[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki

On 2020-12-22 09:11, rhkramer@gmail.com wrote:

See the quoted paragraph, below, quoted from the
[[https://wiki.debian.org/LVM#Encrypted_LVM][LVM#Encrypted_LVM]] wiki.

It seems to me that the idea of creating and saving backup passwords is
something of a red herring (to borrow a "Briticism").

The way I see it:

    * if, in the future: "somehow you<sic> first password is no longer working"
-- I'm guessing that whatever that "somehow" is, it is likely to affect all the
passwords (all of which are stored in the LUKS header)

    * or if: "you simply forget your password" -- it seems unlikely that you'll
forget the "normal" password (the one you most often use) but remember a
backup password (although maybe you'd use something really easy to remember
(for you), and hope that because you don't normally use it, it is less exposed
and less likely to be captured somehow)

    * or if: "something unexpected happens such as a bug after a kernel update
and somehow the password is no longer working" -- it seems likely to me that
if a kernel bug makes one password no longer work, it would be likely that
none of the passwords not to work (although I think I can think of exceptions,
e.g., your password contains a special symbol, but a kernel bug (or bug
somewhere) prevents entry of that special symbol

My point is this: I think creating and saving backup passwords is of minimal
value.  Far more important (but not mentioned) is making and keeping backup
copies of your encrypted data (possibly not encrypted but stored in a bank
vault ;-), yet that is not mentioned.

I am capable (or think I'm capable ;-) of revising the wiki to add a statement
to the effect that, more important than storing backup passwords is storing
backups of the actual data.  I just wanted to provoke some discussion before
making such a revision.  (I might even downplay the emphasis on creating and
storing backup passwords.)

<quote>
Note: The password(s) of a encrypted LVM volume are stored inside its Linux
Unified Key Setup (LUKS) header(s). Creating backup passwords is important
because if in the future somehow you first password is no longer working, or
you simply forget your password, or you do remember your password but
something unexpected happens such as a bug after a kernel update and somehow
the password is no longer working, then without backup password(s) you risk to
permanently lose all your valuable data stored into that encrypted LVM
storage.
</quote>


Thank you for offering to improve Debian documentation.  :-)
I agree that the content of "LVM" Debian Wiki page "Encrypted LVM" section could use some improvement.
AIUI backing up aLinux Unified Key Setup (LUKS) header will save a copy of the metadata for a LUKS volume, which includes secure hashes of the passphrases (and/or keys) used to access the contents (such as a Linux Volume Manager (LVM) volume). So, while "Backup passwords" -> "Step" -> 2.1 and "Restore password" -> 1.1 may describe useful system administration procedures, these subsections have conceptual and technical issues.
The subjects of multiple passphrases and/or keys for encrypted items (volumes, filesystems, directories, files, etc.) and disaster preparedness/ recovery of encrypted volumes and/or containers are related, but different. Regarding the first subject and LUKS, I would expect the first to appear on a wiki page for "LUKS" (which does not appear to exist). The latter subject for LUKS could be a useful addition to the "BackupAndRecovery" wiki page: 

    https://wiki.debian.org/BackupAndRecovery


David
Reply to: