Security concerns

Question

Security concerns

Closed this issue 2 years ago · 1 comments

Mrc527 commented 2 years ago

Hello Jonathan,

first of all, I want to thank you for the great script. I'm successfully using it and I love it.

I'm concerned about the security. In particular, I have two questions.

Is it possible to recover the original passphrase used to encrypt the drive from the key stored in /boot/keyless-entry?
With the key stored in /boot/keyless-entry, which is accessible on an unencrypted partition, everyone could decrypt my drive, right?

I'm thinking about the following:

A stranger is accessing my machine.
Detaches the drive and plugs it on its own machine / Boots up the laptop with a USB stick.
With access to /boot/keyless-entry he can decrypt and access my data

Can you reassure me on those two points, that only a legit boot (possibly from the legit machine) can actually decrypt the data?

Cheers,
Mrco

Answer 1 · 2023-05-26T13:06:21.000Z

If you have keyless entry enabled, then anyone with physical access to the computer or its drives will be able to boot it or steal the drives and decrypt them on another system. That's kind of the whole point, no? If you disable the passphrase requirement for decription, then... you've disabled the passphrase requirement for decryption.

If you have keyless entry configured whether or not it is enabled, then anyone who is able to obtain root privileges on the computer while it is running will be able to reconfigure it and/or steal what they need from it to be able to decrypt the drives later.

It would be straightforward to modify the script to add a paranoid mode requiring one of the drive's existing passphrases to be entered every time keyless entry is enabled, not just when it is configured. In this theoretical paranoid mode, the second paragraph above would not be true. I don't have time right now to make that change and it in any case I'm not particularly inclined to do so since it would not be useful to me, but 🤷 if someone else wants to submit a PR I'll review and merge it.

The whole point of this script is to slightly decrease the security of encrypted hard drives for the sake of increased convenience. If the threats described above are not acceptable to you then you shouldn't be using the script.