package: debian-installer
severity: wishlist

It is possible to encrypt loop-aes and dm-crypt tmp (like /tmp or
/var/tmp) partitions with a random key at boot time, but the Debian
installer will not configure this. The installer will only configure
swap partitions like that.

Creating a random key at each boot is more secure than using the same
one, since then data will be securely deleted when the key is deleted,
which normally happens at shutdown. (For exceptions, read about cold
boot attacks.) Random keys also spare the user the trouble of having
to type a password at each boot and worrying about the security of the
key and the password.

A possible workaround is to configure the would-be tmp partitions as
swap partitions during the installation process, and manually
configure them to be tmp partitions after the first boot of the new
Debian system.


An fstab entry for a loop-aes encrypted swap partition, with a new
random key at each boot, looks like this.
/dev/sda6       none            swap
sw,loop=/dev/loop0,encryption=serpent256 0       0

An fstab entry for a loop-aes encrypted tmp partition, with a new
random key at each boot, looks like this.
/dev/sda7       /tmp            ext2
defaults,loop=/dev/loop1,encryption=serpent256,phash=random/1777 0
  0

More detailed documentation about loop-aes can be found in the losetup
manual page.


Similar functionality is available for dm-crypt.

A crypttab entry for a dm-crypt encrypted swap partition, with a new
random key at each boot, looks like this.
sda7_crypt /dev/sda6 /dev/random cipher=serpent-cbc-essiv:sha256,size=256,swap

Here is the fstab entry.
/dev/mapper/sda6_crypt none     swap    sw        0       0

A crypttab entry for a dm-crypt encrypted tmp partition, with a new
random key at each boot, looks like this.
sda7_crypt /dev/sda7 /dev/random
cipher=serpent-cbc-essiv:sha256,size=256,tmp=ext2

Here is the fstab entry.
/dev/mapper/sda7_crypt /tmp     ext2    defaults        0       0

More detailed information about dm-crypt can be found in the manual
pages cryptsetup and crypttab.


Personally, I prefer to use loop-aes for this application for the
following reasons:
* It has a multi-key mode in which it uses 64 keys plus an additional
65th key, which makes it more secure.
* It seems to be faster during boot time. Dm-crypt seems to take a
long time creating the ext2 partitions.
* dm-crypt might be more supported by Linux, but it is just a tmp
partition, so if a kernel upgrade breaks loop-aes, there will be no
data loss.



-- 
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to