LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-15-2010, 01:51 PM   #1
lumak
Member
 
Registered: Aug 2008
Location: Phoenix
Distribution: Arch
Posts: 799
Blog Entries: 32

Rep: Reputation: 109Reputation: 109
A pondering about Encrypting the Keycard for a LUKS/LVM partition.


So I was wondering about the dilemma of how to encrypt the password file on a key card to unlock your harddrive without having to enter any password. I came to the conclusion that that the scripts could do this without storing any passwords in plane text them self.

Have a few extra steps to the scripts that would:
1. Read the UUID of any disks coming in.
2. Attempt to use that ID to decrypt a password file stored in the initrd.
3. Use the decrypted password file to unlock the the keycard partition.
4. THEN use the password files on the keycard to decrypt the main partition and boot the system.

However, if somebody stole your key card and didn't know what the unencrypted information was, then it's harmless for them to have it anyway. And if they did know, you wouldn't be any better off with it being encrypted because they probably can gain access to your computer anyway; leaving them to just pop the key card in and automatically decrypt the drive.

I suppose encrypting the keycard would give you extra assurance that the information would be much harder to recover if you destroyed the key card in a hurry.

So would this extra security step even be worth it?

I guess the most secure thing would be to only have a password and type it in every time... unless you are concerned about the aliens/government stealing that from your brain which would probably mean they wouldn't need your password anyway.

Last edited by lumak; 08-15-2010 at 01:53 PM.
 
Old 08-15-2010, 02:09 PM   #2
GazL
Senior Member
 
Registered: May 2008
Posts: 3,447

Rep: Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975
http://xkcd.com/538/

 
Old 08-15-2010, 02:13 PM   #3
lumak
Member
 
Registered: Aug 2008
Location: Phoenix
Distribution: Arch
Posts: 799
Blog Entries: 32

Original Poster
Rep: Reputation: 109Reputation: 109
hehe I saw that one before... Which is why you go with no passwords that you actually know and always use a key file... Assuming you have time to destroy the keycard...
 
Old 08-15-2010, 02:15 PM   #4
GazL
Senior Member
 
Registered: May 2008
Posts: 3,447

Rep: Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975Reputation: 975
Using a keyfile is a bit like the key to your front door. If you lose it, and someone finds it, aslong as they don't know/or can't guess what it's for you have little to worry about.

Going back to your idea: I don't think encrypting the keyfile buys you a great deal, especially if the decryption is going to be automated in some way.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] LUKS and LVM on two separate drives jjthomas Slackware - Installation 3 07-01-2010 10:39 AM
Luks/Lvm after dd duplication brodo Slackware 10 03-12-2009 03:56 PM
New kernel and existing Luks/Lvm ? brodo Slackware 3 09-14-2008 09:44 AM
Slackware 12.1, LUKS, LVM on external HD. How? randomsel Slackware - Installation 7 06-26-2008 06:35 PM
luks cryptsetup and lvm question ruzzed Linux - Software 3 09-16-2007 07:21 PM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration