From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael@kjorling.se>
Received: from pio-pvt-msa1.bahnhof.se (pio-pvt-msa1.bahnhof.se [79.136.2.40])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 13 Nov 2019 19:07:35 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTP id 883B84102D
 for <dm-crypt@saout.de>; Wed, 13 Nov 2019 19:07:34 +0100 (CET)
Received: from pio-pvt-msa1.bahnhof.se ([127.0.0.1])
 by localhost (pio-pvt-msa1.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aELgjbMpPCnW for <dm-crypt@saout.de>;
 Wed, 13 Nov 2019 19:07:33 +0100 (CET)
Received: from localhost (unknown [155.4.14.35])
 (Authenticated sender: mc995404)
 by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTPA id 24EE64102C
 for <dm-crypt@saout.de>; Wed, 13 Nov 2019 19:07:33 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by localhost (Postfix) with ESMTPS id A5CC82E02C4
 for <dm-crypt@saout.de>; Wed, 13 Nov 2019 19:07:32 +0100 (CET)
Date: Wed, 13 Nov 2019 18:07:31 +0000
From: Michael =?utf-8?B?S2rDtnJsaW5n?= <michael@kjorling.se>
Message-ID: <bzq3zjbmwbcxtmv4zg9sw47w@localhost>
References: <3e97eab84e794c604a03f49ce7c66a31ca266ade@webmail>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <3e97eab84e794c604a03f49ce7c66a31ca266ade@webmail>
Subject: Re: [dm-crypt] Two questions
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 13 Nov 2019 15:15 +0000, from mgreger@cinci.rr.com:
> 	2) Are there security implications of using a single detached header
> with multiple encrypted volumes? 

Yes; it implies that the two volumes are encrypted using the same
master key (as well as being accessible using the same set of
passphrases), _and_ it makes it obvious that this is the case.

Whether that's a problem _in practice_ is another matter. It's
possible that in your scenario that's unproblematic, but it would be
nearly impossible to tell from just a single-sentence question.

For the general case, I would definitely very strongly suggest to have
different headers, with different master keys, even if the passphrases
are the same.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
 “Remember when, on the Internet, nobody cared that you were a dog?”