Re: dm-crypt crypt_status reports key?

[Pavel Machek]

Hi!

> > # dmsetup table /dev/mapper/volume1
> > 0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0
>  
> > Obviously, root can in principle recover this password from the
> > running kernel but it seems silly to make it so easy.
>  
> There seemed little point obfuscating it - someone will only
> write a trivial utility that recovers it.
> 
> The current approach has the advantage of making it
> obvious to you that if you have root access, you have
> access to the password while the encrypted data volumes
> are mounted.
> 
> Consider instead *why* you're worried about the password being
> held in RAM and look for better solutions to *your*
> perceived threats.

Actually, this *is* bad. I bet someone is going to post their secret
key to lkml when debugging...

Or I can see conversation like this:

admin: "My devices work too slowly, is there something wrong with
device mapper?"

Pavel walks to his console, says: "Okay, show me your
/dev/mapper/volume1"

admin does that.

For this to be usefull Pavel'd have to remember the key before admin
realizes what he has done, but..... Or imagine pavel shoulder-surfing
admin trying to debug device mapper.

								Pavel 
-- 
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/