Re: iSCSI + LUKS over insecure network

A combination of dd / wireshark / tcpdump should revile the answers you need!

2011/6/9 Γιώργος Πάλλας <gpall@ccf.auth.gr>

A tough one (for me)!

I use iSCSI (with CHAP authentication) to get a remote device over an
insecure network, then I unlock the LUKS volume and finally I mount the
ext4 FS.
How (in)secure is that?

Data I miss:
1. CHAP encrypts the iSCSI authentication password, but the actual iSCSI
data go over the link unencrypted obviously, yes?
2. When I unlock the LUKS volume using a key file, this key file is
transmitted over the link, or not?
3. The actual ext4 data go over the link encrypted or not?

My pretty educated guesses are:
2. it does not get transmitted,
3. the data data is transmitted encrypted
1. yes, but we don't care because of 2. and 3.

any idea how things really are?

thanks!
G. Pallas

Reply to:

Follow-Ups:

Re: iSCSI + LUKS over insecure network
- From: shawn wilson <ag4ve.us@gmail.com>

References:

iSCSI + LUKS over insecure network
- From: Γιώργος Πάλλας <gpall@ccf.auth.gr>