[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of cloned disks (with changed passphrases)

Hi Everyone,

I have a dm-crypt compiled kernel image.I have also compiled Cryptsetup.Through what commands can I link both??
As I am quite new in this field,i have no idea at all.
Please help.

From: dm-crypt-bounces@xxxxxxxx [dm-crypt-bounces@xxxxxxxx] On Behalf Of Matthew Mosesohn [mmosesoh@xxxxxxxxxx]
Sent: Thursday, December 16, 2010 11:57 PM
To: dm-crypt@xxxxxxxx
Subject:  Security of cloned disks (with changed passphrases)

I am wondering if I perform this setup (cryptsetup version 1.1.2), how much risk do I expose my systems to?

Step 1: Create a base install that is encrypted with a fixed passphrase
Step 2: Create a disk image of this installed system
Step 3: Deploy image on N number of other systems
Step 4: Change the passphrase on all deployed systems

What happens if the passphrase becomes compromised on one of these systems?  Can that person gain the original LUKS AES key to the disk and therefore obtain a way to break into all of the other systems?

If yes, is there anything to do on each cloned system to improve security?

Best Regards,
Matthew Mosesohn

SASKEN BUSINESS DISCLAIMER: This message may contain confidential, proprietary or legally privileged information. In case you are not the original intended Recipient of the message, you must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message and you are requested to delete it and inform the sender. Any views expressed in this message are those of the individual sender unless otherwise stated. Nothing contained in this message shall be construed as an offer or acceptance of any offer by Sasken Communication Technologies Limited ("Sasken") unless sent with that express intent and with due authority of Sasken. Sasken has taken enough precautions to prevent the spread of viruses. However the company accepts no liability for any damage caused by any virus transmitted by this email.
Read Disclaimer at http://www.sasken.com/extras/mail_disclaimer.html
dm-crypt mailing list

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux