0

I looked at https://crypto.stackexchange.com/a/24024 and it seems to me cryptsetup(8) luksRemoveKey is weak.

The situation:

  1. I create new LUKS volume, copy stuff into it.
  2. I add a new pass phrase, and give (a copy of) the encrypted volume and the new pass phrase to an employee.
  3. Eventually the employee leaves, the pass phrase they knew is removed from the encrypted volume.
  4. Later, new files are added to the encrypted volume.
  5. Later still, the employee who left gets their hands on a recent copy of the encrypted volume (containing files created after they left). They don't know any valid pass phrase for the encrypted volume.

Could the employee have used their knowledge of a valid pass phrase to extract the MasterSecretKey from the old copy (before they left the company), and later use that same MasterSecretKey to decrypt the new copy? Is the MasterSecretKey ever changed?

Should I create new encrypted volume and copy the data instead of using cryptsetup(8) luksRemoveKey?

Z.T.
  • 7,768
  • 1
  • 20
  • 35

1 Answers1

1

You are correct, although I wouldn't call luksRemoveKey "weak", it accomplishes what it is meant to. There are plenty of situations where it's easier and quicker to only change the KEK (key encryption key) so long as the DEK (data encryption key) was never leaked and all old copies of the LUKS header can be wiped to prevent use of the old KEK.

If you need to prevent someone who had the ability to access the DEK from later decrypting the volume, you will need to either recreate the volume as you suggest, or use cryptsetup-reencrypt to change the DEK in-place (be aware the manpage warns it's not resistant to hardware/kernel failure).

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50