Feature #7541

About LUKS partition security

Added by acraky 2014-07-10 05:40:58 . Updated 2014-07-10 07:56:38 .

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2014-07-10
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

Please creat a LUKS format disk, insert another U-disk(etc.) to your computer. In 1.1~beta1: AccessoriesDisk Utility>click your U-disk on the leftFormat drive,Format,Format>Creat Partitionchoose FAT>Encrypt underlying deviceCreat>input password->Creat. Now a LUKS format partition is created.

This partition can be open in Windows by FreeOTFE: FileLinux volume>Mount partitionDon’t click Entire disk, just click the partition on the picture, Ok>input your password, now you can decrypt the LUKS volume created in Tails.

I backup the CBD of LUKS patitions created by tails-i386-1.0.1 and tails-i386-1.1~beta1, this operation don’t need password. Both CBD indicate the security information of the partition in plain text without encryption.

“LUKS aes cbc-essiv:sha256 sha1… following encrypted user password and encrypted master key(never change)”

It’s obviously a big security hole, so TrueCrypt encrypt its CBD to remove any tag, and FreeOTFE not only encrypt its CBD but also hide CBD by setting OFFSET value which user had setup when creating the partition.

Cryptsetup don’t hide its basic security information. If you choose cryptsetup, I hope you could provide more options when creating a secure partition or volume, algorithm AES-CBC-ESSIV is not secure enough, AES-XTS would be better. Cryptsetup has options like: —hash, —cipher, —verify-passphrase, —key-file, —key-size, —offset, —skip, —readonly.
Hidden partition created by offset and without any tag is the trend of security. To gain maximum security, a FreeOTFE like software is preferd.

The following is the CBD of the partitions created by Tails.

cryptsetup Style Dump of encrypted partition created in tails-i386-1.1~beta1
——————————-
LUKS header information for \Device\Harddisk3\Partition1

Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: bf 54 8e 3e cb a2 6d 73 80 58 6c fb 6a 5b 82 5a 8e 8d db bc
MK salt: 74 1c a2 a6 14 da d9 e1 36 93 30 24 83 ec dc 68
b7 f5 79 01 90 31 73 15 d8 c3 47 c6 81 11 1b 81
MK iterations: 25500
UUID: 6e494f9d-dbeb-4ba1-baf0-ef6e158793e4

Key Slot 0: ENABLED
Iterations: 102056
Salt: 75 71 8f c1 27 99 86 7e 14 9b 3f d7 95 ec ca be
7a ee 17 0a f3 7a 44 23 4b 29 0c 34 39 fc 6b c3
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Master Key
—————
User supplied password : test
Password unlocks key slot: 0
Recovered master key :
00000000 | 67 BE FE 89 43 98 37 DF | g…C.7.
00000008 | 3A E8 91 DF 1E 7C AB 89 | :….|..
00000010 | 0F 2A 9F CC 59 3C 30 98 | .*..Y<0.
00000018 | 57 37 5E 02 84 E3 0A E2 | W7^…..

cryptsetup Style Dump of encrypted partition created in tails-i386-1.0.1
——————————-
LUKS header information for \Device\Harddisk3\Partition1

Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 2056
MK bits: 256
MK digest: 1d 5f 54 cd ce 46 59 8e 1c 56 3b 1e 6b cd f6 42 2e df e4 db
MK salt: b8 b8 d9 06 57 d9 7d 92 fc 82 e0 b7 d6 25 81 46
fa ce 4b 70 62 d8 0f 3d 3a 3e 4b ec f8 6e fc 27
MK iterations: 20500
UUID: 99a86cfc-401d-451f-98a5-922140b4ebb9

Key Slot 0: ENABLED
Iterations: 82414
Salt: 39 ed c7 4e 86 65 e5 a7 cd 18 e6 01 37 4a 6e c8
fb 4c 62 94 fb c3 e9 f3 32 13 2c 3a e1 de 3d 70
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Master Key
—————
User supplied password : test2
Password unlocks key slot: 0
Recovered master key :
00000000 | D8 BF 1B 82 75 DD D4 BF | ….u…
00000008 | 01 78 78 E5 12 DB 87 91 | .xx…..
00000010 | 64 4A 25 34 B1 4E FE 9B | dJ%4.N..
00000018 | 22 B5 08 9A A1 D1 33 12 | "…..3.


Subtasks


Related issues

Is duplicate of Tails - Feature #5929: Consider creating a persistence by default for plausible deniability Confirmed 2016-08-20

History

#1 Updated by acraky 2014-07-10 05:46:28

Sorry, the CBD above should be CDB: Critical data block !

#2 Updated by intrigeri 2014-07-10 06:45:09

  • Status changed from New to Duplicate

Our plan for plausible deniability is Feature #5929.

#3 Updated by intrigeri 2014-07-10 06:45:29

  • is duplicate of Feature #5929: Consider creating a persistence by default for plausible deniability added

#4 Updated by sajolida 2014-07-10 07:56:38

Feature Feature #7541: Hide LUKS header information

> “LUKS aes cbc-essiv:sha256 sha1… following encrypted user password and encrypted master key(never change)”
>
> It’s obviously a big security hole

Why is that a security hole? An attacker having access to the LUKS
header still needs the passphrase to open it.

Which is the problem that you are trying to solve?

By the way, this behavior is the default one in LUKS, so unless we find
a very good reason to do things differently in Tails, we will stick to
the default.

And please, try to make the title of your ticket and their content
shorter and more explicit.