Vulnerability with compromised geli credentials?
Robert Woolley
robert.woolley at rwoolley.com
Sun May 18 12:30:18 UTC 2008
On Sat, 17 May 2008 17:41:13 -0700 (PDT)
"Abiron Arroyo" <abi at e-arroyo.net> wrote:
>
> I'm not really a developer, but was considering if there is a key
> vulnerability in geli given that when you change a key there isn't a
> disk update.
>
> Consider the scenario where a new file system is created and populated
> with some files. At a later time the original key is changed because
> someone has gained access to the key and passphrase. A new key is
> generated and attached, but none of the files are modified.
>
The data is encrypted with a random master-key that's generated during
the init stage. That key is itself encrypted with a user-key generated
from the passphrase and keyfile, and the encrypted masterkey is stored
on the disk. The master-key itself is never changed; if the new files
were encrypted with a different key you wouldn't be able to read the
old ones.
More information about the freebsd-security
mailing list