I looked at https://crypto.stackexchange.com/a/24024 and it seems to me cryptsetup(8) luksRemoveKey
is weak.
The situation:
- I create new LUKS volume, copy stuff into it.
- I add a new pass phrase, and give (a copy of) the encrypted volume and the new pass phrase to an employee.
- Eventually the employee leaves, the pass phrase they knew is removed from the encrypted volume.
- Later, new files are added to the encrypted volume.
- Later still, the employee who left gets their hands on a recent copy of the encrypted volume (containing files created after they left). They don't know any valid pass phrase for the encrypted volume.
Could the employee have used their knowledge of a valid pass phrase to extract the MasterSecretKey from the old copy (before they left the company), and later use that same MasterSecretKey to decrypt the new copy? Is the MasterSecretKey ever changed?
Should I create new encrypted volume and copy the data instead of using cryptsetup(8) luksRemoveKey
?