the security by reducing the time the data is accessible and subject to attacks. No doubt, there are many pitfalls that render the usage of encryption useless, eg. storing a key unprotected or on the same system, choose trivial passwords, etc. But in the end it is more simple to control access to a key than access to gigabytes of data. Michel -- Der tägliche Wahnsinn - http://www.virtualfreedom.de/dtw/ "Rasse" war der Irrglaube des 20. Jahrhunderts, "Sicherheit" ist der des 21.
Hi Michael, Michel Messerschmidt wrote:
For example, encrypted filesystems are almost always useful to prevent data leakage from abandoned hardware (think of all the harddisks sold on ebay). Also any file encrypted by a user improves the security by reducing the time the data is accessible and subject to attacks.
For harddisk encryption on servers this is senseless. The disk is always online (therefore not protected) and before you sell it on ebay you can always use some tool to overwrite it with random data. For broken disks you'll find a strong magnet or even better a company that shreds them. To use encryption for this purpose is a waste of time and resources. Greetings, Ralf --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi Ralf, On Fri, May 18, 2007 at 06:00:30PM +0200, Ralf Ronneburger wrote:
Michel Messerschmidt wrote:
For example, encrypted filesystems are almost always useful to prevent data leakage from abandoned hardware (think of all the harddisks sold on ebay). Also any file encrypted by a user improves the security by reducing the time the data is accessible and subject to attacks.
For harddisk encryption on servers this is senseless. The disk is always online (therefore not protected) and before you sell it on ebay you can always use some tool to overwrite it with random data. For broken disks you'll find a strong magnet or even better a company that shreds them. To use encryption for this purpose is a waste of time and resources.
While shredding and magnets can destroy your data they also render the harddisks unusable. But companies often try to avoid this because of the extra profit. In my experience it can be difficult to establish such processes reliably. Even if you can convince your company to destroy old disks, you still need to trust the disposal company (and its employees), since there are typically no resources to do this inhouse. And have you ever tried to wipe old disks of a server with eg. the DoD or Gutmann algorithm? You'll need more time and resources for this than lost by encryption throughout the lifetime. Additionally there are still concerns that wipe processes may not be sufficient (for example because of integrated write caches). Regards, Michel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-05-18 at 18:00 +0200, Ralf Ronneburger wrote:
For harddisk encryption on servers this is senseless. The disk is always online (therefore not protected) and before you sell it on ebay you can always use some tool to overwrite it with random data. For broken disks you'll find a strong magnet or even better a company that shreds them. To use encryption for this purpose is a waste of time and resources.
You forget that machines can be stolen, for hardware sale, not caring about the data they may contain. But the buyer may find that interesting data... thus encryption denies them access. I have had spare servers stolen from secured premises (ie, with guards). We noticed when we went to plug them in. Then I do data backups to DVD and I'm not interested in a third party stealing or just looking at them. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGTlDUtTMYHG2NR9URArSQAJ47KInxvOw9RuLhiCZJklzwqPWNwwCfUQXm PcdB6pUTUQhE4t2NVsQthKg= =mcu+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
"RR" == Ralf Ronneburger writes:
RR> Michel Messerschmidt wrote: >> For example, encrypted filesystems are almost always useful to prevent >> data leakage from abandoned hardware (think of all the harddisks sold >> on ebay). >> Also any file encrypted by a user improves the security by reducing the >> time the data is accessible and subject to attacks. >> RR> For harddisk encryption on servers this is senseless. Well, IMHO that view sounds a little over-simplifying to me. Pls imagine this scenario: Somebodys steals your disks for searching them. E.g. the taxman ;-) Of course, as soon as the partitions in question are luksClose'd or simply unplugged or whatever, my disk are apparently just unreadable to the thief. But if the thief listens *here* and he knows, I am using luks, and if he proceeds a little more clever therefore, and he finds a way to look at my luksOpen'ed partitions, apparently with luks he is able to read out my plain keys from the luks partition. I regard this a sort of backdoor (rather a giant gate than a tiny little backdoor) not a traditional one, but still a way to conquer my data. The way I currently mount my encrypted external disk through a loop device on a twofish256/sha512'ed partition (i.e. on a non-luksified system), I have been sure so far, that my key is not stored in a way similar to how luks does it. RR> The disk is always online RR> (therefore not protected) Well, ..., alright, as long as the disk is online, there may be a way to gain access to it even to dis-allowed users. But this illegal access should not easily enable the thief, to read out keys for later usage "at home", the taxman's computer lab, or wherever. RR> and before you sell it on ebay Well, in the scenario described above I got robbed "asynchronously" (that is the nature of robbing), so I did not have the opportunity of doing so: RR> you can always use some tool RR> to overwrite it with random data. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (6)
-
Carlos E. R. -
Crispin Cowan -
Jochen+opensuse-security@Hayek.name -
Martin Konold -
Michel Messerschmidt -
Ralf Ronneburger