0

I have a server with a .img file this is encrypted with luks(aes-256,plain64,xts,sha512) Is it safe to mount this image over cifs(samba), or does doing so risk exposing the volume password or master key?

Mark
  • 34,646
  • 9
  • 87
  • 137
Tim Jonas
  • 827
  • 1
  • 7
  • 19
  • 1
    Safe how? Are you worried about data corruption? About an attacker observing data off the wire? About an attacker modifying data in transit? About an attacker viewing the filesystem directly? Something else? – Mark May 25 '15 at 10:09
  • I am wondering if mounting the image over cifs exposes the master key or password used to decrypt the image – Tim Jonas May 25 '15 at 10:14
  • If you are mounting it read-only, yes. Because of the loss of write ordering guarantees across most network filesystems, I'd say there's a huge risk of eventually hosing it by mounting it read-write. – Atsby May 25 '15 at 20:19
  • @Atsby wouldn't it only be possible to corrupt the data? The image is protected with around 20 character password while that cifs share is only protected with a 8 character password to keep the skids out. Can you define the risks with read-write permissions? – Tim Jonas May 26 '15 at 09:37

1 Answers1

0

Serving a LUKS volume over CIFS (or any other network filesystem, for that matter) will not leak any security information. The Linux storage system works in layers, with each layer only knowing what it needs for its job.

In your situation, the LUKS layer knows the volume master key, and uses it to make the volume's contents available as a block device. The appropriate filesystem driver makes the files on the block device available as part of your system's directory hierarchy, without needing to know anything about encryption. Finally, the CIFS server makes part of your directory hierarchy available over the network, without needing to know anything about on-disk filesystems or encryption.

Mark
  • 34,646
  • 9
  • 87
  • 137
  • In simple words, Does that mean it is safe, if the disk is removed from original OS and the data is readable under new OS, or by any other mean to bypassing security control? – Majoris Mar 18 '16 at 21:16
  • What do you mean by "bypassing security control"? – Mark Mar 18 '16 at 21:18
  • The original host OS would only have access to the encryption on the block header. Isnt that correct? I do not know the specifics how the key is protected, I guess using a passcode. will it be possible to read the disk under new OS who simply read the block header, read the key and read the data? Correct me if I am wrong. – Majoris Mar 20 '16 at 01:37
  • The volume master key is encrypted with a passphrase. Without a user entering an appropriate passphrase, nothing can read the volume master key or the data on the encrypted disk. – Mark Mar 20 '16 at 02:41