From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sven@eschenberg.eu>
Received: from postol.eschenberg.eu (postol.eschenberg.eu [193.24.209.248])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 25 Apr 2017 18:16:18 +0200 (CEST)
Received: from p4fe85158.dip0.t-ipconnect.de ([79.232.81.88]
 helo=[192.168.0.102]) (Authed sender Sven 'DarKRaveR' Eschenberg)
 by postol.eschenberg.eu via ESMTPSA (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
 (Exim) (envelope-from <sven@eschenberg.eu>) id 1d33AH-0007z3-1Q
 for dm-crypt@saout.de; Tue, 25 Apr 2017 18:18:09 +0200
References: <a6e54426-5188-d4c7-ee7b-6f022b84bf22@depressiverobots.com>
 <f11f16b9-bbcd-4484-bc4b-403d25dc00b5@depressiverobots.com>
 <20170422002548.GA23882@tansi.org> <odfm32$fpm$1@blaine.gmane.org>
 <20170422134557.GB1425@tansi.org>
 <56144922-1d2e-b97c-3a5b-d7a952c84950@depressiverobots.com>
 <6bbee653-87c7-7145-82fe-785ab6fafece@depressiverobots.com>
 <CAF9Mo3+RqXS3ux_3C_K8T=Jur4eNinuWJ-qMqZsmVimzMqs1Dg@mail.gmail.com>
 <569e04ca-10ae-28fc-9db2-5bf0cb9daea5@depressiverobots.com>
 <CAF9Mo3LUGF6zRsdSCP9DoFReGqfuuh+xxN77no65ORy3ze_KDg@mail.gmail.com>
 <f93e698a-3d91-ae2c-fb58-de10630f55f4@depressiverobots.com>
 <odni46$efq$1@blaine.gmane.org>
 <CAF9Mo3+G8S8E_Vz8+3yGTiBgGUm+UHMDzAV-VVSQSs22ugUF_A@mail.gmail.com>
From: Sven Eschenberg <sven@eschenberg.eu>
Message-ID: <8434a425-d7dc-b3d6-9a7e-a93fa9d5037f@eschenberg.eu>
Date: Tue, 25 Apr 2017 18:16:17 +0200
MIME-Version: 1.0
In-Reply-To: <CAF9Mo3+G8S8E_Vz8+3yGTiBgGUm+UHMDzAV-VVSQSs22ugUF_A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [dm-crypt] LUKS header recovery attempt,
 bruteforce detection of AF-keyslot bit errors
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de



Am 25.04.2017 um 15:44 schrieb Dominic Raferd:
>
>
> On 25 April 2017 at 14:14, Robert Nichols <rnicholsNOSPAM@comcast.net
> <mailto:rnicholsNOSPAM@comcast.net>> wrote:
>
>     On 04/24/2017 06:49 PM, protagonist wrote:
>
>         However, I assume it is likely that a determined attacker running as
>         root might be able to extract the master key from RAM if the
>         encrypted
>         volume in question is still open at the time of attack, so
>         technically,
>         there would be a way to do this without the password.
>
>
>     It's trivial. Just run "dmsetup table --showkeys" on the device.
>
>
> Wowzer. 'cryptsetup luksDump <device> --dump-master-key' can also
> provide this info but it requires a passphrase, which 'dmsetup table
> --showkeys' does not. So must we assume that anyone who has ever had
> root access while the encrypted device is mounted can thereafter ​break
> through the encryption regardless of passphrases? At least until
> cryptsetup-reencrypt is run on the device, which is a big step.
>

Furthermore, everyone who had access to /dev/mem and was able to locate 
the keys knows, them. On second thought, this holds certainly true for 
the 'new central kernel key storage' (Forgot the name), depending on the 
allover kernel configuration and userspace, that is.

At the end of the day dm-crypt (etc.) needs to store the key somewhere, 
where it can be accessed at all times when an IO-Request comes in. There 
is not that many options for that ;-).